$schema: "pipeline.schema.v1" serviceGroup: Microsoft.Azure.ARO.HCP.ClusterService rolloutName: Cluster Service Rollout resourceGroups: - name: '{{ .global.rg }}' subscription: '{{ .global.subscription }}' steps: - name: mirror-image action: Shell command: ../image-sync/on-demand/sync.sh dryRun: variables: - name: DRY_RUN value: "true" variables: - name: TARGET_ACR configRef: 'acr.svc.name' - name: SOURCE_REGISTRY configRef: clustersService.image.registry - name: REPOSITORY configRef: clustersService.image.repository - name: DIGEST configRef: clustersService.image.digest - name: PULL_SECRET_KV configRef: global.keyVault.name - name: PULL_SECRET configRef: imageSync.componentSync.pullSecretName - name: global-output action: ARM template: ../dev-infrastructure/templates/output-global.bicep parameters: ../dev-infrastructure/configurations/output-global.tmpl.bicepparam deploymentLevel: ResourceGroup outputOnly: true - name: '{{ .svc.rg }}' subscription: '{{ .svc.subscription }}' aksCluster: '{{ .svc.aks.name }}' steps: - name: deploy action: Shell command: make deploy dryRun: variables: - name: DRY_RUN value: "true" dependsOn: - mirror-image - global-output variables: - name: REGION configRef: region - name: RESOURCEGROUP configRef: svc.rg - name: AKS_NAME configRef: svc.aks.name - name: SERVICE_KV configRef: serviceKeyVault.name - name: OIDC_STORAGE_ACCOUNT configRef: oidcStorageAccountName - name: IMAGE_REPO configRef: clustersService.image.repository - name: IMAGE_DIGEST configRef: clustersService.image.digest - name: ACR_NAME configRef: acr.svc.name - name: OCP_ACR_NAME configRef: acr.ocp.name - name: AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID configRef: firstPartyAppClientId - name: FPA_CERT_NAME configRef: firstPartyAppCertificate.name - name: AZURE_MI_MOCK_SERVICE_PRINCIPAL_PRINCIPAL_ID configRef: miMockPrincipalId - name: AZURE_MI_MOCK_SERVICE_PRINCIPAL_CLIENT_ID configRef: miMockClientId - name: AZURE_ARM_HELPER_IDENTITY_CLIENT_ID configRef: armHelperClientId - name: AZURE_ARM_HELPER_MOCK_FPA_PRINCIPAL_ID configRef: armHelperFPAPrincipalId - name: MI_MOCK_SERVICE_PRINCIPAL_CERT_NAME configRef: miMockCertName - name: ARM_HELPER_CERT_NAME configRef: armHelperCertName - name: CX_PARENT_DNS_ZONE_NAME configRef: dns.cxParentZoneName - name: REGIONAL_DNS_SUBDOMAIN configRef: dns.regionalSubdomain - name: USE_AZURE_DB configRef: clustersService.postgres.deploy - name: DATABASE_SERVER_NAME configRef: clustersService.postgres.name - name: OP_CLUSTER_API_AZURE_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.clusterApiAzure.roleName - name: OP_CONTROL_PLANE_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.controlPlane.roleName - name: OP_CLOUD_CONTROLLER_MANAGER_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.cloudControllerManager.roleName - name: OP_INGRESS_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.ingress.roleName - name: OP_DISK_CSI_DRIVER_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.diskCsiDriver.roleName - name: OP_FILE_CSI_DRIVER_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.fileCsiDriver.roleName - name: OP_IMAGE_REGISTRY_DRIVER_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.imageRegistry.roleName - name: OP_CLOUD_NETWORK_CONFIG_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.cloudNetworkConfig.roleName - name: OP_KMS_ROLE_NAME configRef: clustersService.azureOperatorsManagedIdentities.kms.roleName - name: ISTO_TAG configRef: svc.istio.tag - name: MI_NAME configRef: clustersService.managedIdentityName - name: NAMESPACE configRef: clustersService.k8s.namespace - name: SERVICE_ACCOUNT_NAME configRef: clustersService.k8s.serviceAccountName - name: ENVIRONMENT configRef: clustersService.environment - name: OCP_ACR_RESOURCE_ID input: step: global-output name: ocpAcrResourceId - name: OCP_ACR_URL input: step: global-output name: ocpAcrLoginServer # this is maestro consumer registration stuff # this goes away when we have a real registration process - name: CONSUMER_NAME configRef: maestro.agent.consumerName - name: REGIONAL_RESOURCEGROUP configRef: regionRG - name: MGMT_RESOURCEGROUP configRef: mgmt.rg - name: CX_SECRETS_KV_NAME configRef: cxKeyVault.name - name: CX_MI_KV_NAME configRef: msiKeyVault.name - name: TRACING_ADDRESS configRef: clustersService.tracing.address - name: TRACING_EXPORTER configRef: clustersService.tracing.exporter