Skip to content

Commit d2bf7e0

Browse files
stevekuznetsovstevekuznetsov
authored
Merge pull request #4165 from Azure/skuznets/use-execution-constraint-global
global-pipeline: add an execution constraint
2 parents 61de61e + 4225ac3 commit d2bf7e0

File tree

1 file changed

+40
-21
lines changed

1 file changed

+40
-21
lines changed

dev-infrastructure/global-pipeline.yaml

Lines changed: 40 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,28 @@ buildStep:
1717
- ../tooling/grafanactl
1818
- bundle
1919
resourceGroups:
20-
- name: global
20+
- name: singleton
2121
resourceGroup: '{{ .global.rg }}'
2222
subscription: '{{ .global.subscription.key }}'
23+
executionConstraints:
24+
- clouds:
25+
- public
26+
environments:
27+
- int
28+
regions:
29+
- uksouth
30+
- clouds:
31+
- public
32+
environments:
33+
- stg
34+
regions:
35+
- uksouth
36+
- clouds:
37+
- public
38+
environments:
39+
- prod
40+
regions:
41+
- eastus2euap
2342
steps:
2443
- name: infra
2544
action: ARM
@@ -33,7 +52,7 @@ resourceGroups:
3352
deploymentLevel: ResourceGroup
3453
outputOnly: true
3554
dependsOn:
36-
- resourceGroup: global
55+
- resourceGroup: singleton
3756
step: infra
3857
- name: global-kv-private-issuer
3958
action: SetCertificateIssuer
@@ -45,7 +64,7 @@ resourceGroups:
4564
configRef: ev2.assistedId.applicationId
4665
vaultBaseUrl:
4766
input:
48-
resourceGroup: global
67+
resourceGroup: singleton
4968
step: output
5069
name: globalKeyVaultUrl
5170
issuer:
@@ -60,7 +79,7 @@ resourceGroups:
6079
configRef: ev2.assistedId.applicationId
6180
vaultBaseUrl:
6281
input:
63-
resourceGroup: global
82+
resourceGroup: singleton
6483
step: output
6584
name: genevaActionKeyVaultUrl
6685
issuer:
@@ -71,9 +90,9 @@ resourceGroups:
7190
parameters: configurations/geneva-identities.tmpl.bicepparam
7291
deploymentLevel: ResourceGroup
7392
dependsOn:
74-
- resourceGroup: global
93+
- resourceGroup: singleton
7594
step: global-kv-private-issuer
76-
- resourceGroup: global
95+
- resourceGroup: singleton
7796
step: geneva-kv-private-issuer
7897
- name: housekeeping
7998
action: Shell
@@ -88,21 +107,21 @@ resourceGroups:
88107
configRef: global.rg
89108
shellIdentity:
90109
input:
91-
resourceGroup: global
110+
resourceGroup: singleton
92111
step: output
93112
name: globalMSIId
94113
dependsOn:
95-
- resourceGroup: global
114+
- resourceGroup: singleton
96115
step: infra
97116
- name: grafana-dashboards
98117
action: Shell
99118
omitFromServiceGroupCompletion: true
100119
command: ./grafanactl sync dashboards --subscription=${SUBSCRIPTION_ID} --resource-group=${GLOBAL_RESOURCEGROUP} --grafana-name=${GRAFANA_NAME} --config-file=./observability.yaml
101120
workingDir: ../tooling/grafanactl
102121
dependsOn:
103-
- resourceGroup: global
122+
- resourceGroup: singleton
104123
step: housekeeping
105-
- resourceGroup: global
124+
- resourceGroup: singleton
106125
step: output
107126
dryRun:
108127
command: ./grafanactl sync dashboards --subscription=${SUBSCRIPTION_ID} --resource-group=${GLOBAL_RESOURCEGROUP} --grafana-name=${GRAFANA_NAME} --config-file=./observability.yaml --dry-run
@@ -113,12 +132,12 @@ resourceGroups:
113132
configRef: global.rg
114133
- name: SUBSCRIPTION_ID
115134
input:
116-
resourceGroup: global
135+
resourceGroup: singleton
117136
step: output
118137
name: subscriptionId
119138
shellIdentity:
120139
input:
121-
resourceGroup: global
140+
resourceGroup: singleton
122141
step: output
123142
name: globalMSIId
124143
# creates DNS delegation for the ARO HCP global SVC zone
@@ -135,7 +154,7 @@ resourceGroups:
135154
dstsHost:
136155
configRef: ev2.assistedId.dstsHost
137156
dependsOn:
138-
- resourceGroup: global
157+
- resourceGroup: singleton
139158
step: infra
140159
# creates DNS delegation for the ARO HCP global CX zone
141160
- name: cxChildZone
@@ -151,7 +170,7 @@ resourceGroups:
151170
dstsHost:
152171
configRef: ev2.assistedId.dstsHost
153172
dependsOn:
154-
- resourceGroup: global
173+
- resourceGroup: singleton
155174
step: infra
156175
# create global ARO HCP ACRs for OCP and SVC images
157176
- name: acrs
@@ -160,7 +179,7 @@ resourceGroups:
160179
parameters: configurations/global-acr.tmpl.bicepparam
161180
deploymentLevel: ResourceGroup
162181
dependsOn:
163-
- resourceGroup: global
182+
- resourceGroup: singleton
164183
step: infra
165184
# ingests secrets into the global KV
166185
- name: decrypt-and-ingest-secrets
@@ -169,10 +188,10 @@ resourceGroups:
169188
configurationFile: 'data/encryptedsecrets.yaml'
170189
encryptionKey: 'secretSyncKey'
171190
dependsOn:
172-
- resourceGroup: global
191+
- resourceGroup: singleton
173192
step: infra
174193
identityFrom:
175-
resourceGroup: global
194+
resourceGroup: singleton
176195
step: output
177196
name: globalMSIId
178197
# mirror oc-mirror image
@@ -191,13 +210,13 @@ resourceGroups:
191210
pullSecretName:
192211
configRef: imageSync.ondemandSync.pullSecretName
193212
dependsOn:
194-
- resourceGroup: global
213+
- resourceGroup: singleton
195214
step: acrs
196-
- resourceGroup: global
215+
- resourceGroup: singleton
197216
step: decrypt-and-ingest-secrets
198217
shellIdentity:
199218
input:
200-
resourceGroup: global
219+
resourceGroup: singleton
201220
step: output
202221
name: globalMSIId
203222
automatedRetry:
@@ -212,5 +231,5 @@ resourceGroups:
212231
parameters: configurations/global-image-sync.tmpl.bicepparam
213232
deploymentLevel: ResourceGroup
214233
dependsOn:
215-
- resourceGroup: global
234+
- resourceGroup: singleton
216235
step: mirror-oc-mirror-image

0 commit comments

Comments
 (0)