Skip to content
This repository was archived by the owner on Jan 11, 2023. It is now read-only.

Commit 4e452f3

Browse files
anhoweanhowe
authored
add managed disks for masters. This enables a cluster to have encryption at rest. (#844)
1 parent 2978760 commit 4e452f3

26 files changed

+287
-130
lines changed

parts/dcosagentresourcesvmas.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@
6060
"location": "[variables('location')]",
6161
"name": "[variables('{{.Name}}AvailabilitySet')]",
6262
"properties": {
63-
"platformFaultDomainCount": "3",
63+
"platformFaultDomainCount": "2",
6464
"platformUpdateDomainCount": "3",
6565
"managed": "true"
6666
},

parts/dcosagentvars.t

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@
1212
"{{.Name}}AvailabilitySet": "[concat('{{.Name}}-availabilitySet-', variables('nameSuffix'))]",
1313
"{{.Name}}Offset": "[parameters('{{.Name}}Offset')]",
1414
{{else}}
15+
{{if .IsStorageAccount}}
1516
"{{.Name}}StorageAccountsCount": "[variables('maxStorageAccountsPerAgent')]",
17+
{{end}}
1618
{{end}}
1719
{{if .IsCustomVNET}}
1820
"{{.Name}}VnetSubnetID": "[parameters('{{.Name}}VnetSubnetID')]",

parts/dcosbase.t

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,7 @@
1818
{{end}}
1919
{{end}}
2020

21-
{{template "dcosmastervars.t" .}},
22-
23-
{{GetSizeMap}}
21+
{{template "dcosmastervars.t" .}}
2422
},
2523
"resources": [
2624
{{range .AgentPoolProfiles}}

parts/dcosmasterresources.t

Lines changed: 36 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,16 @@
1+
{{if .MasterProfile.IsManagedDisks}}
2+
{
3+
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
4+
"location": "[variables('location')]",
5+
"name": "[variables('masterAvailabilitySet')]",
6+
"properties": {
7+
"platformFaultDomainCount": "2",
8+
"platformUpdateDomainCount": "3",
9+
"managed": "true"
10+
},
11+
"type": "Microsoft.Compute/availabilitySets"
12+
},
13+
{{else if .MasterProfile.IsStorageAccount}}
114
{
215
"apiVersion": "[variables('apiVersionStorage')]",
316
"dependsOn": [
@@ -10,6 +23,14 @@
1023
},
1124
"type": "Microsoft.Storage/storageAccounts"
1225
},
26+
{
27+
"apiVersion": "[variables('apiVersionDefault')]",
28+
"location": "[variables('location')]",
29+
"name": "[variables('masterAvailabilitySet')]",
30+
"properties": {},
31+
"type": "Microsoft.Compute/availabilitySets"
32+
},
33+
{{end}}
1334
{
1435
"apiVersion": "[variables('apiVersionStorage')]",
1536
"dependsOn": [
@@ -43,13 +64,6 @@
4364
"type": "Microsoft.Network/virtualNetworks"
4465
},
4566
{{end}}
46-
{
47-
"apiVersion": "[variables('apiVersionDefault')]",
48-
"location": "[variables('location')]",
49-
"name": "[variables('masterAvailabilitySet')]",
50-
"properties": {},
51-
"type": "Microsoft.Compute/availabilitySets"
52-
},
5367
{
5468
"apiVersion": "[variables('apiVersionDefault')]",
5569
"location": "[variables('location')]",
@@ -224,15 +238,21 @@
224238
"type": "Microsoft.Network/networkInterfaces"
225239
},
226240
{
241+
{{if .MasterProfile.IsManagedDisks}}
242+
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
243+
{{else}}
227244
"apiVersion": "[variables('apiVersionDefault')]",
245+
{{end}}
228246
"copy": {
229247
"count": "[variables('masterCount')]",
230248
"name": "vmLoopNode"
231249
},
232250
"dependsOn": [
233251
"[concat('Microsoft.Network/networkInterfaces/', variables('masterVMNamePrefix'), 'nic-', copyIndex())]",
234252
"[concat('Microsoft.Compute/availabilitySets/',variables('masterAvailabilitySet'))]",
253+
{{if .MasterProfile.IsStorageAccount}}
235254
"[variables('masterStorageAccountName')]",
255+
{{end}}
236256
"[variables('masterStorageAccountExhibitorName')]"
237257
],
238258
"tags":
@@ -283,15 +303,17 @@
283303
"version": "[variables('osImageVersion')]"
284304
},
285305
"osDisk": {
286-
"caching": "ReadWrite",
287-
"createOption": "FromImage",
288-
{{if ne .MasterProfile.OSDiskSizeGB 0}}
289-
"diskSizeGB": {{.MasterProfile.OSDiskSizeGB}},
290-
{{end}}
291-
"name": "[concat(variables('masterVMNamePrefix'), copyIndex(),'-osdisk')]",
292-
"vhd": {
306+
"caching": "ReadWrite"
307+
,"createOption": "FromImage"
308+
{{if .MasterProfile.IsStorageAccount}}
309+
,"name": "[concat(variables('masterVMNamePrefix'), copyIndex(),'-osdisk')]"
310+
,"vhd": {
293311
"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',variables('masterStorageAccountName')),variables('apiVersionStorage')).primaryEndpoints.blob,'vhds/',variables('masterVMNamePrefix'),copyIndex(),'-osdisk.vhd')]"
294312
}
313+
{{end}}
314+
{{if ne .MasterProfile.OSDiskSizeGB 0}}
315+
,"diskSizeGB": {{.MasterProfile.OSDiskSizeGB}}
316+
{{end}}
295317
}
296318
}
297319
},

parts/dcosmastervars.t

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,7 @@
11
"adminUsername": "[parameters('linuxAdminUsername')]",
22
"targetEnvironment": "[parameters('targetEnvironment')]",
33
"maxVMsPerPool": 100,
4-
"maxVMsPerStorageAccount": 20,
5-
"maxStorageAccountsPerAgent": "[div(variables('maxVMsPerPool'),variables('maxVMsPerStorageAccount'))]",
6-
"dataStorageAccountPrefixSeed": 97,
74
"apiVersionDefault": "2016-03-30",
8-
"apiVersionStorage": "2015-06-15",
9-
{{if .HasManagedDisks}}
10-
"apiVersionStorageManagedDisks": "2016-04-30-preview",
11-
{{end}}
125
{{if .LinuxProfile.HasSecrets}}
136
"linuxProfileSecrets" :
147
[
@@ -41,8 +34,24 @@
4134
"masterNSGID": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('masterNSGName'))]",
4235
"masterNSGName": "[concat(variables('orchestratorName'), '-master-nsg-', variables('nameSuffix'))]",
4336
"masterPublicIPAddressName": "[concat(variables('orchestratorName'), '-master-ip-', variables('masterEndpointDNSNamePrefix'), '-', variables('nameSuffix'))]",
37+
"apiVersionStorage": "2015-06-15",
38+
"storageAccountBaseName": "[uniqueString(concat(variables('masterEndpointDNSNamePrefix'),variables('location'),variables('orchestratorName')))]",
4439
"masterStorageAccountExhibitorName": "[concat(variables('storageAccountBaseName'), 'exhb0')]",
40+
"storageAccountType": "Standard_LRS",
41+
{{if .HasStorageAccountDisks}}
42+
"maxVMsPerStorageAccount": 20,
43+
"maxStorageAccountsPerAgent": "[div(variables('maxVMsPerPool'),variables('maxVMsPerStorageAccount'))]",
44+
"dataStorageAccountPrefixSeed": 97,
45+
"storageAccountPrefixes": [ "0", "6", "c", "i", "o", "u", "1", "7", "d", "j", "p", "v", "2", "8", "e", "k", "q", "w", "3", "9", "f", "l", "r", "x", "4", "a", "g", "m", "s", "y", "5", "b", "h", "n", "t", "z" ],
46+
"storageAccountPrefixesCount": "[length(variables('storageAccountPrefixes'))]",
47+
{{GetSizeMap}},
48+
{{end}}
49+
{{if .HasManagedDisks}}
50+
"apiVersionStorageManagedDisks": "2016-04-30-preview",
51+
{{end}}
52+
{{if .MasterProfile.IsStorageAccount}}
4553
"masterStorageAccountName": "[concat(variables('storageAccountBaseName'), 'mstr0')]",
54+
{{end}}
4655
{{if .MasterProfile.IsCustomVNET}}
4756
"masterVnetSubnetID": "[parameters('masterVnetSubnetID')]",
4857
{{else}}
@@ -80,10 +89,6 @@
8089
"[parameters('location')]"
8190
],
8291
"location": "[variables('locations')[mod(add(2,length(parameters('location'))),add(1,length(parameters('location'))))]]",
83-
"storageAccountBaseName": "[uniqueString(concat(variables('masterEndpointDNSNamePrefix'),variables('location'),variables('orchestratorName')))]",
84-
"storageAccountPrefixes": [ "0", "6", "c", "i", "o", "u", "1", "7", "d", "j", "p", "v", "2", "8", "e", "k", "q", "w", "3", "9", "f", "l", "r", "x", "4", "a", "g", "m", "s", "y", "5", "b", "h", "n", "t", "z" ],
85-
"storageAccountPrefixesCount": "[length(variables('storageAccountPrefixes'))]",
86-
"storageAccountType": "Standard_LRS",
8792
{{if IsDCOS190}}
8893
"masterSshInboundNatRuleIdPrefix": "[concat(variables('masterLbID'),'/inboundNatRules/SSH-',variables('masterVMNamePrefix'))]",
8994
"masterSshPort22InboundNatRuleIdPrefix": "[concat(variables('masterLbID'),'/inboundNatRules/SSHPort22-',variables('masterVMNamePrefix'))]",

parts/kubernetesagentresourcesvmas.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
5151
"properties":
5252
{
53-
"platformFaultDomainCount": "3",
53+
"platformFaultDomainCount": "2",
5454
"platformUpdateDomainCount": "3",
5555
"managed" : "true"
5656
},

parts/kubernetesbase.t

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,16 +25,16 @@
2525
},
2626
"variables": {
2727
{{range $index, $agent := .AgentPoolProfiles}}
28+
"{{.Name}}Index": {{$index}},
2829
{{template "kubernetesagentvars.t" .}}
29-
{{if .HasDisks}}
30-
"{{.Name}}DataAccountName": "[concat(variables('storageAccountBaseName'), 'data{{$index}}')]",
30+
{{if .IsStorageAccount}}
31+
{{if .HasDisks}}
32+
"{{.Name}}DataAccountName": "[concat(variables('storageAccountBaseName'), 'data{{$index}}')]",
33+
{{end}}
34+
"{{.Name}}AccountName": "[concat(variables('storageAccountBaseName'), 'agnt{{$index}}')]",
3135
{{end}}
32-
"{{.Name}}Index": {{$index}},
33-
"{{.Name}}AccountName": "[concat(variables('storageAccountBaseName'), 'agnt{{$index}}')]",
3436
{{end}}
35-
{{template "kubernetesmastervars.t" .}},
36-
37-
{{GetSizeMap}}
37+
{{template "kubernetesmastervars.t" .}}
3838
},
3939
"resources": [
4040
{{range .AgentPoolProfiles}}

parts/kubernetesmasterresources.t

Lines changed: 41 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
1+
{{if .MasterProfile.IsManagedDisks}}
2+
{
3+
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
4+
"location": "[variables('location')]",
5+
"name": "[variables('masterAvailabilitySet')]",
6+
"properties":
7+
{
8+
"platformFaultDomainCount": "2",
9+
"platformUpdateDomainCount": "3",
10+
"managed" : "true"
11+
},
12+
"type": "Microsoft.Compute/availabilitySets"
13+
},
14+
{{else if .MasterProfile.IsStorageAccount}}
115
{
216
"apiVersion": "[variables('apiVersionDefault')]",
317
"location": "[variables('location')]",
@@ -17,6 +31,7 @@
1731
},
1832
"type": "Microsoft.Storage/storageAccounts"
1933
},
34+
{{end}}
2035
{{if not .MasterProfile.IsCustomVNET}}
2136
{
2237
"apiVersion": "[variables('apiVersionDefault')]",
@@ -351,15 +366,21 @@
351366
"type": "Microsoft.Network/networkInterfaces"
352367
},
353368
{
369+
{{if .MasterProfile.IsManagedDisks}}
370+
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
371+
{{else}}
354372
"apiVersion": "[variables('apiVersionDefault')]",
373+
{{end}}
355374
"copy": {
356375
"count": "[sub(variables('masterCount'), variables('masterOffset'))]",
357376
"name": "vmLoopNode"
358377
},
359378
"dependsOn": [
360-
"[concat('Microsoft.Network/networkInterfaces/', variables('masterVMNamePrefix'), 'nic-', copyIndex(variables('masterOffset')))]",
361-
"[concat('Microsoft.Compute/availabilitySets/',variables('masterAvailabilitySet'))]",
362-
"[variables('masterStorageAccountName')]"
379+
"[concat('Microsoft.Network/networkInterfaces/', variables('masterVMNamePrefix'), 'nic-', copyIndex(variables('masterOffset')))]"
380+
,"[concat('Microsoft.Compute/availabilitySets/',variables('masterAvailabilitySet'))]"
381+
{{if .MasterProfile.IsStorageAccount}}
382+
,"[variables('masterStorageAccountName')]"
383+
{{end}}
363384
],
364385
"tags":
365386
{
@@ -406,13 +427,15 @@
406427
"storageProfile": {
407428
"dataDisks": [
408429
{
409-
"createOption": "Empty",
410-
"diskSizeGB": "128",
411-
"lun": 0,
412-
"name": "[concat(variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')),'-etcddisk')]",
413-
"vhd": {
430+
"createOption": "Empty"
431+
,"diskSizeGB": "128"
432+
,"lun": 0
433+
{{if .MasterProfile.IsStorageAccount}}
434+
,"name": "[concat(variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')),'-etcddisk')]"
435+
,"vhd": {
414436
"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',variables('masterStorageAccountName')),variables('apiVersionStorage')).primaryEndpoints.blob,'vhds/', variables('masterVMNamePrefix'),copyIndex(variables('masterOffset')),'-etcddisk.vhd')]"
415437
}
438+
{{end}}
416439
}
417440
],
418441
"imageReference": {
@@ -422,15 +445,18 @@
422445
"version": "[variables('osImageVersion')]"
423446
},
424447
"osDisk": {
425-
"caching": "ReadWrite",
426-
"createOption": "FromImage",
427-
{{if ne .MasterProfile.OSDiskSizeGB 0}}
428-
"diskSizeGB": {{.MasterProfile.OSDiskSizeGB}},
429-
{{end}}
430-
"name": "[concat(variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')),'-osdisk')]",
431-
"vhd": {
448+
"caching": "ReadWrite"
449+
,"createOption": "FromImage"
450+
{{if .MasterProfile.IsStorageAccount}}
451+
,"name": "[concat(variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')),'-osdisk')]"
452+
,"vhd": {
432453
"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',variables('masterStorageAccountName')),variables('apiVersionStorage')).primaryEndpoints.blob,'vhds/',variables('masterVMNamePrefix'),copyIndex(variables('masterOffset')),'-osdisk.vhd')]"
433454
}
455+
{{end}}
456+
{{if ne .MasterProfile.OSDiskSizeGB 0}}
457+
,"diskSizeGB": {{.MasterProfile.OSDiskSizeGB}}
458+
{{end}}
459+
434460
}
435461
}
436462
},

parts/kubernetesmastervars.t

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
"maxVMsPerPool": 100,
2-
"maxVMsPerStorageAccount": 20,
3-
"maxStorageAccountsPerAgent": "[div(variables('maxVMsPerPool'),variables('maxVMsPerStorageAccount'))]",
42
"apiServerCertificate": "[parameters('apiServerCertificate')]",
53
"apiServerPrivateKey": "[parameters('apiServerPrivateKey')]",
64
"caCertificate": "[parameters('caCertificate')]",
@@ -33,18 +31,12 @@
3331
{{end}}
3432
"masterOffset": "[parameters('masterOffset')]",
3533
"apiVersionDefault": "2016-03-30",
36-
"apiVersionStorage": "2015-06-15",
37-
{{if .HasManagedDisks}}
38-
"apiVersionStorageManagedDisks": "2016-04-30-preview",
39-
{{end}}
4034
"locations": [
4135
"[resourceGroup().location]",
4236
"[parameters('location')]"
4337
],
4438
"location": "[variables('locations')[mod(add(2,length(parameters('location'))),add(1,length(parameters('location'))))]]",
4539
"masterAvailabilitySet": "[concat('master-availabilityset-', variables('nameSuffix'))]",
46-
"storageAccountBaseName": "[uniqueString(concat(variables('masterFqdnPrefix'),variables('location'),variables('orchestratorName')))]",
47-
"masterStorageAccountName": "[concat(variables('storageAccountBaseName'), 'mstr0')]",
4840
"nameSuffix": "[parameters('nameSuffix')]",
4941
"orchestratorName": "k8s",
5042
"osImageOffer": "UbuntuServer",
@@ -56,15 +48,29 @@
5648
"routeTableID": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]",
5749
"sshNatPorts": [22,2201,2202,2203,2204],
5850
"sshKeyPath": "[concat('/home/',variables('username'),'/.ssh/authorized_keys')]",
59-
"storageAccountBaseName": "[uniqueString(concat(variables('masterFqdnPrefix'),variables('location')))]",
51+
52+
{{if .HasStorageAccountDisks}}
53+
"apiVersionStorage": "2015-06-15",
54+
"maxVMsPerStorageAccount": 20,
55+
"maxStorageAccountsPerAgent": "[div(variables('maxVMsPerPool'),variables('maxVMsPerStorageAccount'))]",
56+
"dataStorageAccountPrefixSeed": 97,
6057
"storageAccountPrefixes": [ "0", "6", "c", "i", "o", "u", "1", "7", "d", "j", "p", "v", "2", "8", "e", "k", "q", "w", "3", "9", "f", "l", "r", "x", "4", "a", "g", "m", "s", "y", "5", "b", "h", "n", "t", "z" ],
6158
"storageAccountPrefixesCount": "[length(variables('storageAccountPrefixes'))]",
6259
"vmsPerStorageAccount": 20,
60+
"storageAccountBaseName": "[uniqueString(concat(variables('masterFqdnPrefix'),variables('location')))]",
61+
{{GetSizeMap}},
62+
{{else}}
63+
"storageAccountPrefixes": [],
64+
"storageAccountBaseName": "",
65+
{{end}}
66+
{{if .HasManagedDisks}}
67+
"apiVersionStorageManagedDisks": "2016-04-30-preview",
68+
{{end}}
69+
{{if .MasterProfile.IsStorageAccount}}
70+
"masterStorageAccountName": "[concat(variables('storageAccountBaseName'), 'mstr0')]",
71+
{{end}}
6372
"provisionScript": "{{GetKubernetesB64Provision}}",
6473
"orchestratorNameVersionTag": "{{.OrchestratorProfile.OrchestratorType}}:{{.OrchestratorProfile.OrchestratorVersion}}",
65-
{{if AnyAgentHasDisks}}
66-
"dataStorageAccountPrefixSeed": 97,
67-
{{end}}
6874
{{if IsVNETIntegrated}}
6975
"allocateNodeCidrs": false,
7076
{{else}}
@@ -188,4 +194,4 @@
188194
"agentWindowsVersion": "latest",
189195
"singleQuote": "'",
190196
"windowsCustomScriptSuffix": " $inputFile = '%SYSTEMDRIVE%\\AzureData\\CustomData.bin' ; $outputFile = '%SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.ps1' ; Copy-Item $inputFile $outputFile ; Invoke-Expression('{0} {1}' -f $outputFile, $arguments) ; "
191-
{{end}}
197+
{{end}}

parts/kuberneteswinagentresourcesvmas.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050
"apiVersion": "[variables('apiVersionStorageManagedDisks')]",
5151
"properties":
5252
{
53-
"platformFaultDomainCount": "3",
53+
"platformFaultDomainCount": "2",
5454
"platformUpdateDomainCount": "3",
5555
"managed" : "true"
5656
},

0 commit comments

Comments
 (0)