Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
ARO-RP/deploy/rp-production.json

437 строки
19 KiB
JSON
Исходник Ответственный История

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"variables": {
"keyvaultAccessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('rpServicePrincipalId')]",
"permissions": {
"secrets": [
"get"
]
}
}
]
},
"parameters": {
"databaseAccountName": {
"type": "string"
},
"domainName": {
"type": "string"
},
"extraCosmosDBIPs": {
"type": "string",
"defaultValue": ""
},
"extraKeyvaultAccessPolicies": {
"type": "array",
"defaultValue": []
},
"keyvaultName": {
"type": "string"
},
"pullSecret": {
"type": "string"
},
"rpImage": {
"type": "string"
},
"rpImageAuth": {
"type": "string"
},
"rpServicePrincipalId": {
"type": "string"
},
"sshPublicKey": {
"type": "string"
}
},
"resources": [
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/8"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.0.0.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-nsg')]",
"tags": null
},
"serviceEndpoints": [
{
"service": "Microsoft.KeyVault",
"locations": [
"*"
]
},
{
"service": "Microsoft.AzureCosmosDB",
"locations": [
"*"
]
}
]
},
"name": "rp-subnet"
}
]
},
"name": "rp-vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAllocationMethod": "Static"
},
"name": "rp-pip",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"sku": {
"name": "Standard"
},
"properties": {
"frontendIPConfigurations": [
{
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]",
"tags": null
}
},
"name": "rp-frontend"
}
],
"backendAddressPools": [
{
"name": "rp-backend"
}
],
"loadBalancingRules": [
{
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'rp-lb', 'rp-frontend')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
},
"probe": {
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'rp-probe')]"
},
"protocol": "Tcp",
"loadDistribution": "Default",
"frontendPort": 443,
"backendPort": 443
},
"name": "rp-lbrule"
}
],
"probes": [
{
"properties": {
"protocol": "Https",
"port": 443,
"numberOfProbes": 2,
"requestPath": "/healthz/ready"
},
"name": "rp-probe"
}
]
},
"name": "rp-lb",
"type": "Microsoft.Network/loadBalancers",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]"
]
},
{
"sku": {
"name": "Standard_D2s_v3",
"tier": "Standard",
"capacity": 3
},
"properties": {
"upgradePolicy": {
"mode": "Manual"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "rp-",
"adminUsername": "cloud-user",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "/home/cloud-user/.ssh/authorized_keys",
"keyData": "[parameters('sshPublicKey')]"
}
]
}
}
},
"storageProfile": {
"imageReference": {
"publisher": "RedHat",
"offer": "RHEL",
"sku": "7-RAW",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage",
"managedDisk": {
"storageAccountType": "Premium_LRS"
}
}
},
"networkProfile": {
"healthProbe": {
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'rp-probe')]"
},
"networkInterfaceConfigurations": [
{
"name": "rp-vmss-nic",
"properties": {
"primary": true,
"ipConfigurations": [
{
"name": "rp-vmss-ipconfig",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
},
"primary": true,
"publicIPAddressConfiguration": {
"name": "rp-vmss-pip"
},
"loadBalancerBackendAddressPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
}
]
}
}
]
}
}
]
},
"extensionProfile": {
"extensions": [
{
"name": "rp-vmss-cse",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"settings": {},
"protectedSettings": {
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PULLSECRET=$(base64 -d \u003c\u003c\u003c''',base64(parameters('pullSecret')),''')\n','RPIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('rpImage')),''')\n','RPIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('rpImageAuth')),''')\n','\n',base64ToString('c3lzdGVtY3RsIHN0b3AgYXJvcnAuc2VydmljZSB8fCB0cnVlCgp5dW0gLXkgdXBkYXRlIC14IFdBTGludXhBZ2VudAoKcnBtIC0taW1wb3J0IGh0dHBzOi8vZGwuZmVkb3JhcHJvamVjdC5vcmcvcHViL2VwZWwvUlBNLUdQRy1LRVktRVBFTC03Cgp5dW0gLXkgaW5zdGFsbCBodHRwczovL2RsLmZlZG9yYXByb2plY3Qub3JnL3B1Yi9lcGVsL2VwZWwtcmVsZWFzZS1sYXRlc3QtNy5ub2FyY2gucnBtIHx8IHRydWUKCmNhdCA+L2V0Yy95dW0ucmVwb3MuZC9henVyZS1jbGkucmVwbyA8PCdFT0YnClthenVyZWNvcmVdCm5hbWU9YXp1cmVjb3JlCmJhc2V1cmw9aHR0cHM6Ly9wYWNrYWdlcy5taWNyb3NvZnQuY29tL3l1bXJlcG9zL2F6dXJlY29yZQplbmFibGVkPXllcwpncGdjaGVjaz1ubwpFT0YKCnl1bSAteSBpbnN0YWxsIGF6c2VjLWNsYW1hdiBhenNlYy1tb25pdG9yIGF6dXJlLW1kc2QgYXp1cmUtc2VjdXJpdHkgZG9ja2VyCgpmaXJld2FsbC1jbWQgLS1hZGQtcG9ydD00NDMvdGNwIC0tcGVybWFuZW50CgppZiBbWyAtbiAiJFJQSU1BR0VBVVRIIiBdXTsgdGhlbgogIG1rZGlyIC1wIC9yb290Ly5kb2NrZXIKCiAgY2F0ID4vcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uIDw8RU9GCnsKCSJhdXRocyI6IHsKCQkiJHtSUElNQUdFJSUvKn0iOiB7CgkJCSJhdXRoIjogIiRSUElNQUdFQVVUSCIKCQl9Cgl9Cn0KRU9GCgplbHNlCiAgcm0gLXJmIC9yb290Ly5kb2NrZXIKZmkKCmNhdCA+L2V0Yy9zeXNjb25maWcvYXJvcnAgPDxFT0YKUlBfSU1BR0U9JyRSUElNQUdFJwpQVUxMX1NFQ1JFVD0nJFBVTExTRUNSRVQnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL2Fyb3JwLnNlcnZpY2UgPDxFT0YKW1VuaXRdCkFmdGVyPWRvY2tlci5zZXJ2aWNlClJlcXVpcmVzPWRvY2tlci5zZXJ2aWNlCgpbU2VydmljZV0KRW52aXJvbm1lbnRGaWxlPS9ldGMvc3lzY29uZmlnL2Fyb3JwCkV4ZWNTdGFydFByZT0tL3Vzci9iaW4vZG9ja2VyIHJtIC1mICVuCkV4ZWNTdGFydFByZT0vdXNyL2Jpbi9kb2NrZXIgcHVsbCBcJFJQX0lNQUdFCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1uYW1lICVuIC1wIDQ0Mzo4NDQzIC1lIFBVTExfU0VDUkVUIFwkUlBfSU1BR0UKRXhlY1N0b3A9L3Vzci9iaW4vZG9ja2VyIHN0b3AgLXQgOTAgJW4KUmVzdGFydD1hbHdheXMKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldApFT0YKCnN5c3RlbWN0bCBlbmFibGUgYXJvcnAuc2VydmljZQoKKHNsZWVwIDMwOyByZWJvb3QpICYK')))]"
}
}
}
]
}
},
"overprovision": false
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', 'rp-identity')]": {}
}
},
"name": "rp-vmss",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"location": "[resourceGroup().location]",
"apiVersion": "2019-03-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
]
},
{
"properties": {},
"name": "[parameters('domainName')]",
"type": "Microsoft.Network/dnsZones",
"location": "global",
"apiVersion": "2018-05-01"
},
{
"properties": {
"tenantId": "[subscription().tenantId]",
"sku": {
"family": "A",
"name": "standard"
},
"accessPolicies": "[concat(variables('keyvaultAccessPolicies'), parameters('extraKeyvaultAccessPolicies'))]"
},
"name": "[parameters('keyvaultName')]",
"type": "Microsoft.KeyVault/vaults",
"location": "[resourceGroup().location]",
"apiVersion": "2016-10-01"
},
{
"kind": "GlobalDocumentDB",
"properties": {
"consistencyPolicy": {
"defaultConsistencyLevel": "Strong"
},
"locations": [
{
"locationName": "[resourceGroup().location]"
}
],
"databaseAccountOfferType": "Standard",
"ipRangeFilter": "[concat('104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26', if(equals(parameters('extraCosmosDBIPs'), ''), '', ','), parameters('extraCosmosDBIPs'))]",
"isVirtualNetworkFilterEnabled": true,
"virtualNetworkRules": [
{
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
}
],
"disableKeyBasedMetadataWriteAccess": true
},
"name": "[parameters('databaseAccountName')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "Core (SQL)"
},
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
]
},
{
"properties": {
"resource": {
"id": "ARO"
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
]
},
{
"properties": {
"resource": {
"id": "OpenShiftClusters",
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": [
{
"paths": [
"/key"
]
}
]
}
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO/OpenShiftClusters')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
]
},
{
"properties": {
"resource": {
"id": "Subscriptions",
"partitionKey": {
"paths": [
"/key"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": [
{
"paths": [
"/key"
]
}
]
}
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO/Subscriptions')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
]
},
{
"name": "[guid(resourceGroup().id, 'RP / Reader')]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"scope": "[resourceGroup().id]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview"
},
{
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), 'RP / DocumentDB Account Contributor'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
]
},
{
"name": "[concat(parameters('domainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', parameters('domainName')), 'RP / DNS Zone Contributor'))]",
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]"
]
}
]
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку