mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-09-20 08:15:56 +00:00
13f973f61e
Add code of an azure function that is a close copy of the existing cloud function on google. The function spawns a CVM and initializes it as a GitHub runner. The tag is 'azure-cvm'.
237 lines
9.7 KiB
JSON
237 lines
9.7 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"instanceUid": {
|
|
"type": "string"
|
|
},
|
|
"customData": {
|
|
"type": "string"
|
|
},
|
|
"pubKey": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"variables": {
|
|
"virtualMachineName": "[concat('snp-value-reporter-', parameters('instanceUid'))]",
|
|
"osDiskName": "[concat(variables('virtualMachineName'), '-osdisk')]",
|
|
"vnetName": "[concat(variables('virtualMachineName'), '-vnet')]",
|
|
"nicName": "[concat(variables('virtualMachineName'), '-nic')]",
|
|
"nsgName": "[concat(variables('virtualMachineName'), '-nsg')]",
|
|
"subnetName": "[concat(variables('vnetName'), '/subnets/default')]",
|
|
"nicID": "[concat('/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/snp-value-reporting/providers/Microsoft.Network/networkInterfaces/', variables('nicName'))]",
|
|
"osDiskId": "[concat('/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/snp-value-reporting/providers/Microsoft.Compute/disks/', variables('osDiskName'))]",
|
|
"nsgId": "[concat('/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/snp-value-reporting/providers/Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]",
|
|
"subnetId": "[concat('/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/snp-value-reporting/providers/Microsoft.Network/virtualNetworks/', variables('subnetName'))]",
|
|
"imageId": "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/Providers/Microsoft.Compute/Locations/northeurope/Publishers/canonical/ArtifactTypes/VMImage/Offers/0001-com-ubuntu-confidential-vm-focal/Skus/20_04-lts-cvm/Versions/20.04.202208240"
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"apiVersion": "2020-11-01",
|
|
"name": "[variables('vnetName')]",
|
|
"location": "northeurope",
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"172.20.0.0/16"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"name": "default",
|
|
"properties": {
|
|
"addressPrefix": "172.20.0.0/24",
|
|
"delegations": [],
|
|
"privateEndpointNetworkPolicies": "Disabled",
|
|
"privateLinkServiceNetworkPolicies": "Enabled"
|
|
}
|
|
}
|
|
],
|
|
"virtualNetworkPeerings": [],
|
|
"enableDdosProtection": false
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Network/virtualNetworks/subnets",
|
|
"apiVersion": "2020-11-01",
|
|
"name": "[concat(variables('vnetName'), '/default')]",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
|
|
],
|
|
"properties": {
|
|
"addressPrefix": "172.20.0.0/24",
|
|
"delegations": [],
|
|
"privateEndpointNetworkPolicies": "Disabled",
|
|
"privateLinkServiceNetworkPolicies": "Enabled"
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Network/networkSecurityGroups",
|
|
"apiVersion": "2020-11-01",
|
|
"name": "[variables('nsgName')]",
|
|
"location": "northeurope",
|
|
"properties": {
|
|
"securityRules": [
|
|
{
|
|
"name": "SSH",
|
|
"properties": {
|
|
"protocol": "TCP",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "22",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 300,
|
|
"direction": "Inbound",
|
|
"sourcePortRanges": [],
|
|
"destinationPortRanges": [],
|
|
"sourceAddressPrefixes": [],
|
|
"destinationAddressPrefixes": []
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
|
|
"apiVersion": "2020-11-01",
|
|
"name": "[concat(variables('nsgName'), '/SSH')]",
|
|
"dependsOn": [
|
|
"[variables('nsgId')]"
|
|
],
|
|
"properties": {
|
|
"protocol": "TCP",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "22",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 300,
|
|
"direction": "Inbound",
|
|
"sourcePortRanges": [],
|
|
"destinationPortRanges": [],
|
|
"sourceAddressPrefixes": [],
|
|
"destinationAddressPrefixes": []
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Network/networkInterfaces",
|
|
"apiVersion": "2020-11-01",
|
|
"name": "[variables('nicName')]",
|
|
"dependsOn": [
|
|
"[variables('subnetId')]"
|
|
],
|
|
"location": "northeurope",
|
|
"properties": {
|
|
"ipConfigurations": [
|
|
{
|
|
"name": "ipconfig1",
|
|
"properties": {
|
|
"privateIPAddress": "172.20.0.4",
|
|
"privateIPAllocationMethod": "Dynamic",
|
|
"subnet": {
|
|
"id": "[variables('subnetID')]"
|
|
},
|
|
"primary": true,
|
|
"privateIPAddressVersion": "IPv4"
|
|
}
|
|
}
|
|
],
|
|
"dnsSettings": {
|
|
"dnsServers": []
|
|
},
|
|
"enableAcceleratedNetworking": false,
|
|
"enableIPForwarding": false,
|
|
"networkSecurityGroup": {
|
|
"id": "[variables('nsgId')]"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Compute/virtualMachines",
|
|
"apiVersion": "2022-03-01",
|
|
"name": "[variables('virtualMachineName')]",
|
|
"dependsOn": [
|
|
"[variables('nicID')]"
|
|
],
|
|
"identity": {
|
|
"type": "UserAssigned",
|
|
"userAssignedIdentities": {
|
|
"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/snp-value-reporting/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TokenAccess": {}
|
|
}
|
|
},
|
|
"location": "northeurope",
|
|
"zones": [
|
|
"3"
|
|
],
|
|
"properties": {
|
|
"hardwareProfile": {
|
|
"vmSize": "Standard_DC2as_v5"
|
|
},
|
|
"storageProfile": {
|
|
"imageReference": {
|
|
"publisher": "canonical",
|
|
"offer": "0001-com-ubuntu-confidential-vm-focal",
|
|
"sku": "20_04-lts-cvm",
|
|
"version": "latest"
|
|
},
|
|
"osDisk": {
|
|
"osType": "Linux",
|
|
"name": "[variables('osDiskName')]",
|
|
"createOption": "FromImage",
|
|
"caching": "ReadWrite",
|
|
"managedDisk": {
|
|
"securityProfile": {
|
|
"securityEncryptionType": "VMGuestStateOnly"
|
|
},
|
|
"storageAccountType": "Premium_LRS"
|
|
},
|
|
"deleteOption": "Delete"
|
|
},
|
|
"dataDisks": []
|
|
},
|
|
"osProfile": {
|
|
"computerName": "[variables('virtualMachineName')]",
|
|
"adminUsername": "azureuser",
|
|
"linuxConfiguration": {
|
|
"disablePasswordAuthentication": true,
|
|
"provisionVMAgent": true,
|
|
"patchSettings": {
|
|
"patchMode": "ImageDefault",
|
|
"assessmentMode": "ImageDefault"
|
|
},
|
|
"ssh": {
|
|
"publicKeys": [
|
|
{
|
|
"path": "/home/azureuser/.ssh/authorized_keys",
|
|
"keyData": "[parameters('pubKey')]"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"allowExtensionOperations": true,
|
|
"customData": "[parameters('customData')]"
|
|
},
|
|
"networkProfile": {
|
|
"networkInterfaces": [
|
|
{
|
|
"id": "[variables('nicID')]",
|
|
"properties": {
|
|
"deleteOption": "Delete"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"securityProfile": {
|
|
"uefiSettings": {
|
|
"secureBootEnabled": true,
|
|
"vTpmEnabled": true
|
|
},
|
|
"securityType": "ConfidentialVM"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|