-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathSettings.yaml
100 lines (99 loc) · 3.06 KB
/
Settings.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
sqlServer:
name: "$SQLNAME"
databaseName: "$SQLDBNAME"
userName: "$SQLUSERNAME"
password: "$SQLUSERPASSWORD"
profiseeRunTime:
useLetsEncrypt: $USELETSENCRYPT
adminAccount: "$ADMINACCOUNTNAME"
InfraAdminAccount: "$INFRAADMINACCOUNT"
fileRepository:
accountName: "$FILEREPOACCOUNTNAME"
userName: "$FILEREPOUSERNAME"
password: "$FILEREPOPASSWORD"
logonType: "NewCredentials"
location: "$FILEREPOURL"
fileShareName: "$FILEREPOSHARENAME"
externalDnsUrl: "$EXTERNALDNSURL"
externalDnsName: "$EXTERNALDNSNAME"
webAppName: "$WEBAPPNAME"
deployIngressRule: true
isPaaS: true
oidc:
name: "$OIDCNAME"
authority: "$OIDCURL"
clientId: "$CLIENTID"
clientSecret: "$OIDCCLIENTSECRET"
usernameClaim: "$OIDCCMUserName"
userIdClaim: "$OIDCCMUserID"
firstNameClaim: "$OIDCCMFirstName"
lastNameClaim: "$OIDCCMLastName"
emailClaim: "$OIDCCMEmailAddress"
groupsClaim: "groups"
clusterNodeCount: "$PodCount"
clusterNode:
limits:
cpu: $CPULIMITSVALUE
memory: $MEMORYLIMITSVALUE
requests:
cpu: 1
memory: 1000M
image:
registry: "profisee.azurecr.io"
repository: "$ACRREPONAME"
tag: "$ACRREPOLABEL"
auth: |
{
"auths":{
"profisee.azurecr.io":{
"username":"$ACRUSER",
"password":"$ACRPASSWORD",
"email":"$ACREMAIL",
"auth":"$ACRAUTH"
}
}
}
licenseFileData: $LICENSEDATA
preInitScriptData: $preInitScriptData
postInitScriptData: $postInitScriptData
oidcFileData: |
$OIDCFileData
tlsCert: |
$TLSCERT
tlsKey: |
$TLSKEY
cloud:
azure:
isProvider: true
useKeyVault: $USEKEYVAULT
keyVault:
identity: #must be created in the AKS node resource group and have Get policies for key vault or Key Vault Secrets User for an RBAC key vault.
clientId: "$KEYVAULTIDENTITCLIENTID"
resourceId: $KEYVAULTIDENTITYRESOURCEID
secrets:
sqlUserName: $SQL_USERNAMESECRET
sqlPassword: $SQL_USERPASSWORDSECRET
tlsCertificate: $TLS_CERTSECRET
license: $LICENSE_DATASECRET
name: "$KEYVAULTNAME"
resourceGroup: "$KEYVAULTRESOURCEGROUP"
subscriptionId: "$AZURESUBSCRIPTIONID"
tenantId: "$AZURETENANTID"
clusterClientId: "$KUBERNETESCLIENTID" #clientId of the AKSCluster-agentpool identity; The "Managed Identity Operator" role must be assigned to the RG and Node RG; "Virtual Machine Contributor" role must be assigned to the Node RG.
useManagedIdentity: false
managedIdentity:
name: ""
clientId: ""
resourceId: ""
purview:
tenantId: "$PURVIEWTENANTID"
url: "$PURVIEWURL"
collectionId: "$PURVIEWCOLLECTIONID"
clientId: "$PURVIEWCLIENTID"
clientSecret: "$PURVIEWCLIENTSECRET"
aws:
isProvider: false
ebsVolumeId: ""
google:
isProvider: false
gceVolumeName: ""