pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minimal config for cloudzero dev environment.

Browse Source 
This includes config for the VMSS assigned identity to authenticate for
FlexVol purposes. Right now, some dummy keys are referenced in the
config that we'll swap for the real ones later.

This also includes config for specifying the subnet the load balancers
should be in.
This commit is contained in:
dandds 2020-01-06 12:20:49 -05:00
parent d89948a59a
commit d121a12429
2 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
deploy/overlays/cloudzero-dev/flex_vol.yml
View File

@ -9,13 +9,23 @@ spec:
- name: nginx-secret - name: nginx-secret
flexVolume: flexVolume:
options: options:
keyvaultname: "atat-vault-test" keyvaultname: "cloudzero-dev-keyvault"
keyvaultobjectnames: "dhparam4096;cert;cert" # keyvaultobjectnames: "dhparam4096;cert;cert"
keyvaultobjectnames: "foo"
keyvaultobjectaliases: "FOO"
keyvaultobjecttypes: "secret"
usevmmanagedidentity: "true"
usepodidentity: "false"
- name: flask-secret - name: flask-secret
flexVolume: flexVolume:
options: options:
keyvaultname: "atat-vault-test" keyvaultname: "cloudzero-dev-keyvault"
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" # keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
keyvaultobjectnames: "master-PGPASSWORD"
keyvaultobjectaliases: "PGPASSWORD"
keyvaultobjecttypes: "secret"
usevmmanagedidentity: "true"
usepodidentity: "false"
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
@ -28,8 +38,10 @@ spec:
- name: flask-secret - name: flask-secret
flexVolume: flexVolume:
options: options:
keyvaultname: "atat-vault-test" keyvaultname: "cloudzero-dev-keyvault"
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
usevmmanagedidentity: "true"
usepodidentity: "false"
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
@ -42,8 +54,10 @@ spec:
- name: flask-secret - name: flask-secret
flexVolume: flexVolume:
options: options:
keyvaultname: "atat-vault-test" keyvaultname: "cloudzero-dev-keyvault"
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
usevmmanagedidentity: "true"
usepodidentity: "false"
--- ---
apiVersion: batch/v1beta1 apiVersion: batch/v1beta1
kind: CronJob kind: CronJob
@ -58,5 +72,7 @@ spec:
- name: flask-secret - name: flask-secret
flexVolume: flexVolume:
options: options:
keyvaultname: "atat-vault-test" keyvaultname: "cloudzero-dev-keyvault"
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY" keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
usevmmanagedidentity: "true"
usepodidentity: "false"

6
deploy/overlays/cloudzero-dev/ports.yml
View File

@ -3,6 +3,9 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: atst-main name: atst-main
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
spec: spec:
loadBalancerIP: "" loadBalancerIP: ""
ports: ports:
@ -17,6 +20,9 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: atst-auth name: atst-auth
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
spec: spec:
loadBalancerIP: "" loadBalancerIP: ""
ports: ports: