Microsoft.Resources/subscriptions/resourceGroups/write
(to create the resource group)Microsoft.Resources/subscriptions/resourceGroups/read
(to read the resource group)Microsoft.Network/virtualNetworks/write
(to create the VNet)Microsoft.Network/virtualNetworks/read
(to read the VNet)Microsoft.Network/publicIPAddresses/write
(to create the public IPs)Microsoft.Network/publicIPAddresses/read
(to read the public IPs)Microsoft.Network/natGateways/write
(to create the NAT Gateway)Microsoft.Network/natGateways/read
(to read the NAT Gateway)Microsoft.Network/routeTables/write
(to create the route tables)Microsoft.Network/routeTables/read
(to read the route tables)Microsoft.Network/networkSecurityGroups/write
(to create the NSGs)Microsoft.Network/networkSecurityGroups/read
(to read the NSGs)Microsoft.ContainerService/managedClusters/write
(to create the AKS cluster)Microsoft.ContainerService/managedClusters/read
(to read the AKS cluster)Microsoft.ContainerService/agentPools/write
(to create the node pools)Microsoft.ContainerService/agentPools/read
(to read the node pools)Microsoft.ManagedIdentity/userAssignedIdentities/write
(to create the managed identities)
Microsoft.ManagedIdentity/userAssignedIdentities/read
(to read managed identities)
Microsoft.ContainerService/managedClusters/accessProfiles/*/read
(to access kubeconfig)
Microsoft.Storage/storageAccounts/write
(to create the storage account for CSI driver provisioning)Microsoft.Storage/storageAccounts/read
Microsoft.DBforPostgreSQL/flexibleServers/write
(to create the PostgreSQL server)Microsoft.DBforPostgreSQL/flexibleServers/read
subscription_id
if deploying via CLI or Pulumiu10d-{env}-rg
eastus2
10.0.0.0/16
10.0.0.0/24
${region}a
10.0.1.0/24
, 10.0.2.0/24
${region}a
and ${region}b
0.0.0.0/0
via internet0.0.0.0/0
via NAT GatewayContributor
or more scoped roleNetwork Contributor
Monitoring Metrics Publisher
AcrPull
(if using ACR)Storage Blob Data Reader
recommender
, etl-operator
, data-broker
Storage Blob Data Contributor
to required containers1.31
or higherStandard_D16s_v5
10.0.0.0/16
)v0.7.2
disk.csi.azure.com
BLOB_STORAGE_ADAPTER_ACCOUNT_NAME
BLOB_STORAGE_ADAPTER_ACCOUNT_KEY
BLOB_STORAGE_ADAPTER_CONTAINER_REGION
(optional)DB_USERNAME
DB_PASSWORD
DB_HOST
DB_NAME
DB_DATABASE
JWT_SECRET_KEY
AUTH_STRATEGY
SESSION_SECRET
SHARED_SECRET
KEYCLOAK_CLIENT_SECRET
KEYCLOAK_ADMIN_SECRET
KEYCLOAK_ADMIN
KEYCLOAK_ADMIN_PASSWORD
API_BEARER_TOKEN
BLOB_STORAGE_ADAPTER_TYPE
: azure
BLOB_STORAGE_ADAPTER_BUCKET
ETL_BLOB_CACHE_BUCKET_NAME
ETL_API_BLOB_STORAGE_ADAPTER_BUCKET
ETL_API_BLOB_STORAGE_ADAPTER_TYPE
: azure
ETL_API_DB_REMOTE_BUCKET_NAME
ETL_API_JOB_STATUS_DEST_BUCKET_NAME
JOB_STATUS_BUCKET_NAME
JOB_DB_BUCKET_NAME
ENV
, ENVIRONMENT
JOB_ENV
, JOB_ENVIRONMENT
JOB_OTEL_EXPORTER_OTLP_ENDPOINT
JOB_OTEL_METRICS_EXPORTER
JOB_OTEL_TRACES_EXPORTER
OTEL_EXPORTER_OTLP_ENDPOINT
OTEL_METRICS_EXPORTER
OTEL_TRACES_EXPORTER
UNSTRUCTURED_API_URL
JWKS_URL
JWT_ISSUER
JWT_AUDIENCE
SINGLE_PLANE_DEPLOYMENT
API_BASE_URL
API_CLIENT_BASE_URL
API_URL
APM_SERVICE_NAME
APM_SERVICE_NAME_CLIENT
AUTH_STRATEGY
FRONTEND_BASE_URL
KEYCLOAK_CALLBACK_URL
KEYCLOAK_CLIENT_ID
KEYCLOAK_DOMAIN
KEYCLOAK_REALM
KEYCLOAK_SSL_ENABLED
KEYCLOAK_TRUST_ISSUER
PUBLIC_BASE_URL
PUBLIC_RELEASE_CHANNEL
REDIS_DSN
IMAGE_PULL_SECRETS
PRIVATE_KEY_SECRETS_ADAPTER_TYPE
: azure
PRIVATE_KEY_SECRETS_ADAPTER_AZURE_REGION
SECRETS_ADAPTER_TYPE
: azure
SECRETS_ADAPTER_AZURE_REGION
File Name | Type | Resource name | Namespace | Data keys |
---|---|---|---|---|
data-broker-env-cm.yaml | ConfigMap | data-broker-env | api | JOB_STATUS_BUCKET_NAME , JOB_DB_BUCKET_NAME , BLOB_STORAGE_ADAPTER_TYPE |
data-broker-env-secret.yaml | Secret | data-broker-env | api | BLOB_STORAGE_ADAPTER_ACCOUNT_NAME , BLOB_STORAGE_ADAPTER_ACCOUNT_KEY , BLOB_STORAGE_ADAPTER_CONTAINER_REGION |
dataplane-api-env-cm.yaml | Secret | dataplane-api-env | api | DB_PASSWORD , DB_USERNAME , DB_HOST , DB_NAME |
etl-operator-env-cm.yaml | ConfigMap | etl-operator-env | etl-operator | BLOB_STORAGE_ADAPTER_BUCKET , JOB_STATUS_BUCKET_NAME , JOB_DB_BUCKET_NAME , BLOB_STORAGE_ADAPTER_TYPE , ENV , ENVIRONMENT , REDIS_DSN , ETL_API_BLOB_STORAGE_ADAPTER_BUCKET , ETL_API_BLOB_STORAGE_ADAPTER_TYPE , ETL_API_DB_REMOTE_BUCKET_NAME , ETL_API_JOB_STATUS_DEST_BUCKET_NAME (x2), ETL_BLOB_CACHE_BUCKET_NAME , IMAGE_PULL_SECRETS , JOB_ENV , JOB_ENVIRONMENT , JOB_OTEL_EXPORTER_OTLP_ENDPOINT , JOB_OTEL_METRICS_EXPORTER , JOB_OTEL_TRACES_EXPORTER , OTEL_EXPORTER_OTLP_ENDPOINT , OTEL_METRICS_EXPORTER , OTEL_TRACES_EXPORTER , UNSTRUCTURED_API_URL |
etl-operator-env-secret.yaml | Secret | etl-operator-env | etl-operator | BLOB_STORAGE_ADAPTER_ACCOUNT_NAME , BLOB_STORAGE_ADAPTER_ACCOUNT_KEY , BLOB_STORAGE_ADAPTER_CONTAINER_REGION |
frontend-env-cm.yaml | ConfigMap | frontend-env | www | API_BASE_URL , API_CLIENT_BASE_URL , API_URL , APM_SERVICE_NAME , APM_SERVICE_NAME_CLIENT , AUTH_STRATEGY , ENV , FRONTEND_BASE_URL , KEYCLOAK_CALLBACK_URL , KEYCLOAK_CLIENT_ID , KEYCLOAK_DOMAIN , KEYCLOAK_REALM , KEYCLOAK_SSL_ENABLED , KEYCLOAK_TRUST_ISSUER , PUBLIC_BASE_URL , PUBLIC_RELEASE_CHANNEL , SENTRY_DSN , SENTRY_SAMPLE_RATE , WORKFLOW_NODE_EDITOR_FF_REQUEST_FORM , CUSTOM_WORKFLOW_FF_REQUEST_FORM |
frontend-env-secret.yaml | Secret | frontend-env | www | API_BEARER_TOKEN , KEYCLOAK_ADMIN_SECRET , KEYCLOAK_CLIENT_SECRET , SESSION_SECRET , SHARED_SECRET |
keycloak-secret.yaml | Secret | phasetwo-keycloak-env | www | KEYCLOAK_ADMIN , KEYCLOAK_ADMIN_PASSWORD |
platform-api-env-cm.yaml | ConfigMap | platform-api-env | api | JWKS_URL , JWT_ISSUER , JWT_AUDIENCE , SINGLE_PLANE_DEPLOYMENT |
platform-api-env-secret.yaml | Secret | platform-api-env | api | DB_PASSWORD , DB_USERNAME , DB_HOST , DB_NAME , DB_DATABASE , JWT_SECRET_KEY , AUTH_STRATEGY |
recommender-env-cm.yaml | ConfigMap | recommender-env | recommender | BLOB_STORAGE_ADAPTER_TYPE , ETL_BLOB_CACHE_BUCKET_NAME |
recommender-env-secret.yaml | Secret | recommender-env | recommender | BLOB_STORAGE_ADAPTER_ACCOUNT_NAME , BLOB_STORAGE_ADAPTER_ACCOUNT_KEY , BLOB_STORAGE_ADAPTER_CONTAINER_REGION |
secret-provider-api-env-cm.yaml | ConfigMap | secrets-provider-api-env | secrets | ENV , ENVIRONMENT , OTEL_EXPORTER_OTLP_ENDPOINT , OTEL_METRICS_EXPORTER , OTEL_TRACES_EXPORTER , PRIVATE_KEY_SECRETS_ADAPTER_AZURE_REGION , PRIVATE_KEY_SECRETS_ADAPTER_TYPE , SECRETS_ADAPTER_AZURE_REGION , SECRETS_ADAPTER_TYPE |
secret-provider-api-env-secret.yaml | Secret | secrets-provider-api-env | secrets | BLOB_STORAGE_ADAPTER_ACCOUNT_NAME , BLOB_STORAGE_ADAPTER_ACCOUNT_KEY , BLOB_STORAGE_ADAPTER_CONTAINER_REGION |
usage-collector-env-secret.yaml | Secret | usage-collector-env | api | DB_PASSWORD , DB_USERNAME , DB_HOST , DB_NAME , BLOB_STORAGE_ADAPTER_TYPE |
data-broker-env-cm.yaml
ConfigMap file, the contents would look like this:
data-broker-env-secret.yaml
Secret file would look like this: