forked from microsoft/AzureTRE
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.sample.yaml
96 lines (83 loc) · 4.26 KB
/
config.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
# After you have replaced all the __CHANGE_ME__ values in this file, you need to
# run `make auth` to setup the Auth.
tre_id: __CHANGE_ME__
location: __CHANGE_ME__
management:
mgmt_resource_group_name: __CHANGE_ME__
mgmt_storage_account_name: __CHANGE_ME__
terraform_state_container_name: tfstate
acr_name: __CHANGE_ME__
# ID of external Key Vault to store CMKs in (only required if enable_cmk_encryption is true)
# external_key_store_id: __CHANGE_ME__
# Name of Key Vault for encryption keys, required only if enable_cmk_encryption is true and not using external_key_store_id
# encryption_kv_name: __CHANGE_ME__
# Azure Resource Manager credentials used for CI/CD pipelines
arm_subscription_id: __CHANGE_ME__
# If you want to override the currently signed in credentials
# You would do this if running commands like `make terraform-install DIR=./templates/workspaces/base`
# arm_tenant_id: __CHANGE_ME__
# arm_client_id: __CHANGE_ME__
# arm_client_secret: __CHANGE_ME__
tre:
# If your local machine/build agent cannot get the public IP
# address from https://ipecho.net/plain, then you can circumvent
# this by setting this Environment variable. This blockage can
# be caused by trying to deploy TRE in an Office environment where
# this website is blocked. This value is the public facing IP
# address of the deploying machine.
# public_deployment_ip_address: __CHANGE_ME__
core_address_space: 10.1.0.0/22
tre_address_space: 10.0.0.0/12
core_app_service_plan_sku: P1v2
resource_processor_vmss_sku: Standard_B2s
enable_swagger: true
enable_airlock_malware_scanning: true
# Set to true if want to ensure users have an email address before airlock request is created
# Used if rely on email notifications for governance purposes
# enable_airlock_email_check: true
# TODO: move to RP default with https://github.com/microsoft/AzureTRE/issues/2948
workspace_app_service_plan_sku: P1v2
# The TRE Web UI is deployed by default.
# Uncomment the following to disable deployment of the Web UI.
# deploy_ui: false
firewall_sku: Standard
app_gateway_sku: Standard_v2
# Uncomment to deploy to a custom domain
# custom_domain: __CHANGE_ME__
authentication:
aad_tenant_id: __CHANGE_ME__
# Setting AUTO_WORKSPACE_APP_REGISTRATION to false will:
# create an identity with `Application.ReadWrite.OwnedBy`.
# Setting AUTO_WORKSPACE_APP_REGISTRATION to true will:
# create an identity with `Application.ReadWrite.All` and `Directory.Read.All`.
# When this is true, create Workspaces will also create an AAD Application automatically.
# When this is false, the AAD Application will need creating manually.
auto_workspace_app_registration: true
# Setting AUTO_WORKSPACE_GROUP_CREATION to true will create an identity with `Group.ReadWrite.All`
auto_workspace_group_creation: false
resource_processor:
# The number of processes to start in the resource processor VMSS image
resource_processor_number_processes_per_instance: 5
# This setting provides a way to pass environment values to the resource processor
# to use as a source of bundle parameter values
# For example, to specify your image_gallery_id for use in VM user resources with custom VM images:
# yamllint disable-line rule:line-length
# rp_bundle_values: '{"custom_key_1":"custom_value_1","image_gallery_id":"/subscriptions/<subscription-id>/resourceGroups/<your-rg>/providers/Microsoft.Compute/galleries/<your-gallery-name>"}'
developer_settings:
# Locks will not be added to stateful resources so they can be easily removed
# stateful_resources_locked: false
# TRE Core Key Vault purge protection will be disabled so it can be reused upon deletion
# kv_purge_protection_enabled: false
# This setting will enable your local machine to be able to
# communicate with Service Bus and Cosmos. It will also allow deploying
# the base workspace.
# enable_local_debugging: true
# This setting enables customer-managed key encryption for all supported resources
# enable_cmk_encryption: true
# Used by the API and Resource processor application to change log level
# Can be "ERROR", "WARNING", "INFO", "DEBUG"
# logging_level: "INFO"
# If you want to use TRE_URL to point to your local TRE API instance or be configured to another cloud provider
# uncomment and set this variable
# tre_url: __CHANGE_ME__