Azure
/
vdc
зеркало из https://github.com/Azure/vdc.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

AKS update (#133) 

* AKS Archetype updated. Removed hardcoded values.

* Moved KeyVault and related modules to Archetype
This commit is contained in:
Kungumaraj Nachimuthu 2019-09-11 23:34:28 -07:00 коммит произвёл Jorge Cotillo
Родитель afdebb4d06
Коммит 1df4b2a5c2
5 изменённых файлов: 227 добавлений и 226 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

77
Environments/AKS/Archetype/orchestration.json
Просмотреть файл

@ -1,6 +1,50 @@
{ {
"ModuleConfigurationsPath": "../../../Modules", "ModuleConfigurationsPath": "../../../Modules",
"ModuleConfigurations": [ "ModuleConfigurations": [
{
"Name": "KeyVault",
"ModuleDefinitionName": "KeyVault",
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
"Deployment": {
"OverrideParameters": {
"keyVaultName": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}"
},
"accessPolicies": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}"
},
"secretsObject": {
"value": {
"secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}"
}
},
"enableVaultForDeployment": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}"
},
"enableVaultForDiskEncryption": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}"
},
"enableVaultForTemplateDeployment": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}"
},
"vaultSku": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}"
},
"diagnosticStorageAccountId": {
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
},
"workspaceId": {
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
},
"vNetId": {
"value": "reference(VirtualNetwork.vNetResourceId)"
},
"networkAcls": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
}
}
}
},
{ {
"Name": "ContainerRegistry", "Name": "ContainerRegistry",
"ModuleDefinitionName": "ContainerRegistries", "ModuleDefinitionName": "ContainerRegistries",
@ -124,6 +168,39 @@
"Arguments" : {} "Arguments" : {}
} }
}, },
{
"Name": "CreateCACertificate",
"Comments": "CreateCACertificate",
"dependsOn": [ "KeyVault" ],
"Script": {
"Command": "../../../Scripts/AKS/create-and-upload-ca-cert.sh",
"Arguments" : {
"1_SCRIPT_EXECUTION_SP_ID": "env(SCRIPT_EXECUTION_SP_ID)",
"2_SCRIPT_EXECUTION_SP_KEY": "env(SCRIPT_EXECUTION_SP_KEY)",
"3_TENANT": "${Subscriptions.AKS.TenantId}",
"4_KEY_VAULT_NAME" : "${Parameters.ModuleConfigurationParameters.KeyVault.Name}",
"5_CA_CERT_KEY_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaCertKeyName}",
"6_CA_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaName}"
}
}
},
{
"Name": "EnableServiceEndpointOnKeyVault",
"ModuleDefinitionName": "KeyVault",
"Updates": "KeyVault",
"dependsOn": [ "CreateCACertificate" ],
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
"Deployment": {
"OverrideParameters": {
"networkAcls": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
},
"vNetId": {
"value": "reference(VirtualNetwork.vNetResourceId)"
}
}
}
},
{ {
"Name": "CreateClusterRBACRoleBindings", "Name": "CreateClusterRBACRoleBindings",
"Comments": "CreateClusterRBACRoleBindings", "Comments": "CreateClusterRBACRoleBindings",

130
Environments/AKS/Archetype/pipeline.yml
Просмотреть файл

@ -64,6 +64,65 @@ stages:
$bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED; $bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED;
Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";' Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";'
pwsh: true pwsh: true
- job: KeyVault
pool:
name: 'vdc-self-hosted'
dependsOn: [ StorageAccounts ]
variables:
BOOTSTRAP_INITIALIZED: $[dependencies.ContainerRegistry.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
steps:
- task: PowerShell@2
displayName: "Pester Tests for Module - KeyVault"
inputs:
targetType: 'inline'
script: '# Write your powershell commands here.
Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests";
# Use the environment variables input below to pass secret variables to this script.'
pwsh: true
- task: AzurePowerShell@4
displayName: "ARM Validation - KeyVault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault" -Validate'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "ARM Validation - Enable Service Endpoint on Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault" -Validate'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: AzureKubernetesServices - job: AzureKubernetesServices
pool: pool:
name: 'vdc-self-hosted' name: 'vdc-self-hosted'
@ -156,6 +215,77 @@ stages:
$bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED; $bootstrapInitialized = $ENV:BOOTSTRAP_INITIALIZED;
Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";' Write-Host "##vso[task.setvariable variable=BOOTSTRAP_INITIALIZED;isOutput=true]$bootstrapInitialized";'
pwsh: true pwsh: true
- job: KeyVault
timeoutInMinutes: 0
pool:
name: 'vdc-self-hosted'
dependsOn: [ EventHub, VirtualNetwork ]
variables:
BOOTSTRAP_INITIALIZED: $[dependencies.ContainerRegistry.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
steps:
- task: AzurePowerShell@4
displayName: "Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "Create CA Certificate"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "CreateCACertificate"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "Enable Service Endpoint On Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: AzureKubernetesServices - job: AzureKubernetesServices
timeoutInMinutes: 0 timeoutInMinutes: 0
pool: pool:

103
Environments/AKS/LandingZone/orchestration.json
Просмотреть файл

@ -92,7 +92,7 @@
"value": "${Parameters.ModuleConfigurationParameters.EventHub.Name}" "value": "${Parameters.ModuleConfigurationParameters.EventHub.Name}"
}, },
"eventHubSku": { "eventHubSku": {
"value": "Standard" "value": "${Parameters.ModuleConfigurationParameters.EventHub.Sku}"
}, },
"namespaceName": { "namespaceName": {
"value": "${Parameters.ModuleConfigurationParameters.EventHub.Namespace}" "value": "${Parameters.ModuleConfigurationParameters.EventHub.Namespace}"
@ -108,9 +108,6 @@
}, },
"vNetId": { "vNetId": {
"value": "reference(VirtualNetwork.vNetResourceId)" "value": "reference(VirtualNetwork.vNetResourceId)"
},
"networkAcls": {
"value": "${Parameters.ModuleConfigurationParameters.EventHub.NetworkAcls}"
} }
} }
} }
@ -219,7 +216,7 @@
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Name}" "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Name}"
}, },
"peeringName": { "peeringName": {
"value": "aks-shared-peering" "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.LocalPeering.Name}"
}, },
"remoteVirtualNetworkId": { "remoteVirtualNetworkId": {
"value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Id}" "value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Id}"
@ -244,13 +241,16 @@
"value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Name}" "value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetwork.Name}"
}, },
"peeringName": { "peeringName": {
"value": "shared-aks-peering" "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.Name}"
}, },
"remoteVirtualNetworkId": { "remoteVirtualNetworkId": {
"value": "reference(VirtualNetwork.vNetResourceId)" "value": "reference(VirtualNetwork.vNetResourceId)"
}, },
"allowGatewayTransit": {
"value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.AllowGatewayTransit}"
},
"useRemoteGateways": { "useRemoteGateways": {
"value": false "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.RemotePeering.UseRemoteGateways}"
} }
} }
} }
@ -274,60 +274,6 @@
} }
} }
}, },
{
"Name": "KeyVault",
"ModuleDefinitionName": "KeyVault",
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
"DependsOn": [
"DiagnosticStorageAccount",
"LogAnalytics",
"VirtualNetwork"
],
"Deployment": {
"OverrideParameters": {
"keyVaultName": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}"
},
"accessPolicies": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}"
},
"secretsObject": {
"value": {
"secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}"
}
},
"enableVaultForDeployment": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}"
},
"enableVaultForDiskEncryption": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}"
},
"enableVaultForTemplateDeployment": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}"
},
"vaultSku": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}"
},
"diagnosticStorageAccountId": {
"value": "reference(DiagnosticStorageAccount.storageAccountResourceId)"
},
"workspaceId": {
"value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)"
},
"vNetId": {
"value": "reference(VirtualNetwork.vNetResourceId)"
},
"networkAcls": {
"value": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"virtualNetworkRules": [],
"ipRules": []
}
}
}
}
},
{ {
"Name": "ConsolidateApplicationRules", "Name": "ConsolidateApplicationRules",
"Comments": "ConsolidateApplicationRules", "Comments": "ConsolidateApplicationRules",
@ -377,7 +323,7 @@
"value": "${Subscriptions.SharedServices.SubscriptionId}" "value": "${Subscriptions.SharedServices.SubscriptionId}"
}, },
"azureFirewallNatRuleCollection": { "azureFirewallNatRuleCollection": {
"value": [] "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AzureFirewallNatRuleCollection}"
}, },
"azureFirewallApplicationRuleCollection": { "azureFirewallApplicationRuleCollection": {
"value": "reference(ConsolidateApplicationRules.output)" "value": "reference(ConsolidateApplicationRules.output)"
@ -387,39 +333,6 @@
} }
} }
} }
},
{
"Name": "CreateCACertificate",
"Comments": "CreateCACertificate",
"dependsOn": [ "KeyVault" ],
"Script": {
"Command": "../../../Scripts/AKS/create-and-upload-ca-cert.sh",
"Arguments" : {
"1_SCRIPT_EXECUTION_SP_ID": "env(SCRIPT_EXECUTION_SP_ID)",
"2_SCRIPT_EXECUTION_SP_KEY": "env(SCRIPT_EXECUTION_SP_KEY)",
"3_TENANT": "${Subscriptions.AKS.TenantId}",
"4_KEY_VAULT_NAME" : "${Parameters.ModuleConfigurationParameters.KeyVault.Name}",
"5_CA_CERT_KEY_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaCertKeyName}",
"6_CA_NAME" : "${Parameters.ModuleConfigurationParameters.Kubernetes.CaName}"
}
}
},
{
"Name": "EnableServiceEndpointOnKeyVault",
"ModuleDefinitionName": "KeyVault",
"Updates": "KeyVault",
"dependsOn": [ "CreateCACertificate" ],
"ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}",
"Deployment": {
"OverrideParameters": {
"networkAcls": {
"value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}"
},
"vNetId": {
"value": "reference(VirtualNetwork.vNetResourceId)"
}
}
}
} }
] ]
} }

13
Environments/AKS/LandingZone/parameters.json
Просмотреть файл

@ -27,6 +27,16 @@
} }
} }
}, },
"VirtualNetworkPeering": {
"LocalPeering": {
"Name": "${Parameters.DeploymentName}-to-sharedsvcs"
},
"RemotePeering": {
"Name": "sharedsvcs-to-${Parameters.DeploymentName}",
"AllowGatewayTransit": true,
"UseRemoteGateways": false
}
},
"KeyVault": { "KeyVault": {
"Name": "${Parameters.Organization}-${Parameters.DeploymentName}-kv", "Name": "${Parameters.Organization}-${Parameters.DeploymentName}-kv",
"ResourceGroup": "${Parameters.InstanceName}-keyvault-rg", "ResourceGroup": "${Parameters.InstanceName}-keyvault-rg",
@ -186,6 +196,7 @@
} }
} }
], ],
"AzureFirewallNatRuleCollection":[],
"NetworkSecurityGroups": [ "NetworkSecurityGroups": [
{ {
"Name": "default", "Name": "default",
@ -394,7 +405,7 @@
"subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}" "subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}"
}], }],
"ipRules": [] "ipRules": []
}, }
} }
} }
} }

130
Environments/AKS/LandingZone/pipeline.yml
Просмотреть файл

@ -357,65 +357,6 @@ stages:
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID) SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY) SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: KeyVault
pool:
name: 'vdc-self-hosted'
dependsOn: [ StorageAccounts ]
variables:
BOOTSTRAP_INITIALIZED: $[dependencies.StorageAccounts.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
steps:
- task: PowerShell@2
displayName: "Pester Tests for Module - KeyVault"
inputs:
targetType: 'inline'
script: '# Write your powershell commands here.
Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests";
# Use the environment variables input below to pass secret variables to this script.'
pwsh: true
- task: AzurePowerShell@4
displayName: "ARM Validation - KeyVault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault" -Validate'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "ARM Validation - Enable Service Endpoint on Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault" -Validate'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: UpdateAzureFirewall - job: UpdateAzureFirewall
pool: pool:
name: 'vdc-self-hosted' name: 'vdc-self-hosted'
@ -759,77 +700,6 @@ stages:
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID) SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY) SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: KeyVault
timeoutInMinutes: 0
pool:
name: 'vdc-self-hosted'
dependsOn: [ EventHub, VirtualNetwork ]
variables:
BOOTSTRAP_INITIALIZED: $[dependencies.EventHub.outputs['bootstratInitializedOutput.BOOTSTRAP_INITIALIZED']]
steps:
- task: AzurePowerShell@4
displayName: "Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "KeyVault"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "Create CA Certificate"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "CreateCACertificate"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- task: AzurePowerShell@4
displayName: "Enable Service Endpoint On Key Vault"
inputs:
azureSubscription: 'vdc2-spoke1'
ScriptType: 'FilePath'
ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1'
ScriptArguments: '-DefinitionPath "Environments/AKS/LandingZone/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnKeyVault"'
azurePowerShellVersion: 'LatestVersion'
env:
ADMIN_USER_PWD: $(ADMIN_USER_PWD)
ADMIN_USER_SSH: $(ADMIN_USER_SSH)
DEVOPS_SERVICE_PRINCIPAL_USER_ID: $(DEVOPS_SERVICE_PRINCIPAL_USER_ID)
KEYVAULT_MANAGEMENT_USER_ID: $(KEYVAULT_MANAGEMENT_USER_ID)
DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD)
DOMAIN_ADMIN_USERNAME: $(DOMAIN_ADMIN_USERNAME)
TENANT_ID: $(TENANT_ID)
ORGANIZATION_NAME: $(ORGANIZATION_NAME)
VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS)
VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION)
SCRIPT_EXECUTION_SP_ID: $(SCRIPT_EXECUTION_SP_ID)
SCRIPT_EXECUTION_SP_KEY: $(SCRIPT_EXECUTION_SP_KEY)
- job: UpdateAzureFirewall - job: UpdateAzureFirewall
timeoutInMinutes: 0 timeoutInMinutes: 0
pool: pool: