зеркало из https://github.com/Azure/ARO-RP.git
188 строки
8.1 KiB
JSON
188 строки
8.1 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"clusterParentDomainName": {
|
|
"type": "string"
|
|
},
|
|
"databaseAccountName": {
|
|
"type": "string"
|
|
},
|
|
"fpServicePrincipalId": {
|
|
"type": "string"
|
|
},
|
|
"rpServicePrincipalId": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"properties": {},
|
|
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'))]",
|
|
"type": "Microsoft.Network/dnsZones",
|
|
"location": "global",
|
|
"apiVersion": "2018-05-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"10.0.0.0/24"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"properties": {
|
|
"addressPrefix": "10.0.0.0/24",
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-nsg')]",
|
|
"tags": null
|
|
}
|
|
},
|
|
"name": "rp-subnet"
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-vnet",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"location": "[resourceGroup().location]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"10.0.4.0/22"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"properties": {
|
|
"addressPrefix": "10.0.4.0/22",
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]",
|
|
"tags": null
|
|
},
|
|
"privateEndpointNetworkPolicies": "Disabled"
|
|
},
|
|
"name": "rp-pe-subnet"
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-pe-vnet-001",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"location": "[resourceGroup().location]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"allowVirtualNetworkAccess": true,
|
|
"allowForwardedTraffic": true,
|
|
"allowGatewayTransit": false,
|
|
"useRemoteGateways": false,
|
|
"remoteVirtualNetwork": {
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
|
|
}
|
|
},
|
|
"name": "rp-vnet/peering-rp-pe-vnet-001",
|
|
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
|
|
"apiVersion": "2019-07-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
|
|
],
|
|
"location": "[resourceGroup().location]"
|
|
},
|
|
{
|
|
"properties": {
|
|
"allowVirtualNetworkAccess": true,
|
|
"allowForwardedTraffic": true,
|
|
"allowGatewayTransit": false,
|
|
"useRemoteGateways": false,
|
|
"remoteVirtualNetwork": {
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
|
|
}
|
|
},
|
|
"name": "rp-pe-vnet-001/peering-rp-vnet",
|
|
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
|
|
"apiVersion": "2019-07-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
|
|
],
|
|
"location": "[resourceGroup().location]"
|
|
},
|
|
{
|
|
"kind": "GlobalDocumentDB",
|
|
"properties": {
|
|
"consistencyPolicy": {
|
|
"defaultConsistencyLevel": "Strong"
|
|
},
|
|
"locations": [
|
|
{
|
|
"locationName": "[resourceGroup().location]"
|
|
}
|
|
],
|
|
"databaseAccountOfferType": "Standard"
|
|
},
|
|
"name": "[parameters('databaseAccountName')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts",
|
|
"location": "[resourceGroup().location]",
|
|
"tags": {
|
|
"defaultExperience": "Core (SQL)"
|
|
},
|
|
"apiVersion": "2019-08-01"
|
|
},
|
|
{
|
|
"name": "[guid(resourceGroup().id, parameters('rpServicePrincipalId'), 'RP / Reader')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceGroup().id]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview"
|
|
},
|
|
{
|
|
"name": "[guid(resourceGroup().id, 'FP / Network Contributor')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceGroup().id]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
|
|
"principalId": "[parameters('fpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview"
|
|
},
|
|
{
|
|
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), parameters('rpServicePrincipalId'), 'RP / DocumentDB Account Contributor'))]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')), 'FP / DNS Zone Contributor'))]",
|
|
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
|
|
"principalId": "[parameters('fpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]"
|
|
]
|
|
}
|
|
]
|
|
}
|