-
Notifications
You must be signed in to change notification settings - Fork 0
/
staticAgent.bicep
110 lines (97 loc) · 3.09 KB
/
staticAgent.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
@description('''A name must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character
and cannot have '--'. The length must not be more than 32 characters.''')
@maxLength(32)
param appName string
param environmentId string
@secure()
param azureDevOpsPat string = ''
param azureDevOpsOrgUrl string
param azureDevOpsAgentPoolName string
@description('The container image to use for the agent. Should be in format <registry>/<image>:<tag>')
param agentContainerImage string
param workloadProfileName string
param numberOfAgents int = 3
@description('Registry login server and the admin username')
param registryLoginServer string
param registryPullerIdentityResourceId string
param location string
var identityName = last(split(registryPullerIdentityResourceId, '/'))
var identityRg = split(registryPullerIdentityResourceId, '/')[4]
resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
name: identityName
scope: resourceGroup(identityRg)
}
var defaultSecrets = [
{
name: 'azure-devops-org-url'
value: azureDevOpsOrgUrl
}
{
name: 'azure-devops-agent-pool-name'
value: azureDevOpsAgentPoolName
}
]
var patSecret = {
name: 'azure-devops-pat'
value: azureDevOpsPat
}
var defaultEnvVar = [
{
name: 'AZP_URL'
secretRef: 'azure-devops-org-url'
}
{
name: 'AZP_POOL'
secretRef: 'azure-devops-agent-pool-name'
}
]
var patEnvVar = {
name: 'AZP_TOKEN'
secretRef: 'azure-devops-pat'
}
var managedIdentityEnvVar = {
// Adding this makes the agent use Managed identity tokens instead of PAT tokens if you follow the implementation described here: https://www.huuhka.net/azure-devops-agents-using-managed-identitites/
name: 'MANAGED_IDENTITY_OBJECT_ID'
value: userAssignedIdentity.properties.principalId
}
resource staticAgent 'Microsoft.App/containerApps@2023-05-02-preview' = { // containerApps instead of Jobs
name: '${replace(toLower(appName), '--', '-')}-static'
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${userAssignedIdentity.id}': {}
}
}
properties: {
environmentId: environmentId
workloadProfileName: workloadProfileName
configuration: {
secrets: azureDevOpsPat != '' ? union(defaultSecrets, array(patSecret)) : defaultSecrets
registries: [
{
server: registryLoginServer
identity: userAssignedIdentity.id
}
]
activeRevisionsMode: 'Single'
}
template: {
scale: { // When compared to Scale-to-Zero, we just statically set the values here.
minReplicas: numberOfAgents
maxReplicas: numberOfAgents
}
containers: [
{
name: 'devopsagent'
image: agentContainerImage
env: azureDevOpsPat != '' ? union(defaultEnvVar, array(patEnvVar)) : union(defaultEnvVar, array(managedIdentityEnvVar))
resources: {
cpu: any('1.25') // Need more than 1 core to enable 8GB of ephemeral storage
memory: '5.3Gi'
}
}
]
}
}
}