Introduce TEMPLATE_ID variable for FlexVolume

FlexVolume requires you specify the tenant id of the key vault instance, so this will need to be templated in for future enviroments

deploy/README.md

@@ -14,6 +14,7 @@ The production configuration (azure.atat.code.mil, currently) is reflected in th
 - AUTH_DOMAIN: The host domain for the authentication endpoint for the environment.
 - KV_MI_ID: the fully qualified id (path) of the managed identity for the key vault (instructions on retrieving this are down in section on [Setting up FlexVol](#configuring-the-identity)). Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/RESOURCE_GROUP_NAME/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MANAGED_IDENTITY_NAME
 - KV_MI_CLIENT_ID: The client id of the managed identity for the key vault. This is a GUID.
+- TENANT_ID: The id of the active directory tenant in which the cluster and it's associated users exist. This is a GUID.
 
 We use envsubst to substitute values for these variables. There is a wrapper script (script/k8s_config) that will output the compiled configuration, using a combination of kustomize and envsubst.
 

deploy/azure/azure.yml

@@ -149,7 +149,7 @@ spec:
               keyvaultobjectnames: "dhparam4096"
               keyvaultobjectaliases: "dhparam.pem"
               keyvaultobjecttypes: secret
-              tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
+              tenantid: $TENANT_ID
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment

script/k8s_config

@@ -13,6 +13,7 @@ SETTINGS=(
   AUTH_DOMAIN
   KV_MI_ID
   KV_MI_CLIENT_ID
+  TENANT_ID
 )
 
 # Loop all expected settings. Track ones that are missing and build