From d121a12429e076ee18fc582f720bfd8be2c732b4 Mon Sep 17 00:00:00 2001 From: dandds Date: Mon, 6 Jan 2020 12:20:49 -0500 Subject: [PATCH] Minimal config for cloudzero dev environment. This includes config for the VMSS assigned identity to authenticate for FlexVol purposes. Right now, some dummy keys are referenced in the config that we'll swap for the real ones later. This also includes config for specifying the subnet the load balancers should be in. --- deploy/overlays/cloudzero-dev/flex_vol.yml | 30 +++++++++++++++++----- deploy/overlays/cloudzero-dev/ports.yml | 6 +++++ 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/deploy/overlays/cloudzero-dev/flex_vol.yml b/deploy/overlays/cloudzero-dev/flex_vol.yml index 1da24f7a..a3c65df7 100644 --- a/deploy/overlays/cloudzero-dev/flex_vol.yml +++ b/deploy/overlays/cloudzero-dev/flex_vol.yml @@ -9,13 +9,23 @@ spec: - name: nginx-secret flexVolume: options: - keyvaultname: "atat-vault-test" - keyvaultobjectnames: "dhparam4096;cert;cert" + keyvaultname: "cloudzero-dev-keyvault" + # keyvaultobjectnames: "dhparam4096;cert;cert" + keyvaultobjectnames: "foo" + keyvaultobjectaliases: "FOO" + keyvaultobjecttypes: "secret" + usevmmanagedidentity: "true" + usepodidentity: "false" - name: flask-secret flexVolume: options: - keyvaultname: "atat-vault-test" - keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" + keyvaultname: "cloudzero-dev-keyvault" + # keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" + keyvaultobjectnames: "master-PGPASSWORD" + keyvaultobjectaliases: "PGPASSWORD" + keyvaultobjecttypes: "secret" + usevmmanagedidentity: "true" + usepodidentity: "false" --- apiVersion: extensions/v1beta1 kind: Deployment @@ -28,8 +38,10 @@ spec: - name: flask-secret flexVolume: options: - keyvaultname: "atat-vault-test" + keyvaultname: "cloudzero-dev-keyvault" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" + usevmmanagedidentity: "true" + usepodidentity: "false" --- apiVersion: extensions/v1beta1 kind: Deployment @@ -42,8 +54,10 @@ spec: - name: flask-secret flexVolume: options: - keyvaultname: "atat-vault-test" + keyvaultname: "cloudzero-dev-keyvault" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" + usevmmanagedidentity: "true" + usepodidentity: "false" --- apiVersion: batch/v1beta1 kind: CronJob @@ -58,5 +72,7 @@ spec: - name: flask-secret flexVolume: options: - keyvaultname: "atat-vault-test" + keyvaultname: "cloudzero-dev-keyvault" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" + usevmmanagedidentity: "true" + usepodidentity: "false" diff --git a/deploy/overlays/cloudzero-dev/ports.yml b/deploy/overlays/cloudzero-dev/ports.yml index 8f4ff72c..8dbbd0f1 100644 --- a/deploy/overlays/cloudzero-dev/ports.yml +++ b/deploy/overlays/cloudzero-dev/ports.yml @@ -3,6 +3,9 @@ apiVersion: v1 kind: Service metadata: name: atst-main + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public" spec: loadBalancerIP: "" ports: @@ -17,6 +20,9 @@ apiVersion: v1 kind: Service metadata: name: atst-auth + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public" spec: loadBalancerIP: "" ports: