Minimal config for cloudzero dev environment.

This includes config for the VMSS assigned identity to authenticate for FlexVol purposes. Right now, some dummy keys are referenced in the config that we'll swap for the real ones later. This also includes config for specifying the subnet the load balancers should be in.
2020-01-06 12:20:49 -05:00 · 2020-01-06 12:20:49 -05:00 · d121a12429
commit d121a12429
parent d89948a59a
2 changed files with 29 additions and 7 deletions
--- a/deploy/overlays/cloudzero-dev/flex_vol.yml
+++ b/deploy/overlays/cloudzero-dev/flex_vol.yml
@ -9,13 +9,23 @@ spec:
        - name: nginx-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "dhparam4096;cert;cert"
+              keyvaultname: "cloudzero-dev-keyvault"
+              # keyvaultobjectnames: "dhparam4096;cert;cert"
+              keyvaultobjectnames: "foo"
+              keyvaultobjectaliases: "FOO"
+              keyvaultobjecttypes: "secret"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              keyvaultname: "cloudzero-dev-keyvault"
+              # keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              keyvaultobjectnames: "master-PGPASSWORD"
+              keyvaultobjectaliases: "PGPASSWORD"
+              keyvaultobjecttypes: "secret"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
@ -28,8 +38,10 @@ spec:
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
+              keyvaultname: "cloudzero-dev-keyvault"
              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
@ -42,8 +54,10 @@ spec:
        - name: flask-secret
          flexVolume:
            options:
-              keyvaultname: "atat-vault-test"
+              keyvaultname: "cloudzero-dev-keyvault"
              keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+              usevmmanagedidentity: "true"
+              usepodidentity: "false"
 ---
 apiVersion: batch/v1beta1
 kind: CronJob
@ -58,5 +72,7 @@ spec:
            - name: flask-secret
              flexVolume:
                options:
-                  keyvaultname: "atat-vault-test"
+                  keyvaultname: "cloudzero-dev-keyvault"
                  keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
+                  usevmmanagedidentity: "true"
+                  usepodidentity: "false"
--- a/deploy/overlays/cloudzero-dev/ports.yml
+++ b/deploy/overlays/cloudzero-dev/ports.yml
@ -3,6 +3,9 @@ apiVersion: v1
 kind: Service
 metadata:
  name: atst-main
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
 spec:
  loadBalancerIP: ""
  ports:
@ -17,6 +20,9 @@ apiVersion: v1
 kind: Service
 metadata:
  name: atst-auth
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "cloudzero-dev-public"
 spec:
  loadBalancerIP: ""
  ports: