зеркало из https://github.com/Azure/vdc.git
AKS update (#133)
* AKS Archetype updated. Removed hardcoded values. * Moved KeyVault and related modules to Archetype
This commit is contained in:
Kungumaraj Nachimuthu
Jorge Cotillo
Родитель
afdebb4d06
Коммит
1df4b2a5c2
|
|
@ -1,6 +1,50 @@
|
|||
{
|
||||
"ModuleConfigurationsPath": "../../../Modules",
|
||||
"ModuleConfigurations": [
|
||||
{
|
||||
"Name": "KeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"keyVaultName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}"
|
||||
},
|
||||
"accessPolicies": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}"
|
||||
},
|
||||
"secretsObject": {
|
||||
"value": {
|
||||
"secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}"
|
||||
}
|
||||
},
|
||||
"enableVaultForDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}"
|
||||
},
|
||||
"enableVaultForDiskEncryption": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}"
|
||||
},
|
||||
"enableVaultForTemplateDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}"
|
||||
},
|
||||
"vaultSku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ContainerRegistry",
|
||||
"ModuleDefinitionName": "ContainerRegistries",
|
||||
|
|
@ -124,6 +168,39 @@
|
|||
"Arguments" : {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "CreateCACertificate",
|
||||
"Comments": "CreateCACertificate",
|
||||
"dependsOn": [ "KeyVault" ],
|
||||
"Script": {
|
||||
"Command": "../../../Scripts/AKS/create-and-upload-ca-cert.sh",
|
||||
"Arguments" : {
|
||||
"1_SCRIPT_EXECUTION_SP_ID": "env(SCRIPT_EXECUTION_SP_ID)",
|
||||
"2_SCRIPT_EXECUTION_SP_KEY": "env(SCRIPT_EXECUTION_SP_KEY)",
|
||||
"3_TENANT": "${Subscriptions.AKS.TenantId}",
|
||||
"4_KEY_VAULT_NAME" : "${Parameters.ModuleConfigurationParameters.KeyVault.Name}",
|
||||
"5_CA_CERT_KEY_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaCertKeyName}",
|
||||
"6_CA_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaName}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "EnableServiceEndpointOnKeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
"Updates": "KeyVault",
|
||||
"dependsOn": [ "CreateCACertificate" ],
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "CreateClusterRBACRoleBindings",
|
||||
"Comments": "CreateClusterRBACRoleBindings",
|
||||
|
|
|
|||
|
|
@ -64,6 +64,65 @@ stages:
|
|||
$bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED;
|
||||
Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";'
|
||||
pwsh: true
|
||||
- job: KeyVault
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ StorageAccounts ]
|
||||
variables:
|
||||
BOOTSTRAP_INITIALIZED: $[dependencies.ContainerRegistry.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - KeyVault"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - KeyVault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Enable Service Endpoint on Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: AzureKubernetesServices
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
|
|
@ -156,6 +215,77 @@ stages:
|
|||
$bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED;
|
||||
Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";'
|
||||
pwsh: true
|
||||
- job: KeyVault
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ EventHub, VirtualNetwork ]
|
||||
variables:
|
||||
BOOTSTRAP_INITIALIZED: $[dependencies.ContainerRegistry.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Create CA Certificate"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "CreateCACertificate"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Enable Service Endpoint On Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: AzureKubernetesServices
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@
|
|||
"value": "${Parameters.ModuleConfigurationParameters.EventHub.Name}"
|
||||
},
|
||||
"eventHubSku": {
|
||||
"value": "Standard"
|
||||
"value": "${Parameters.ModuleConfigurationParameters.EventHub.Sku}"
|
||||
},
|
||||
"namespaceName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.EventHub.Namespace}"
|
||||
|
|
@ -108,9 +108,6 @@
|
|||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.EventHub.NetworkAcls}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -219,7 +216,7 @@
|
|||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Name}"
|
||||
},
|
||||
"peeringName": {
|
||||
"value": "aks-shared-peering"
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.LocalPeering.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkId": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Id}"
|
||||
|
|
@ -244,13 +241,16 @@
|
|||
"value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Name}"
|
||||
},
|
||||
"peeringName": {
|
||||
"value": "shared-aks-peering"
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.Name}"
|
||||
},
|
||||
"remoteVirtualNetworkId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"allowGatewayTransit": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.AllowGatewayTransit}"
|
||||
},
|
||||
"useRemoteGateways": {
|
||||
"value": false
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.UseRemoteGateways}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -274,60 +274,6 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "KeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
|
||||
"DependsOn": [
|
||||
"DiagnosticStorageAccount",
|
||||
"LogAnalytics",
|
||||
"VirtualNetwork"
|
||||
],
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"keyVaultName": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}"
|
||||
},
|
||||
"accessPolicies": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}"
|
||||
},
|
||||
"secretsObject": {
|
||||
"value": {
|
||||
"secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}"
|
||||
}
|
||||
},
|
||||
"enableVaultForDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}"
|
||||
},
|
||||
"enableVaultForDiskEncryption": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}"
|
||||
},
|
||||
"enableVaultForTemplateDeployment": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}"
|
||||
},
|
||||
"vaultSku": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}"
|
||||
},
|
||||
"diagnosticStorageAccountId": {
|
||||
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
|
||||
},
|
||||
"workspaceId": {
|
||||
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
},
|
||||
"networkAcls": {
|
||||
"value": {
|
||||
"bypass": "AzureServices",
|
||||
"defaultAction": "Allow",
|
||||
"virtualNetworkRules": [],
|
||||
"ipRules": []
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "ConsolidateApplicationRules",
|
||||
"Comments": "ConsolidateApplicationRules",
|
||||
|
|
@ -377,7 +323,7 @@
|
|||
"value": "${Subscriptions.SharedServices.SubscriptionId}"
|
||||
},
|
||||
"azureFirewallNatRuleCollection": {
|
||||
"value": []
|
||||
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AzureFirewallNatRuleCollection}"
|
||||
},
|
||||
"azureFirewallApplicationRuleCollection": {
|
||||
"value": "reference(ConsolidateApplicationRules.output)"
|
||||
|
|
@ -387,39 +333,6 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "CreateCACertificate",
|
||||
"Comments": "CreateCACertificate",
|
||||
"dependsOn": [ "KeyVault" ],
|
||||
"Script": {
|
||||
"Command": "../../../Scripts/AKS/create-and-upload-ca-cert.sh",
|
||||
"Arguments" : {
|
||||
"1_SCRIPT_EXECUTION_SP_ID": "env(SCRIPT_EXECUTION_SP_ID)",
|
||||
"2_SCRIPT_EXECUTION_SP_KEY": "env(SCRIPT_EXECUTION_SP_KEY)",
|
||||
"3_TENANT": "${Subscriptions.AKS.TenantId}",
|
||||
"4_KEY_VAULT_NAME" : "${Parameters.ModuleConfigurationParameters.KeyVault.Name}",
|
||||
"5_CA_CERT_KEY_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaCertKeyName}",
|
||||
"6_CA_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaName}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Name": "EnableServiceEndpointOnKeyVault",
|
||||
"ModuleDefinitionName": "KeyVault",
|
||||
"Updates": "KeyVault",
|
||||
"dependsOn": [ "CreateCACertificate" ],
|
||||
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
|
||||
"Deployment": {
|
||||
"OverrideParameters": {
|
||||
"networkAcls": {
|
||||
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
|
||||
},
|
||||
"vNetId": {
|
||||
"value": "reference(VirtualNetwork.vNetResourceId)"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -27,6 +27,16 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"VirtualNetworkPeering": {
|
||||
"LocalPeering": {
|
||||
"Name": "${Parameters.DeploymentName}-to-sharedsvcs"
|
||||
},
|
||||
"RemotePeering": {
|
||||
"Name": "sharedsvcs-to-${Parameters.DeploymentName}",
|
||||
"AllowGatewayTransit": true,
|
||||
"UseRemoteGateways": false
|
||||
}
|
||||
},
|
||||
"KeyVault": {
|
||||
"Name": "${Parameters.Organization}-${Parameters.DeploymentName}-kv",
|
||||
"ResourceGroup": "${Parameters.InstanceName}-keyvault-rg",
|
||||
|
|
@ -186,6 +196,7 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"AzureFirewallNatRuleCollection":[],
|
||||
"NetworkSecurityGroups": [
|
||||
{
|
||||
"Name": "default",
|
||||
|
|
@ -394,7 +405,7 @@
|
|||
"subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}"
|
||||
}],
|
||||
"ipRules": []
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -357,65 +357,6 @@ stages:
|
|||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: KeyVault
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ StorageAccounts ]
|
||||
variables:
|
||||
BOOTSTRAP_INITIALIZED: $[dependencies.StorageAccounts.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
|
||||
steps:
|
||||
- task: PowerShell@2
|
||||
displayName: "Pester Tests for Module - KeyVault"
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
script: '# Write your powershell commands here.
|
||||
|
||||
Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests";
|
||||
|
||||
# Use the environment variables input below to pass secret variables to this script.'
|
||||
pwsh: true
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - KeyVault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "ARM Validation - Enable Service Endpoint on Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault" -Validate'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: UpdateAzureFirewall
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
|
|
@ -759,77 +700,6 @@ stages:
|
|||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: KeyVault
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
name: 'vdc-self-hosted'
|
||||
dependsOn: [ EventHub, VirtualNetwork ]
|
||||
variables:
|
||||
BOOTSTRAP_INITIALIZED: $[dependencies.EventHub.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
|
||||
steps:
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Create CA Certificate"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "CreateCACertificate"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- task: AzurePowerShell@4
|
||||
displayName: "Enable Service Endpoint On Key Vault"
|
||||
inputs:
|
||||
azureSubscription: 'vdc2-spoke1'
|
||||
ScriptType: 'FilePath'
|
||||
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
|
||||
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault"'
|
||||
azurePowerShellVersion: 'LatestVersion'
|
||||
env:
|
||||
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
|
||||
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
|
||||
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
|
||||
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
|
||||
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
|
||||
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
|
||||
TENANT_ID: $(TENANT_ID)
|
||||
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
|
||||
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
|
||||
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
|
||||
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
|
||||
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
|
||||
- job: UpdateAzureFirewall
|
||||
timeoutInMinutes: 0
|
||||
pool:
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче