-
Notifications
You must be signed in to change notification settings - Fork 2
/
aci.tf
70 lines (61 loc) · 2.29 KB
/
aci.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
locals {
container_image = "${var.tailscale_ACR_repository}:${var.tailscale_image_tag}"
image_registry_username = var.container_source == "DockerHub" ? null : var.tailscale_ACR_repository_username
image_registry_password = var.container_source == "DockerHub" ? null : var.tailscale_ACR_repository_password
image_registry_server = var.container_source == "DockerHub" ? null : split("/", var.tailscale_ACR_repository)[0]
beta_container_image = {
"DockerHub" = "cocallaw/tailscale-sr:latest"
"ACR" = "${var.tailscale_ACR_repository}:${var.tailscale_image_tag}"
}
aci_cpu_cores = {
"small" = "1.0"
"medium" = "2.0"
"large" = "3.0"
}
aci_memory_size = {
"small" = "1.0"
"medium" = "2.0"
"large" = "4.0"
}
}
resource "azurerm_container_group" "containergroup" {
name = var.container_group_name
location = data.azurerm_virtual_network.vnet.location
resource_group_name = var.resource_group_name
ip_address_type = "Private"
os_type = "Linux"
subnet_ids = [data.azurerm_subnet.subnet.id]
container {
name = var.container_name
image = local.beta_container_image[var.container_source]
cpu = local.aci_cpu_cores[var.container_size]
memory = local.aci_memory_size[var.container_size]
ports {
port = 443
protocol = "TCP"
}
environment_variables = {
"TAILSCALE_HOSTNAME" = var.tailscale_hostname
"TAILSCALE_ADVERTISE_ROUTES" = var.tailscale_advertise_routes
"TAILSCALE_LOGIN_SERVER_PARAMETER" = var.tailscale_login_server_parameter
}
secure_environment_variables = {
"TAILSCALE_AUTH_KEY" = var.tailscale_auth_key
}
volume {
name = "tailscale-volume"
mount_path = "/var/lib/tailscale"
storage_account_name = azurerm_storage_account.aci_storage.name
storage_account_key = azurerm_storage_account.aci_storage.primary_access_key
share_name = azurerm_storage_share.aci_share.name
}
}
dynamic "image_registry_credential" {
for_each = var.container_source == "DockerHub" ? [] : [1]
content {
server = local.image_registry_server
username = local.image_registry_username
password = local.image_registry_password
}
}
}