зеркало из https://github.com/Azure/ARO-RP.git
886 строки
50 KiB
JSON
886 строки
50 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"acrResourceId": {
|
|
"type": "string"
|
|
},
|
|
"adminApiCaBundle": {
|
|
"type": "string"
|
|
},
|
|
"adminApiClientCertCommonName": {
|
|
"type": "string"
|
|
},
|
|
"clusterParentDomainName": {
|
|
"type": "string"
|
|
},
|
|
"databaseAccountName": {
|
|
"type": "string"
|
|
},
|
|
"extraCosmosDBIPs": {
|
|
"type": "string",
|
|
"defaultValue": ""
|
|
},
|
|
"fpServicePrincipalId": {
|
|
"type": "string"
|
|
},
|
|
"fullDeploy": {
|
|
"type": "bool",
|
|
"defaultValue": false
|
|
},
|
|
"keyvaultPrefix": {
|
|
"type": "string"
|
|
},
|
|
"mdmFrontendUrl": {
|
|
"type": "string"
|
|
},
|
|
"mdsdConfigVersion": {
|
|
"type": "string"
|
|
},
|
|
"mdsdEnvironment": {
|
|
"type": "string"
|
|
},
|
|
"portalAccessGroupIds": {
|
|
"type": "string"
|
|
},
|
|
"portalClientId": {
|
|
"type": "string"
|
|
},
|
|
"portalElevatedGroupIds": {
|
|
"type": "string"
|
|
},
|
|
"rpImage": {
|
|
"type": "string"
|
|
},
|
|
"rpMode": {
|
|
"type": "string",
|
|
"defaultValue": ""
|
|
},
|
|
"rpParentDomainName": {
|
|
"type": "string"
|
|
},
|
|
"rpServicePrincipalId": {
|
|
"type": "string"
|
|
},
|
|
"sshPublicKey": {
|
|
"type": "string"
|
|
},
|
|
"storageAccountDomain": {
|
|
"type": "string"
|
|
},
|
|
"subscriptionResourceGroupName": {
|
|
"type": "string"
|
|
},
|
|
"vmSize": {
|
|
"type": "string",
|
|
"defaultValue": "Standard_D2s_v3"
|
|
},
|
|
"vmssName": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"sku": {
|
|
"name": "Standard"
|
|
},
|
|
"properties": {
|
|
"publicIPAllocationMethod": "Static"
|
|
},
|
|
"name": "rp-pip",
|
|
"type": "Microsoft.Network/publicIPAddresses",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"sku": {
|
|
"name": "Standard"
|
|
},
|
|
"properties": {
|
|
"publicIPAllocationMethod": "Static"
|
|
},
|
|
"name": "portal-pip",
|
|
"type": "Microsoft.Network/publicIPAddresses",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"sku": {
|
|
"name": "Standard"
|
|
},
|
|
"properties": {
|
|
"frontendIPConfigurations": [
|
|
{
|
|
"properties": {
|
|
"publicIPAddress": {
|
|
"id": "[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]",
|
|
"tags": null
|
|
}
|
|
},
|
|
"name": "rp-frontend"
|
|
},
|
|
{
|
|
"properties": {
|
|
"publicIPAddress": {
|
|
"id": "[resourceId('Microsoft.Network/publicIPAddresses', 'portal-pip')]",
|
|
"tags": null
|
|
}
|
|
},
|
|
"name": "portal-frontend"
|
|
}
|
|
],
|
|
"backendAddressPools": [
|
|
{
|
|
"name": "rp-backend"
|
|
}
|
|
],
|
|
"loadBalancingRules": [
|
|
{
|
|
"properties": {
|
|
"frontendIPConfiguration": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'rp-lb', 'rp-frontend')]"
|
|
},
|
|
"backendAddressPool": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
|
|
},
|
|
"probe": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'rp-probe')]"
|
|
},
|
|
"protocol": "Tcp",
|
|
"loadDistribution": "Default",
|
|
"frontendPort": 443,
|
|
"backendPort": 443
|
|
},
|
|
"name": "rp-lbrule"
|
|
},
|
|
{
|
|
"properties": {
|
|
"frontendIPConfiguration": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'rp-lb', 'portal-frontend')]"
|
|
},
|
|
"backendAddressPool": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
|
|
},
|
|
"probe": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'portal-probe-https')]"
|
|
},
|
|
"protocol": "Tcp",
|
|
"loadDistribution": "Default",
|
|
"frontendPort": 443,
|
|
"backendPort": 444
|
|
},
|
|
"name": "portal-lbrule"
|
|
},
|
|
{
|
|
"properties": {
|
|
"frontendIPConfiguration": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'rp-lb', 'portal-frontend')]"
|
|
},
|
|
"backendAddressPool": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
|
|
},
|
|
"probe": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'portal-probe-ssh')]"
|
|
},
|
|
"protocol": "Tcp",
|
|
"loadDistribution": "Default",
|
|
"frontendPort": 22,
|
|
"backendPort": 2222
|
|
},
|
|
"name": "portal-lbrule-ssh"
|
|
}
|
|
],
|
|
"probes": [
|
|
{
|
|
"properties": {
|
|
"protocol": "Https",
|
|
"port": 443,
|
|
"numberOfProbes": 2,
|
|
"requestPath": "/healthz/ready"
|
|
},
|
|
"name": "rp-probe"
|
|
},
|
|
{
|
|
"properties": {
|
|
"protocol": "Https",
|
|
"port": 444,
|
|
"numberOfProbes": 2,
|
|
"requestPath": "/healthz/ready"
|
|
},
|
|
"name": "portal-probe-https"
|
|
},
|
|
{
|
|
"properties": {
|
|
"protocol": "Tcp",
|
|
"port": 2222,
|
|
"numberOfProbes": 2
|
|
},
|
|
"name": "portal-probe-ssh"
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-lb",
|
|
"type": "Microsoft.Network/loadBalancers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/publicIPAddresses', 'rp-pip')]"
|
|
]
|
|
},
|
|
{
|
|
"sku": {
|
|
"name": "[parameters('vmSize')]",
|
|
"tier": "Standard",
|
|
"capacity": 3
|
|
},
|
|
"properties": {
|
|
"upgradePolicy": {
|
|
"mode": "Manual"
|
|
},
|
|
"virtualMachineProfile": {
|
|
"osProfile": {
|
|
"computerNamePrefix": "[concat('rp-', parameters('vmssName'), '-')]",
|
|
"adminUsername": "cloud-user",
|
|
"linuxConfiguration": {
|
|
"disablePasswordAuthentication": true,
|
|
"ssh": {
|
|
"publicKeys": [
|
|
{
|
|
"path": "/home/cloud-user/.ssh/authorized_keys",
|
|
"keyData": "[parameters('sshPublicKey')]"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"storageProfile": {
|
|
"imageReference": {
|
|
"publisher": "RedHat",
|
|
"offer": "RHEL",
|
|
"sku": "7-LVM",
|
|
"version": "7.9.2020100116"
|
|
},
|
|
"osDisk": {
|
|
"createOption": "FromImage",
|
|
"managedDisk": {
|
|
"storageAccountType": "Premium_LRS"
|
|
}
|
|
}
|
|
},
|
|
"networkProfile": {
|
|
"healthProbe": {
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'rp-lb', 'rp-probe')]"
|
|
},
|
|
"networkInterfaceConfigurations": [
|
|
{
|
|
"name": "rp-vmss-nic",
|
|
"properties": {
|
|
"primary": true,
|
|
"ipConfigurations": [
|
|
{
|
|
"name": "rp-vmss-ipconfig",
|
|
"properties": {
|
|
"subnet": {
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
|
|
},
|
|
"primary": true,
|
|
"publicIPAddressConfiguration": {
|
|
"name": "rp-vmss-pip"
|
|
},
|
|
"loadBalancerBackendAddressPools": [
|
|
{
|
|
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'rp-lb', 'rp-backend')]"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"diagnosticsProfile": {
|
|
"bootDiagnostics": {
|
|
"enabled": true,
|
|
"storageUri": "[concat('https://', parameters('storageAccountDomain'), '/')]"
|
|
}
|
|
},
|
|
"extensionProfile": {
|
|
"extensions": [
|
|
{
|
|
"name": "rp-vmss-cse",
|
|
"properties": {
|
|
"publisher": "Microsoft.Azure.Extensions",
|
|
"type": "CustomScript",
|
|
"typeHandlerVersion": "2.0",
|
|
"autoUpgradeMinorVersion": true,
|
|
"settings": {},
|
|
"protectedSettings": {
|
|
"script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'MDMFRONTENDURL=$(base64 -d \u003c\u003c\u003c''',base64(parameters('mdmFrontendUrl')),''')\n','MDSDCONFIGVERSION=$(base64 -d \u003c\u003c\u003c''',base64(parameters('mdsdConfigVersion')),''')\n','MDSDENVIRONMENT=$(base64 -d \u003c\u003c\u003c''',base64(parameters('mdsdEnvironment')),''')\n','ACRRESOURCEID=$(base64 -d \u003c\u003c\u003c''',base64(parameters('acrResourceId')),''')\n','CLUSTERPARENTDOMAINNAME=$(base64 -d \u003c\u003c\u003c''',base64(parameters('clusterParentDomainName')),''')\n','PORTALACCESSGROUPIDS=$(base64 -d \u003c\u003c\u003c''',base64(parameters('portalAccessGroupIds')),''')\n','PORTALCLIENTID=$(base64 -d \u003c\u003c\u003c''',base64(parameters('portalClientId')),''')\n','PORTALELEVATEDGROUPIDS=$(base64 -d \u003c\u003c\u003c''',base64(parameters('portalElevatedGroupIds')),''')\n','RPIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('rpImage')),''')\n','RPMODE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('rpMode')),''')\n','RPPARENTDOMAINNAME=$(base64 -d \u003c\u003c\u003c''',base64(parameters('rpParentDomainName')),''')\n','ADMINAPICLIENTCERTCOMMONNAME=$(base64 -d \u003c\u003c\u003c''',base64(parameters('adminApiClientCertCommonName')),''')\n','DATABASEACCOUNTNAME=$(base64 -d \u003c\u003c\u003c''',base64(parameters('databaseAccountName')),''')\n','KEYVAULTPREFIX=$(base64 -d \u003c\u003c\u003c''',base64(parameters('keyvaultPrefix')),''')\n','ADMINAPICABUNDLE=''',parameters('adminApiCaBundle'),'''\n','MDMIMAGE=''/genevamdm:master_52''\n','LOCATION=$(base64 -d \u003c\u003c\u003c''',base64(resourceGroup().location),''')\n','SUBSCRIPTIONID=$(base64 -d \u003c\u003c\u003c''',base64(subscription().subscriptionId),''')\n','RESOURCEGROUPNAME=$(base64 -d \u003c\u003c\u003c''',base64(resourceGroup().name),''')\n','\n',base64ToString('Cnl1bSAteSB1cGRhdGUgLXggV0FMaW51eEFnZW50CgpsdmV4dGVuZCAtbCArNTAlRlJFRSAvZGV2L3Jvb3R2Zy9yb290bHYKeGZzX2dyb3dmcyAvCgpsdmV4dGVuZCAtbCArMTAwJUZSRUUgL2Rldi9yb290dmcvdmFybHYKeGZzX2dyb3dmcyAvdmFyCgojIGF2b2lkICJlcnJvcjogZGI1IGVycm9yKC0zMDk2OSkgZnJvbSBkYmVudi0+b3BlbjogQkRCMDA5MSBEQl9WRVJTSU9OX01JU01BVENIOiBEYXRhYmFzZSBlbnZpcm9ubWVudCB2ZXJzaW9uIG1pc21hdGNoIgpybSAtZiAvdmFyL2xpYi9ycG0vX19kYioKCnJwbSAtLWltcG9ydCBodHRwczovL2RsLmZlZG9yYXByb2plY3Qub3JnL3B1Yi9lcGVsL1JQTS1HUEctS0VZLUVQRUwtNwpycG0gLS1pbXBvcnQgaHR0cHM6Ly9wYWNrYWdlcy5taWNyb3NvZnQuY29tL2tleXMvbWljcm9zb2Z0LmFzYwpycG0gLS1pbXBvcnQgaHR0cHM6Ly9wYWNrYWdlcy5mbHVlbnRiaXQuaW8vZmx1ZW50Yml0LmtleQoKZm9yIGF0dGVtcHQgaW4gezEuLjV9OyBkbwogIHl1bSAteSBpbnN0YWxsIGh0dHBzOi8vZGwuZmVkb3JhcHJvamVjdC5vcmcvcHViL2VwZWwvZXBlbC1yZWxlYXNlLWxhdGVzdC03Lm5vYXJjaC5ycG0gJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA1IF1dOyB0aGVuIHNsZWVwIDEwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKY2F0ID4vZXRjL3l1bS5yZXBvcy5kL2F6dXJlLnJlcG8gPDwnRU9GJwpbYXp1cmUtY2xpXQpuYW1lPWF6dXJlLWNsaQpiYXNldXJsPWh0dHBzOi8vcGFja2FnZXMubWljcm9zb2Z0LmNvbS95dW1yZXBvcy9henVyZS1jbGkKZW5hYmxlZD15ZXMKZ3BnY2hlY2s9eWVzCgpbYXp1cmVjb3JlXQpuYW1lPWF6dXJlY29yZQpiYXNldXJsPWh0dHBzOi8vcGFja2FnZXMubWljcm9zb2Z0LmNvbS95dW1yZXBvcy9henVyZWNvcmUKZW5hYmxlZD15ZXMKZ3BnY2hlY2s9bm8KRU9GCgpjYXQgPi9ldGMveXVtLnJlcG9zLmQvdGQtYWdlbnQtYml0LnJlcG8gPDwnRU9GJwpbdGQtYWdlbnQtYml0XQpuYW1lPXRkLWFnZW50LWJpdApiYXNldXJsPWh0dHBzOi8vcGFja2FnZXMuZmx1ZW50Yml0LmlvL2NlbnRvcy83CmVuYWJsZWQ9eWVzCmdwZ2NoZWNrPXllcwpFT0YKCmZvciBhdHRlbXB0IGluIHsxLi41fTsgZG8KeXVtIC15IGluc3RhbGwgYXpzZWMtY2xhbWF2IGF6c2VjLW1vbml0b3IgYXp1cmUtY2xpLTIuMTAuMSBhenVyZS1tZHNkIGF6dXJlLXNlY3VyaXR5IGRvY2tlciB0ZC1hZ2VudC1iaXQgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA1IF1dOyB0aGVuIHNsZWVwIDEwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKcnBtIC1lICQocnBtIC1xYSB8IGdyZXAgXmFicnQtKQpjYXQgPi9ldGMvc3lzY3RsLmQvMDEtZGlzYWJsZS1jb3JlLmNvbmYgPDwnRU9GJwprZXJuZWwuY29yZV9wYXR0ZXJuID0gfC9iaW4vdHJ1ZQpFT0YKc3lzY3RsIC0tc3lzdGVtCgpmaXJld2FsbC1jbWQgLS1hZGQtcG9ydD00NDMvdGNwIC0tcGVybWFuZW50CmZpcmV3YWxsLWNtZCAtLWFkZC1wb3J0PTQ0NC90Y3AgLS1wZXJtYW5lbnQKZmlyZXdhbGwtY21kIC0tYWRkLXBvcnQ9MjIyMi90Y3AgLS1wZXJtYW5lbnQKCmNhdCA+L2V0Yy90ZC1hZ2VudC1iaXQvdGQtYWdlbnQtYml0LmNvbmYgPDwnRU9GJwpbSU5QVVRdCglOYW1lIHN5c3RlbWQKCVRhZyBqb3VybmFsZAoJU3lzdGVtZF9GaWx0ZXIgX0NPTU09YXJvCgpbRklMVEVSXQoJTmFtZSBtb2RpZnkKCU1hdGNoIGpvdXJuYWxkCglSZW1vdmVfd2lsZGNhcmQgXwoJUmVtb3ZlIFRJTUVTVEFNUAoKW09VVFBVVF0KCU5hbWUgZm9yd2FyZAoJUG9ydCAyOTIzMApFT0YKCmF6IGxvZ2luIC1pCmF6IGFjY291bnQgc2V0IC1zICIkU1VCU0NSSVBUSU9OSUQiCgpzeXN0ZW1jdGwgc3RhcnQgZG9ja2VyLnNlcnZpY2UKYXogYWNyIGxvZ2luIC0tbmFtZSAiJChzZWQgLWUgJ3N8LiovfHwnIDw8PCIkQUNSUkVTT1VSQ0VJRCIpIgoKTURNSU1BR0U9IiR7UlBJTUFHRSUlLyp9LyR7TURNSU1BR0UjIyovfSIKZG9ja2VyIHB1bGwgIiRNRE1JTUFHRSIKZG9ja2VyIHB1bGwgIiRSUElNQUdFIgoKZm9yIGF0dGVtcHQgaW4gezEuLjV9OyBkbwogIGF6IGtleXZhdWx0IHNlY3JldCBkb3dubG9hZCAtLWZpbGUgL2V0Yy9tZG0ucGVtIC0taWQgImh0dHBzOi8vJEtFWVZBVUxUUFJFRklYLXN2Yy52YXVsdC5henVyZS5uZXQvc2VjcmV0cy9ycC1tZG0iICYmIGJyZWFrCiAgaWYgW1sgJHthdHRlbXB0fSAtbHQgNSBdXTsgdGhlbiBzbGVlcCAxMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKY2htb2QgMDYwMCAvZXRjL21kbS5wZW0Kc2VkIC1pIC1uZSAnMSwvRU5EIENFUlRJRklDQVRFLyBwJyAvZXRjL21kbS5wZW0KCmF6IGtleXZhdWx0IHNlY3JldCBkb3dubG9hZCAtLWZpbGUgL2V0Yy9tZHNkLnBlbSAtLWlkICJodHRwczovLyRLRVlWQVVMVFBSRUZJWC1zdmMudmF1bHQuYXp1cmUubmV0L3NlY3JldHMvcnAtbWRzZCIKY2hvd24gc3lzbG9nOnN5c2xvZyAvZXRjL21kc2QucGVtCmNobW9kIDA2MDAgL2V0Yy9tZHNkLnBlbQoKYXogbG9nb3V0Cgpta2RpciAvZXRjL2Fyby1ycApiYXNlNjQgLWQgPDw8IiRBRE1JTkFQSUNBQlVORExFIiA+L2V0Yy9hcm8tcnAvYWRtaW4tY2EtYnVuZGxlLnBlbQpjaG93biAtUiAxMDAwOjEwMDAgL2V0Yy9hcm8tcnAKCm1rZGlyIC9ldGMvc3lzdGVtZC9zeXN0ZW0vbWRzZC5zZXJ2aWNlLmQKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL21kc2Quc2VydmljZS5kL292ZXJyaWRlLmNvbmYgPDwnRU9GJwpbVW5pdF0KQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CkVPRgoKY2F0ID4vZXRjL2RlZmF1bHQvbWRzZCA8PEVPRgpNRFNEX1JPTEVfUFJFRklYPS92YXIvcnVuL21kc2QvZGVmYXVsdApNRFNEX09QVElPTlM9Ii1BIC1kIC1yIFwkTURTRF9ST0xFX1BSRUZJWCIKCmV4cG9ydCBTU0xfQ0VSVF9GSUxFPS9ldGMvcGtpL3Rscy9jZXJ0cy9jYS1idW5kbGUuY3J0CgpleHBvcnQgTU9OSVRPUklOR19HQ1NfRU5WSVJPTk1FTlQ9JyRNRFNERU5WSVJPTk1FTlQnCmV4cG9ydCBNT05JVE9SSU5HX0dDU19BQ0NPVU5UPUFST1JQTG9ncwpleHBvcnQgTU9OSVRPUklOR19HQ1NfUkVHSU9OPSckTE9DQVRJT04nCmV4cG9ydCBNT05JVE9SSU5HX0dDU19DRVJUX0NFUlRGSUxFPS9ldGMvbWRzZC5wZW0KZXhwb3J0IE1PTklUT1JJTkdfR0NTX0NFUlRfS0VZRklMRT0vZXRjL21kc2QucGVtCmV4cG9ydCBNT05JVE9SSU5HX0dDU19OQU1FU1BBQ0U9QVJPUlBMb2dzCmV4cG9ydCBNT05JVE9SSU5HX0NPTkZJR19WRVJTSU9OPSckTURTRENPTkZJR1ZFUlNJT04nCmV4cG9ydCBNT05JVE9SSU5HX1VTRV9HRU5FVkFfQ09ORklHX1NFUlZJQ0U9dHJ1ZQoKZXhwb3J0IE1PTklUT1JJTkdfVEVOQU5UPSckTE9DQVRJT04nCmV4cG9ydCBNT05JVE9SSU5HX1JPTEU9cnAKZXhwb3J0IE1PTklUT1JJTkdfUk9MRV9JTlNUQU5DRT0nJChob3N0bmFtZSknCkVPRgoKY2F0ID4vZXRjL3N5c2NvbmZpZy9tZG0gPDxFT0YKTURNRlJPTlRFTkRVUkw9JyRNRE1GUk9OVEVORFVSTCcKTURNSU1BR0U9JyRNRE1JTUFHRScKTURNU09VUkNFRU5WSVJPTk1FTlQ9JyRMT0NBVElPTicKTURNU09VUkNFUk9MRT1ycApNRE1TT1VSQ0VST0xFSU5TVEFOQ0U9JyQoaG9zdG5hbWUpJwpFT0YKCm1rZGlyIC92YXIvZXR3CmNhdCA+L2V0Yy9zeXN0ZW1kL3N5c3RlbS9tZG0uc2VydmljZSA8PCdFT0YnCltVbml0XQpBZnRlcj1kb2NrZXIuc2VydmljZQpSZXF1aXJlcz1kb2NrZXIuc2VydmljZQoKW1NlcnZpY2VdCkVudmlyb25tZW50RmlsZT0vZXRjL3N5c2NvbmZpZy9tZG0KRXhlY1N0YXJ0UHJlPS0vdXNyL2Jpbi9kb2NrZXIgcm0gLWYgJU4KRXhlY1N0YXJ0PS91c3IvYmluL2RvY2tlciBydW4gXAogIC0tZW50cnlwb2ludCAvdXNyL3NiaW4vTWV0cmljc0V4dGVuc2lvbiBcCiAgLS1ob3N0bmFtZSAlSCBcCiAgLS1uYW1lICVOIFwKICAtLXJtIFwKICAtbSAyZyBcCiAgLXYgL2V0Yy9tZG0ucGVtOi9ldGMvbWRtLnBlbSBcCiAgLXYgL3Zhci9ldHc6L3Zhci9ldHc6eiBcCiAgJE1ETUlNQUdFIFwKICAtQ2VydEZpbGUgL2V0Yy9tZG0ucGVtIFwKICAtRnJvbnRFbmRVcmwgJE1ETUZST05URU5EVVJMIFwKICAtTG9nZ2VyIENvbnNvbGUgXAogIC1Mb2dMZXZlbCBXYXJuaW5nIFwKICAtUHJpdmF0ZUtleUZpbGUgL2V0Yy9tZG0ucGVtIFwKICAtU291cmNlRW52aXJvbm1lbnQgJE1ETVNPVVJDRUVOVklST05NRU5UIFwKICAtU291cmNlUm9sZSAkTURNU09VUkNFUk9MRSBcCiAgLVNvdXJjZVJvbGVJbnN0YW5jZSAkTURNU09VUkNFUk9MRUlOU1RBTkNFCkV4ZWNTdG9wPS91c3IvYmluL2RvY2tlciBzdG9wICVOClJlc3RhcnQ9YWx3YXlzClJlc3RhcnRTZWM9MQpTdGFydExpbWl0SW50ZXJ2YWw9MAoKW0luc3RhbGxdCldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0CkVPRgoKY2F0ID4vZXRjL3N5c2NvbmZpZy9hcm8tcnAgPDxFT0YKQUNSX1JFU09VUkNFX0lEPSckQUNSUkVTT1VSQ0VJRCcKQURNSU5fQVBJX0NMSUVOVF9DRVJUX0NPTU1PTl9OQU1FPSckQURNSU5BUElDTElFTlRDRVJUQ09NTU9OTkFNRScKREFUQUJBU0VfQUNDT1VOVF9OQU1FPSckREFUQUJBU0VBQ0NPVU5UTkFNRScKRE9NQUlOX05BTUU9JyRMT0NBVElPTi4kQ0xVU1RFUlBBUkVOVERPTUFJTk5BTUUnCktFWVZBVUxUX1BSRUZJWD0nJEtFWVZBVUxUUFJFRklYJwpNRE1fQUNDT1VOVD1BenVyZVJlZEhhdE9wZW5TaGlmdFJQCk1ETV9OQU1FU1BBQ0U9UlAKUlBfTU9ERT0nJFJQTU9ERScKUlBJTUFHRT0nJFJQSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL2Fyby1ycC5zZXJ2aWNlIDw8J0VPRicKW1VuaXRdCkFmdGVyPWRvY2tlci5zZXJ2aWNlClJlcXVpcmVzPWRvY2tlci5zZXJ2aWNlCgpbU2VydmljZV0KRW52aXJvbm1lbnRGaWxlPS9ldGMvc3lzY29uZmlnL2Fyby1ycApFeGVjU3RhcnRQcmU9LS91c3IvYmluL2RvY2tlciBybSAtZiAlTgpFeGVjU3RhcnQ9L3Vzci9iaW4vZG9ja2VyIHJ1biBcCiAgLS1ob3N0bmFtZSAlSCBcCiAgLS1uYW1lICVOIFwKICAtLXJtIFwKICAtZSBBQ1JfUkVTT1VSQ0VfSUQgXAogIC1lIEFETUlOX0FQSV9DTElFTlRfQ0VSVF9DT01NT05fTkFNRSBcCiAgLWUgREFUQUJBU0VfQUNDT1VOVF9OQU1FIFwKICAtZSBET01BSU5fTkFNRSBcCiAgLWUgS0VZVkFVTFRfUFJFRklYIFwKICAtZSBNRE1fQUNDT1VOVCBcCiAgLWUgTURNX05BTUVTUEFDRSBcCiAgLWUgUlBfTU9ERSBcCiAgLW0gMmcgXAogIC1wIDQ0Mzo4NDQzIFwKICAtdiAvZXRjL2Fyby1ycDovZXRjL2Fyby1ycCBcCiAgLXYgL3J1bi9zeXN0ZW1kL2pvdXJuYWw6L3J1bi9zeXN0ZW1kL2pvdXJuYWwgXAogIC12IC92YXIvZXR3Oi92YXIvZXR3OnogXAogICRSUElNQUdFIFwKICBycApFeGVjU3RvcD0vdXNyL2Jpbi9kb2NrZXIgc3RvcCAtdCAzNjAwICVOClRpbWVvdXRTdG9wU2VjPTM2MDAKUmVzdGFydD1hbHdheXMKUmVzdGFydFNlYz0xClN0YXJ0TGltaXRJbnRlcnZhbD0wCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpjYXQgPi9ldGMvc3lzY29uZmlnL2Fyby1tb25pdG9yIDw8RU9GCkNMVVNURVJfTURNX0FDQ09VTlQ9QXp1cmVSZWRIYXRPcGVuU2hpZnRDbHVzdGVyCkNMVVNURVJfTURNX05BTUVTUEFDRT1CQk0KREFUQUJBU0VfQUNDT1VOVF9OQU1FPSckREFUQUJBU0VBQ0NPVU5UTkFNRScKS0VZVkFVTFRfUFJFRklYPSckS0VZVkFVTFRQUkVGSVgnCk1ETV9BQ0NPVU5UPUF6dXJlUmVkSGF0T3BlblNoaWZ0UlAKTURNX05BTUVTUEFDRT1CQk0KUlBfTU9ERT0nJFJQTU9ERScKUlBJTUFHRT0nJFJQSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL2Fyby1tb25pdG9yLnNlcnZpY2UgPDwnRU9GJwpbVW5pdF0KQWZ0ZXI9ZG9ja2VyLnNlcnZpY2UKUmVxdWlyZXM9ZG9ja2VyLnNlcnZpY2UKCltTZXJ2aWNlXQpFbnZpcm9ubWVudEZpbGU9L2V0Yy9zeXNjb25maWcvYXJvLW1vbml0b3IKRXhlY1N0YXJ0UHJlPS0vdXNyL2Jpbi9kb2NrZXIgcm0gLWYgJU4KRXhlY1N0YXJ0PS91c3IvYmluL2RvY2tlciBydW4gXAogIC0taG9zdG5hbWUgJUggXAogIC0tbmFtZSAlTiBcCiAgLS1ybSBcCiAgLWUgQ0xVU1RFUl9NRE1fQUNDT1VOVCBcCiAgLWUgQ0xVU1RFUl9NRE1fTkFNRVNQQUNFIFwKICAtZSBEQVRBQkFTRV9BQ0NPVU5UX05BTUUgXAogIC1lIEtFWVZBVUxUX1BSRUZJWCBcCiAgLWUgTURNX0FDQ09VTlQgXAogIC1lIE1ETV9OQU1FU1BBQ0UgXAogIC1lIFJQX01PREUgXAogIC1tIDJnIFwKICAtdiAvcnVuL3N5c3RlbWQvam91cm5hbDovcnVuL3N5c3RlbWQvam91cm5hbCBcCiAgLXYgL3Zhci9ldHc6L3Zhci9ldHc6eiBcCiAgJFJQSU1BR0UgXAogIG1vbml0b3IKUmVzdGFydD1hbHdheXMKUmVzdGFydFNlYz0xClN0YXJ0TGltaXRJbnRlcnZhbD0wCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpjYXQgPi9ldGMvc3lzY29uZmlnL2Fyby1wb3J0YWwgPDxFT0YKQVpVUkVfUE9SVEFMX0FDQ0VTU19HUk9VUF9JRFM9JyRQT1JUQUxBQ0NFU1NHUk9VUElEUycKQVpVUkVfUE9SVEFMX0NMSUVOVF9JRD0nJFBPUlRBTENMSUVOVElEJwpBWlVSRV9QT1JUQUxfRUxFVkFURURfR1JPVVBfSURTPSckUE9SVEFMRUxFVkFURURHUk9VUElEUycKREFUQUJBU0VfQUNDT1VOVF9OQU1FPSckREFUQUJBU0VBQ0NPVU5UTkFNRScKS0VZVkFVTFRfUFJFRklYPSckS0VZVkFVTFRQUkVGSVgnCk1ETV9BQ0NPVU5UPUF6dXJlUmVkSGF0T3BlblNoaWZ0UlAKTURNX05BTUVTUEFDRT1Qb3J0YWwKUE9SVEFMX0hPU1ROQU1FPSckTE9DQVRJT04uYWRtaW4uJFJQUEFSRU5URE9NQUlOTkFNRScKUlBfTU9ERT0nJFJQTU9ERScKUlBJTUFHRT0nJFJQSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL2Fyby1wb3J0YWwuc2VydmljZSA8PCdFT0YnCltVbml0XQpBZnRlcj1kb2NrZXIuc2VydmljZQpSZXF1aXJlcz1kb2NrZXIuc2VydmljZQpTdGFydExpbWl0SW50ZXJ2YWw9MAoKW1NlcnZpY2VdCkVudmlyb25tZW50RmlsZT0vZXRjL3N5c2NvbmZpZy9hcm8tcG9ydGFsCkV4ZWNTdGFydFByZT0tL3Vzci9iaW4vZG9ja2VyIHJtIC1mICVOCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIFwKICAtLWhvc3RuYW1lICVIIFwKICAtLW5hbWUgJU4gXAogIC0tcm0gXAogIC1lIEFETUlOX0FQSV9DTElFTlRfQ0VSVF9DT01NT05fTkFNRSBcCiAgLWUgQVpVUkVfUE9SVEFMX0FDQ0VTU19HUk9VUF9JRFMgXAogIC1lIEFaVVJFX1BPUlRBTF9DTElFTlRfSUQgXAogIC1lIEFaVVJFX1BPUlRBTF9FTEVWQVRFRF9HUk9VUF9JRFMgXAogIC1lIERBVEFCQVNFX0FDQ09VTlRfTkFNRSBcCiAgLWUgS0VZVkFVTFRfUFJFRklYIFwKICAtZSBNRE1fQUNDT1VOVCBcCiAgLWUgTURNX05BTUVTUEFDRSBcCiAgLWUgUE9SVEFMX0hPU1ROQU1FIFwKICAtZSBSUF9NT0RFIFwKICAtbSAyZyBcCiAgLXAgNDQ0Ojg0NDQgXAogIC1wIDIyMjI6MjIyMiBcCiAgLXYgL3J1bi9zeXN0ZW1kL2pvdXJuYWw6L3J1bi9zeXN0ZW1kL2pvdXJuYWwgXAogIC12IC92YXIvZXR3Oi92YXIvZXR3OnogXAogICRSUElNQUdFIFwKICBwb3J0YWwKUmVzdGFydD1hbHdheXMKUmVzdGFydFNlYz0xCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpjaGNvbiAtUiBzeXN0ZW1fdTpvYmplY3Rfcjp2YXJfbG9nX3Q6czAgL3Zhci9vcHQvbWljcm9zb2Z0L2xpbnV4bW9uYWdlbnQKCmZvciBzZXJ2aWNlIGluIGFyby1tb25pdG9yIGFyby1wb3J0YWwgYXJvLXJwIGF1b21zIGF6c2VjZCBhenNlY21vbmQgbWRzZCBtZG0gY2hyb255ZCB0ZC1hZ2VudC1iaXQ7IGRvCiAgc3lzdGVtY3RsIGVuYWJsZSAkc2VydmljZS5zZXJ2aWNlCmRvbmUKCmZvciBzY2FuIGluIGJhc2VsaW5lIGNsYW1hdiBzb2Z0d2FyZTsgZG8KICAvdXNyL2xvY2FsL2Jpbi9henNlY2QgY29uZmlnIC1zICRzY2FuIC1kIFAxRApkb25lCgooc2xlZXAgMzA7IHJlYm9vdCkgJgo=')))]"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overprovision": false
|
|
},
|
|
"identity": {
|
|
"type": "UserAssigned",
|
|
"userAssignedIdentities": {
|
|
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', concat('aro-rp-', resourceGroup().location))]": {}
|
|
}
|
|
},
|
|
"name": "[concat('rp-vmss-', parameters('vmssName'))]",
|
|
"type": "Microsoft.Compute/virtualMachineScaleSets",
|
|
"location": "[resourceGroup().location]",
|
|
"apiVersion": "2019-03-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, parameters('rpServicePrincipalId'), 'RP / Reader'))]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]",
|
|
"[resourceId('Microsoft.Storage/storageAccounts', substring(parameters('storageAccountDomain'), 0, indexOf(parameters('storageAccountDomain'), '.')))]"
|
|
]
|
|
},
|
|
{
|
|
"sku": {
|
|
"name": "Standard_LRS"
|
|
},
|
|
"location": "[resourceGroup().location]",
|
|
"name": "[substring(parameters('storageAccountDomain'), 0, indexOf(parameters('storageAccountDomain'), '.'))]",
|
|
"type": "Microsoft.Storage/storageAccounts",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-04-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"severity": 2,
|
|
"enabled": true,
|
|
"scopes": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
],
|
|
"evaluationFrequency": "PT5M",
|
|
"windowSize": "PT15M",
|
|
"targetResourceType": "Microsoft.Network/loadBalancers",
|
|
"criteria": {
|
|
"allOf": [
|
|
{
|
|
"operator": "LessThan",
|
|
"threshold": 30,
|
|
"AdditionalProperties": null,
|
|
"name": "HealthProbeCheck",
|
|
"metricName": "DipAvailability",
|
|
"metricNamespace": "microsoft.network/loadBalancers",
|
|
"timeAggregation": "Average",
|
|
"criterionType": "StaticThresholdCriterion"
|
|
}
|
|
],
|
|
"AdditionalProperties": null,
|
|
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
|
|
},
|
|
"autoMitigate": true,
|
|
"actions": [
|
|
{
|
|
"actionGroupId": "[resourceId(parameters('subscriptionResourceGroupName'), 'Microsoft.Insights/actionGroups', 'rp-health-ag')]",
|
|
"webHookProperties": null
|
|
}
|
|
]
|
|
},
|
|
"name": "[concat('rp-availability-alert-', resourceGroup().location)]",
|
|
"type": "Microsoft.Insights/metricAlerts",
|
|
"location": "global",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-03-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"severity": 3,
|
|
"enabled": true,
|
|
"scopes": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
],
|
|
"evaluationFrequency": "PT15M",
|
|
"windowSize": "PT6H",
|
|
"targetResourceType": "Microsoft.Network/loadBalancers",
|
|
"criteria": {
|
|
"allOf": [
|
|
{
|
|
"operator": "LessThan",
|
|
"threshold": 67,
|
|
"AdditionalProperties": null,
|
|
"name": "HealthProbeCheck",
|
|
"metricName": "DipAvailability",
|
|
"metricNamespace": "microsoft.network/loadBalancers",
|
|
"timeAggregation": "Average",
|
|
"criterionType": "StaticThresholdCriterion"
|
|
}
|
|
],
|
|
"AdditionalProperties": null,
|
|
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
|
|
},
|
|
"autoMitigate": true,
|
|
"actions": [
|
|
{
|
|
"actionGroupId": "[resourceId(parameters('subscriptionResourceGroupName'), 'Microsoft.Insights/actionGroups', 'rp-health-ag')]",
|
|
"webHookProperties": null
|
|
}
|
|
]
|
|
},
|
|
"name": "[concat('rp-degraded-alert-', resourceGroup().location)]",
|
|
"type": "Microsoft.Insights/metricAlerts",
|
|
"location": "global",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-03-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"severity": 2,
|
|
"enabled": true,
|
|
"scopes": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
],
|
|
"evaluationFrequency": "PT5M",
|
|
"windowSize": "PT5M",
|
|
"targetResourceType": "Microsoft.Network/loadBalancers",
|
|
"criteria": {
|
|
"allOf": [
|
|
{
|
|
"operator": "LessThan",
|
|
"threshold": 33,
|
|
"AdditionalProperties": null,
|
|
"name": "HealthProbeCheck",
|
|
"metricName": "VipAvailability",
|
|
"metricNamespace": "microsoft.network/loadBalancers",
|
|
"timeAggregation": "Average",
|
|
"criterionType": "StaticThresholdCriterion"
|
|
}
|
|
],
|
|
"AdditionalProperties": null,
|
|
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
|
|
},
|
|
"autoMitigate": true,
|
|
"actions": [
|
|
{
|
|
"actionGroupId": "[resourceId(parameters('subscriptionResourceGroupName'), 'Microsoft.Insights/actionGroups', 'rp-health-ag')]",
|
|
"webHookProperties": null
|
|
}
|
|
]
|
|
},
|
|
"name": "[concat('rp-vnet-alert-', resourceGroup().location)]",
|
|
"type": "Microsoft.Insights/metricAlerts",
|
|
"location": "global",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-03-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/loadBalancers', 'rp-lb')]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), '970792b5-7720-4bf5-a335-f15e97c7e25a' , 'Billing / DocumentDB Account Contributor'))]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
|
|
"principalId": "['970792b5-7720-4bf5-a335-f15e97c7e25a']",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {},
|
|
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'))]",
|
|
"type": "Microsoft.Network/dnsZones",
|
|
"location": "global",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-05-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"10.0.0.0/24"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"properties": {
|
|
"addressPrefix": "10.0.0.0/24",
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-nsg')]",
|
|
"tags": null
|
|
},
|
|
"serviceEndpoints": [
|
|
{
|
|
"service": "Microsoft.KeyVault",
|
|
"locations": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"service": "Microsoft.AzureCosmosDB",
|
|
"locations": [
|
|
"*"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-subnet"
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-vnet",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"10.0.4.0/22"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"properties": {
|
|
"addressPrefix": "10.0.4.0/22",
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]",
|
|
"tags": null
|
|
},
|
|
"privateEndpointNetworkPolicies": "Disabled"
|
|
},
|
|
"name": "rp-pe-subnet"
|
|
}
|
|
]
|
|
},
|
|
"name": "rp-pe-vnet-001",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"allowVirtualNetworkAccess": true,
|
|
"allowForwardedTraffic": true,
|
|
"allowGatewayTransit": false,
|
|
"useRemoteGateways": false,
|
|
"remoteVirtualNetwork": {
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
|
|
}
|
|
},
|
|
"name": "rp-vnet/peering-rp-pe-vnet-001",
|
|
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
|
|
],
|
|
"location": "[resourceGroup().location]"
|
|
},
|
|
{
|
|
"properties": {
|
|
"allowVirtualNetworkAccess": true,
|
|
"allowForwardedTraffic": true,
|
|
"allowGatewayTransit": false,
|
|
"useRemoteGateways": false,
|
|
"remoteVirtualNetwork": {
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
|
|
}
|
|
},
|
|
"name": "rp-pe-vnet-001/peering-rp-vnet",
|
|
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-07-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
|
|
],
|
|
"location": "[resourceGroup().location]"
|
|
},
|
|
{
|
|
"kind": "GlobalDocumentDB",
|
|
"properties": {
|
|
"consistencyPolicy": {
|
|
"defaultConsistencyLevel": "Strong"
|
|
},
|
|
"locations": [
|
|
{
|
|
"locationName": "[resourceGroup().location]"
|
|
}
|
|
],
|
|
"databaseAccountOfferType": "Standard",
|
|
"ipRangeFilter": "[concat('104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26', if(equals(parameters('extraCosmosDBIPs'), ''), '', ','), parameters('extraCosmosDBIPs'))]",
|
|
"isVirtualNetworkFilterEnabled": true,
|
|
"virtualNetworkRules": [
|
|
{
|
|
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"
|
|
}
|
|
],
|
|
"disableKeyBasedMetadataWriteAccess": true
|
|
},
|
|
"name": "[parameters('databaseAccountName')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts",
|
|
"location": "[resourceGroup().location]",
|
|
"tags": {
|
|
"defaultExperience": "Core (SQL)"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "['ARO']"
|
|
},
|
|
"options": {
|
|
"throughput": "500"
|
|
}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "AsyncOperations",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/id"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"defaultTtl": 604800
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/AsyncOperations')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "Billing",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/id"
|
|
],
|
|
"kind": "Hash"
|
|
}
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Billing')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "Monitors",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/id"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"defaultTtl": -1
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Monitors')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "OpenShiftClusters",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/partitionKey"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"uniqueKeyPolicy": {
|
|
"uniqueKeys": [
|
|
{
|
|
"paths": [
|
|
"/key"
|
|
]
|
|
},
|
|
{
|
|
"paths": [
|
|
"/clusterResourceGroupIdKey"
|
|
]
|
|
},
|
|
{
|
|
"paths": [
|
|
"/clientIdKey"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/OpenShiftClusters')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "Portal",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/id"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"defaultTtl": -1
|
|
},
|
|
"options": {
|
|
"throughput": "400"
|
|
}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Portal')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "Subscriptions",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/id"
|
|
],
|
|
"kind": "Hash"
|
|
}
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/', 'ARO', '/Subscriptions')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"location": "[resourceGroup().location]",
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]",
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[guid(resourceGroup().id, parameters('rpServicePrincipalId'), 'RP / Reader')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceGroup().id]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-09-01-preview"
|
|
},
|
|
{
|
|
"name": "[guid(resourceGroup().id, 'FP / Network Contributor')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceGroup().id]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
|
|
"principalId": "[parameters('fpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-09-01-preview"
|
|
},
|
|
{
|
|
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), parameters('rpServicePrincipalId'), 'RP / DocumentDB Account Contributor'))]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName'))), 'FP / DNS Zone Contributor'))]",
|
|
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
|
|
"principalId": "[parameters('fpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"condition": "[parameters('fullDeploy')]",
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]"
|
|
]
|
|
}
|
|
]
|
|
}
|