d121a12429
This includes config for the VMSS assigned identity to authenticate for FlexVol purposes. Right now, some dummy keys are referenced in the config that we'll swap for the real ones later. This also includes config for specifying the subnet the load balancers should be in.
79 lines
2.3 KiB
YAML
79 lines
2.3 KiB
YAML
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: atst
|
|
spec:
|
|
template:
|
|
spec:
|
|
volumes:
|
|
- name: nginx-secret
|
|
flexVolume:
|
|
options:
|
|
keyvaultname: "cloudzero-dev-keyvault"
|
|
# keyvaultobjectnames: "dhparam4096;cert;cert"
|
|
keyvaultobjectnames: "foo"
|
|
keyvaultobjectaliases: "FOO"
|
|
keyvaultobjecttypes: "secret"
|
|
usevmmanagedidentity: "true"
|
|
usepodidentity: "false"
|
|
- name: flask-secret
|
|
flexVolume:
|
|
options:
|
|
keyvaultname: "cloudzero-dev-keyvault"
|
|
# keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
|
|
keyvaultobjectnames: "master-PGPASSWORD"
|
|
keyvaultobjectaliases: "PGPASSWORD"
|
|
keyvaultobjecttypes: "secret"
|
|
usevmmanagedidentity: "true"
|
|
usepodidentity: "false"
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: atst-worker
|
|
spec:
|
|
template:
|
|
spec:
|
|
volumes:
|
|
- name: flask-secret
|
|
flexVolume:
|
|
options:
|
|
keyvaultname: "cloudzero-dev-keyvault"
|
|
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
|
|
usevmmanagedidentity: "true"
|
|
usepodidentity: "false"
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: atst-beat
|
|
spec:
|
|
template:
|
|
spec:
|
|
volumes:
|
|
- name: flask-secret
|
|
flexVolume:
|
|
options:
|
|
keyvaultname: "cloudzero-dev-keyvault"
|
|
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
|
|
usevmmanagedidentity: "true"
|
|
usepodidentity: "false"
|
|
---
|
|
apiVersion: batch/v1beta1
|
|
kind: CronJob
|
|
metadata:
|
|
name: crls
|
|
spec:
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
volumes:
|
|
- name: flask-secret
|
|
flexVolume:
|
|
options:
|
|
keyvaultname: "cloudzero-dev-keyvault"
|
|
keyvaultobjectnames: "AZURE-STORAGE-KEY;MAIL-PASSWORD;PGPASSWORD;REDIS-PASSWORD;SECRET-KEY"
|
|
usevmmanagedidentity: "true"
|
|
usepodidentity: "false"
|