Created
November 6, 2025 15:14
-
-
Save deads2k/0d9e6b5039ebe175794f308fc9a63605 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "metadata": { | |
| "_generator": { | |
| "name": "bicep", | |
| "version": "0.36.1.42791", | |
| "templateHash": "3809264707643362694" | |
| } | |
| }, | |
| "parameters": { | |
| "clusterName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Name of the hypershift cluster" | |
| } | |
| }, | |
| "managedResourceGroupName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The Hypershift cluster managed resource group name" | |
| } | |
| }, | |
| "nsgName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The Network security group name for the hcp cluster resources" | |
| } | |
| }, | |
| "vnetName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The virtual network name for the hcp cluster resources" | |
| } | |
| }, | |
| "subnetName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The subnet name for deploying hcp cluster resources." | |
| } | |
| }, | |
| "keyVaultName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The KeyVault name that contains the encryption key" | |
| } | |
| } | |
| }, | |
| "variables": { | |
| "etcdEncryptionKeyName": "etcd-data-kms-encryption-key", | |
| "randomSuffix": "[toLower(uniqueString(parameters('clusterName')))]", | |
| "readerRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", | |
| "hcpClusterApiProviderRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '88366f10-ed47-4cc0-9fab-c8a06148393e')]", | |
| "keyVaultCryptoUserRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')]", | |
| "hcpControlPlaneOperatorRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fc0c873f-45e9-4d0d-a7d1-585aab30c6ed')]", | |
| "cloudControllerManagerRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a1f96423-95ce-4224-ab27-4e3dc72facd4')]", | |
| "ingressOperatorRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0336e1d3-7a87-462b-b6db-342b63f7802c')]", | |
| "fileStorageOperatorRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0d7aedc0-15fd-4a67-a412-efad370c947e')]", | |
| "networkOperatorRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'be7a6435-15ae-4171-8f30-4a343eff9e8f')]", | |
| "federatedCredentialsRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ef318e2a-8334-4a05-9e4a-295a196c6a6e')]", | |
| "hcpServiceManagedIdentityRoleId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c0ff367d-66d8-445e-917c-583feb0ef0d4')]" | |
| }, | |
| "resources": [ | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpClusterApiProviderRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpClusterApiProviderRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('keyVaultCryptoUserRoleId'), resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('keyVaultCryptoUserRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('vnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpControlPlaneOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpControlPlaneOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('nsgName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpControlPlaneOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpControlPlaneOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('cloudControllerManagerRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('cloudControllerManagerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('nsgName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('cloudControllerManagerRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('cloudControllerManagerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('ingressOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('ingressOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('fileStorageOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('nsgName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('fileStorageOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('networkOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('networkOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('vnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('networkOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('networkOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('readerRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId'))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('federatedCredentialsRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId'))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('federatedCredentialsRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('fileStorageOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('nsgName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('fileStorageOperatorRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId'))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('federatedCredentialsRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.ManagedIdentity/userAssignedIdentities", | |
| "apiVersion": "2023-01-31", | |
| "name": "[format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))]", | |
| "location": "[resourceGroup().location]" | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('vnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpServiceManagedIdentityRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('vnetName'), parameters('subnetName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpServiceManagedIdentityRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.Authorization/roleAssignments", | |
| "apiVersion": "2022-04-01", | |
| "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('nsgName'))]", | |
| "name": "[guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')))]", | |
| "properties": { | |
| "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), '2023-01-31').principalId]", | |
| "principalType": "ServicePrincipal", | |
| "roleDefinitionId": "[variables('hcpServiceManagedIdentityRoleId')]" | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| ] | |
| }, | |
| { | |
| "type": "Microsoft.RedHatOpenShift/hcpOpenShiftClusters", | |
| "apiVersion": "2024-06-10-preview", | |
| "name": "[parameters('clusterName')]", | |
| "location": "[resourceGroup().location]", | |
| "properties": { | |
| "version": { | |
| "id": "4.19", | |
| "channelGroup": "stable" | |
| }, | |
| "dns": {}, | |
| "network": { | |
| "networkType": "OVNKubernetes", | |
| "podCidr": "10.128.0.0/14", | |
| "serviceCidr": "172.30.0.0/16", | |
| "machineCidr": "10.0.0.0/16", | |
| "hostPrefix": 23 | |
| }, | |
| "console": {}, | |
| "etcd": { | |
| "dataEncryption": { | |
| "keyManagementMode": "CustomerManaged", | |
| "customerManaged": { | |
| "encryptionType": "KMS", | |
| "kms": { | |
| "activeKey": { | |
| "vaultName": "[parameters('keyVaultName')]", | |
| "name": "[variables('etcdEncryptionKeyName')]", | |
| "version": "[last(split(reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), variables('etcdEncryptionKeyName')), '2024-12-01-preview').keyUriWithVersion, '/'))]" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "api": { | |
| "visibility": "Public" | |
| }, | |
| "clusterImageRegistry": { | |
| "state": "Enabled" | |
| }, | |
| "platform": { | |
| "managedResourceGroup": "[parameters('managedResourceGroupName')]", | |
| "subnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]", | |
| "outboundType": "LoadBalancer", | |
| "networkSecurityGroupId": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]", | |
| "operatorsAuthentication": { | |
| "userAssignedIdentities": { | |
| "controlPlaneOperators": { | |
| "cluster-api-azure": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "control-plane": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "cloud-controller-manager": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "ingress": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "disk-csi-driver": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "file-csi-driver": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "image-registry": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "cloud-network-config": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "kms": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| }, | |
| "dataPlaneOperators": { | |
| "disk-csi-driver": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "file-csi-driver": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "image-registry": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| }, | |
| "serviceManagedIdentity": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]" | |
| } | |
| } | |
| } | |
| }, | |
| "identity": { | |
| "type": "UserAssigned", | |
| "userAssignedIdentities": { | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {}, | |
| "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))))]": {} | |
| } | |
| }, | |
| "dependsOn": [ | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('cloudControllerManagerRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('cloudControllerManagerRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId')))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-dp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('federatedCredentialsRoleId')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('fileStorageOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpClusterApiProviderRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpControlPlaneOperatorRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpControlPlaneOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('ingressOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('keyVaultCryptoUserRoleId'), resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('networkOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('networkOperatorRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))))]", | |
| "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix')))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-controller-manager-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cloud-network-config-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-cluster-api-azure-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-control-plane-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-disk-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-file-csi-driver-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-image-registry-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-ingress-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix'))), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('readerRoleId'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-cp-kms-{1}', parameters('clusterName'), variables('randomSuffix')))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))))]", | |
| "[extensionResourceId(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), 'Microsoft.Authorization/roleAssignments', guid(resourceGroup().id, resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-service-managed-identity-{1}', parameters('clusterName'), variables('randomSuffix'))), variables('hcpServiceManagedIdentityRoleId'), resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))))]" | |
| ] | |
| } | |
| ] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| asdf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment