Bootstraps the Azure Container App.
Will be used within the provisioned pipeline for your application depending on the options you chose.
Pipeline implementation for infrastructure relies on workspaces, you can pass in whatever workspace you want from {{ SELECT_DEPLOYMENT_TYPE }} pipeline YAML.
Azure Subscription
- Service Principal (SPN)
- Terraform will use this to perform the authentication for the API calls
- You will need the
client_id, subscription_id, client_secret, tenant_id
- Bash Example:
export ARM_CLIENT_ID=xxxx \ ARM_CLIENT_SECRET=yyyyy \ ARM_SUBSCRIPTION_ID=yyyyy \ ARM_TENANT_ID=yyyyy
- PowerShell Example:
$ARM_CLIENT_ID=xxxx $ARM_CLIENT_SECRET=yyyyy $ARM_SUBSCRIPTION_ID=yyyyy $ARM_TENANT_ID=yyyyy
Terraform Backend
- Resource group (can be manually created for the terraform remote state)
- Blob storage container within a storage account for the remote state management
- Ensure you have set up your
backend.tf
file within your root directory (where you are using this module) unless you wish your terraform state to remain local.- IMPORTANT: Ensure you are putting this in your .gitignore to ensure you are not passing sensitive values into your repositories!!
- Example TF Backend File:
terraform { backend "azurerm" { resource_group_name = "ResourceGroupName" # Name of the resource group that your storage account resides in. storage_account_name = "StorageAccountName" # Name of the storage account for your terraform state file. container_name = "tfstate" # What your container name within the storage account is called. key = "terraform.tfstate" # What your state output will be named. } }
To activate the terraform backend for running locally we need to initialise the SPN with env vars to ensure you are running the same way as the pipeline that will ultimately be running any incremental changes.
To get up and running locally you will want to create a terraform.tfvars
file.
Important: See the below instructions for more details on the content of your terraform.tfvars file and what the impact when running the module
For the most basic Azure Container App set up, use the below terraform.tfvars
set up.
- PowerShell Example:
# Define your variables
$TFVAR_CONTENTS = @'
create_rg = true
resource_group_name = "my-aca-rg"
location = "uksouth"
create_container_app_environment = true
container_app_environment_name = "my-aca-env"
create_container_app = true
container_app_name = "my-nginx-app"
container_app_containers = [
{
name = "nginx"
image = "nginx:latest"
cpu = 0.25
memory = "0.5Gi"
}
]
container_app_ingress_target_port = 80
container_app_ingress_external_enabled = true
container_app_container_max_replicas = 10
container_app_container_min_replicas = 1
'@
# Write the content to a file
$TFVAR_CONTENTS | Set-Content -Path "terraform.tfvars"
- Bash Example:
# Define your variables
TFVAR_CONTENTS='''
create_rg = true
resource_group_name = "my-aca-rg"
location = "uksouth"
create_container_app_environment = true
container_app_environment_name = "my-aca-env"
create_container_app = true
container_app_name = "my-nginx-app"
container_app_containers = [
{
name = "nginx"
image = "nginx:latest"
cpu = 0.25
memory = "0.5Gi"
}
]
container_app_ingress_target_port = 80
container_app_ingress_external_enabled = true
container_app_container_max_replicas = 5
container_app_container_min_replicas = 1
'''
# Write the content to a file
$TFVAR_CONTENTS > terraform.tfvars
- Ensure you are running the below terminal commands in the directory that contain the files you wish to emulate within the container.
Then you can initialize your container (if you wish to use containers, ensure you have docker desktop)
- Bash Example
docker run -it --rm -v $(pwd):/opt/tf-lib amidostacks/ci-tf:latest /bin/bash
- PowerShell Example
docker run -it --rm -v ${PWD}:/app amidostacks/runner-pwsh:0.4.60-stable pwsh
-
Bash Example:
export ARM_CLIENT_ID=xxxx \ ARM_CLIENT_SECRET=yyyyy \ ARM_SUBSCRIPTION_ID=yyyyy \ ARM_TENANT_ID=yyyyy
-
PowerShell Example:
$ARM_CLIENT_ID=xxxx $ARM_CLIENT_SECRET=yyyyy $ARM_SUBSCRIPTION_ID=yyyyy $ARM_TENANT_ID=yyyyy
-
Az CLI Example:
az login
terraform init # To initialize terraform backend, and pull down required modules.
terraform plan # To check against your state file to see what is required to add to your environment.
terraform apply # To plan and apply your configuration changes to your environment.
Name | Version |
---|---|
terraform | >= 0.13 |
azurerm | ~> 3.108.0 |
Name | Version |
---|---|
azurerm | 3.108.0 |
No modules.
Name | Type |
---|---|
azurerm_container_app.container_app | resource |
azurerm_container_app_environment.container_app_env | resource |
azurerm_resource_group.container_group_rg | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
container_app_container_max_replicas | (Optional) The maximum number of replicas for the containers. | number |
null |
no |
container_app_container_min_replicas | (Optional) The minimum number of replicas for the containers. | number |
null |
no |
container_app_container_revision_suffix | The revision suffix for the containers | string |
null |
no |
container_app_container_volumes | Set of volumes for the Containers | set(object({ |
[] |
no |
container_app_containers | Set of containers for the Container App | set(object({ |
[] |
no |
container_app_environment_id | The ID of the Container App Environment | string |
null |
no |
container_app_environment_infrastructure_subnet_id | (Optional) The existing subnet to use for the container apps control plane. Changing this forces a new resource to be created. | string |
null |
no |
container_app_environment_internal_load_balancer_enabled | (Optional) Should the Container Environment operate in Internal Load Balancing Mode? Defaults to false . Changing this forces a new resource to be created. |
bool |
null |
no |
container_app_environment_name | Name of your Azure Container App Environment | string |
null |
no |
container_app_environment_zone_redundancy_enabled | (Optional) Should the Container App Environment be created with Zone Redundancy enabled? Defaults to false . Can only be set to true if infrastructure_subnet_id is specified. |
bool |
null |
no |
container_app_identity | The identity configuration for the Container App | object({ |
null |
no |
container_app_ingress_allow_insecure_connections | (Optional) Allow insecure connections for the ingress. Defaults to false. | bool |
false |
no |
container_app_ingress_exposed_port | (Optional) The exposed port on the container for the Ingress traffic.It can only be specified when transport is set to tcp | number |
null |
no |
container_app_ingress_external_enabled | (Optional) Enable external ingress from outside the Container App Environment. Defaults to false. | bool |
false |
no |
container_app_ingress_ip_security_restrictions | (Optional) List of IP security restrictions for the ingress. Each restriction can apply to multiple IP addresses or ranges. The action types in an all ip_security_restriction blocks must be the same for the ingress, mixing Allow and Deny rules is not currently supported by the service. | list(object({ |
[] |
no |
container_app_ingress_target_port | The target port on the container for the Ingress traffic. All Ingress setting can be enabled when this is specified | number |
null |
no |
container_app_ingress_traffic_weight_label | (Optional) The label to apply to the revision as a name prefix for routing traffic. | string |
null |
no |
container_app_ingress_traffic_weight_latest_revision | (Optional) Use the latest revision for traffic weight. Defaults to true. | bool |
true |
no |
container_app_ingress_traffic_weight_percentage | The percentage of traffic weight for the ingress. Defaults to 100. The percentage of traffic which should be sent this revision | number |
100 |
no |
container_app_ingress_traffic_weight_revision_suffix | (Optional) The suffix string to which this traffic_weight applies. | string |
null |
no |
container_app_ingress_transport | (Optional) The transport method for the Ingress. Possible values are auto, http, http2 and tcp. Defaults to auto. | string |
null |
no |
container_app_init_containers | Set of init containers for the Container App | set(object({ |
[] |
no |
container_app_name | The name of the Container App | string |
null |
no |
container_app_registry | The registry configuration for the Container App | object({ |
null |
no |
container_app_revision_mode | The revision mode of the Container App. Possible values include Single and Multiple |
string |
"Single" |
no |
container_app_secrets | The secrets configuration for the Container App | list(object({ |
null |
no |
container_app_workload_profile_name | (Optional) The name of the Workload Profile in the Container App Environment to place this Container App | string |
null |
no |
create_container_app | Set value whether to create Container Apps or not. | bool |
false |
no |
create_container_app_environment | Set value whether to create a Container App Environment or not. | bool |
false |
no |
create_rg | Set value whether to create a Resource group or not. | bool |
true |
no |
location | The location of the resource group | string |
n/a | yes |
log_analytics_workspace_id | (Optional) The ID for the Log Analytics Workspace to link this Container Apps Managed Environment to. Changing this forces a new resource to be created. | string |
null |
no |
resource_group_name | The name of the resource group | string |
n/a | yes |
resource_tags | Map of tags to be applied to all resources created as part of this module | map(string) |
{} |
no |
workload_profiles | List of workload profiles to be created in the Container App Environment. Workload profile type for the workloads to run on. Possible values include Consumption , D4 , D8 , D16 , D32 , E4 , E8 , E16 and E32 . |
list(object({ |
[] |
no |
Name | Description |
---|---|
container_app_environment_id | The ID of the created Container Apps Environment |
container_app_environment_name | The name of the created Container Apps Environment |
container_app_fqdn | The FQDN of the created Container App |
container_app_id | The ID of the created Container App |
container_app_name | The name of the created Container App |
container_rg_name | The name of the created RG |