From b9a7fcd9430499bf9ac42d6b2c1d30c5a00ca044 Mon Sep 17 00:00:00 2001 From: trapeznikov Date: Wed, 6 Sep 2023 15:25:27 -0400 Subject: [PATCH 1/6] add container app module --- .github/workflows/standalone-compute.json | 3 + container_app.tf | 27 ++ container_app_dapr_component.tf | 15 + container_app_environment.tf | 21 ++ container_app_environment_certificate.tf | 15 + container_app_environment_storage.tf | 18 ++ .../configuration.tfvars | 52 ++++ .../configuration.tfvars | 86 ++++++ .../configuration.tfvars | 270 ++++++++++++++++++ examples/module.tf | 55 ++-- locals.combined_objects.tf | 3 + locals.tf | 55 ++-- .../compute/container_app/container_app.tf | 209 ++++++++++++++ modules/compute/container_app/locals.tf | 17 ++ modules/compute/container_app/main.tf | 26 ++ modules/compute/container_app/output.tf | 15 + modules/compute/container_app/variables.tf | 20 ++ .../container_app_dapr_component.tf | 28 ++ .../container_app_dapr_component/main.tf | 7 + .../container_app_dapr_component/output.tf | 3 + .../container_app_dapr_component/variables.tf | 8 + .../container_app_environment.tf | 19 ++ .../compute/container_app_environment/main.tf | 26 ++ .../container_app_environment/output.tf | 23 ++ .../container_app_environment/variables.tf | 20 ++ .../container_app_environment_certificate.tf | 7 + .../main.tf | 22 ++ .../output.tf | 15 + .../variables.tf | 8 + .../container_app_environment_storage.tf | 8 + .../container_app_environment_storage/main.tf | 7 + .../output.tf | 3 + .../variables.tf | 16 ++ 33 files changed, 1077 insertions(+), 50 deletions(-) create mode 100644 container_app.tf create mode 100644 container_app_dapr_component.tf create mode 100644 container_app_environment.tf create mode 100644 container_app_environment_certificate.tf create mode 100644 container_app_environment_storage.tf create mode 100644 examples/compute/container_app/101-simple-container-app-env/configuration.tfvars create mode 100644 examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars create mode 100644 examples/compute/container_app/103-private-container-app-env/configuration.tfvars create mode 100644 modules/compute/container_app/container_app.tf create mode 100644 modules/compute/container_app/locals.tf create mode 100644 modules/compute/container_app/main.tf create mode 100644 modules/compute/container_app/output.tf create mode 100644 modules/compute/container_app/variables.tf create mode 100644 modules/compute/container_app_dapr_component/container_app_dapr_component.tf create mode 100644 modules/compute/container_app_dapr_component/main.tf create mode 100644 modules/compute/container_app_dapr_component/output.tf create mode 100644 modules/compute/container_app_dapr_component/variables.tf create mode 100644 modules/compute/container_app_environment/container_app_environment.tf create mode 100644 modules/compute/container_app_environment/main.tf create mode 100644 modules/compute/container_app_environment/output.tf create mode 100644 modules/compute/container_app_environment/variables.tf create mode 100644 modules/compute/container_app_environment_certificate/container_app_environment_certificate.tf create mode 100644 modules/compute/container_app_environment_certificate/main.tf create mode 100644 modules/compute/container_app_environment_certificate/output.tf create mode 100644 modules/compute/container_app_environment_certificate/variables.tf create mode 100644 modules/compute/container_app_environment_storage/container_app_environment_storage.tf create mode 100644 modules/compute/container_app_environment_storage/main.tf create mode 100644 modules/compute/container_app_environment_storage/output.tf create mode 100644 modules/compute/container_app_environment_storage/variables.tf diff --git a/.github/workflows/standalone-compute.json b/.github/workflows/standalone-compute.json index 8a3692d4da..2a777d8291 100644 --- a/.github/workflows/standalone-compute.json +++ b/.github/workflows/standalone-compute.json @@ -9,6 +9,9 @@ "compute/batch/batch_account/100-batch-account", "compute/batch/batch_account/200-batch-account-private-endpoint", "compute/batch/batch_application/100-batch-application", + "compute/container_app/101-simple-container-app-env", + "compute/container_app/102-simple-private-container-app-env", + "compute/container_app/103-private-container-app-env", "compute/container_groups/100-aci-rover-github-runner", "compute/container_groups/101-aci-nginx", "compute/container_registry/100-simple-acr", diff --git a/container_app.tf b/container_app.tf new file mode 100644 index 0000000000..ef0cd453d8 --- /dev/null +++ b/container_app.tf @@ -0,0 +1,27 @@ +module "container_app" { + source = "./modules/compute/container_app" + for_each = local.compute.container_app + + location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location + resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] + resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name + base_tags = local.global_settings.inherit_tags + container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id + client_config = local.client_config + combined_diagnostics = local.combined_diagnostics + diagnostic_profiles = try(each.value.diagnostic_profiles, {}) + diagnostics = local.combined_diagnostics + combined_resources = { + keyvaults = local.combined_objects_keyvaults + managed_identities = local.combined_objects_managed_identities + container_app_environment_certificates = local.container_app_environment_certificates + container_app_environment_storage = local.container_app_environment_storage + } + global_settings = local.global_settings + settings = each.value +} + +output "container_app" { + value = module.container_app +} + diff --git a/container_app_dapr_component.tf b/container_app_dapr_component.tf new file mode 100644 index 0000000000..4db85cc046 --- /dev/null +++ b/container_app_dapr_component.tf @@ -0,0 +1,15 @@ +module "container_app_dapr_component" { + source = "./modules/compute/container_app_dapr_component" + for_each = local.compute.container_app_dapr_component + + base_tags = local.global_settings.inherit_tags + container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id + client_config = local.client_config + global_settings = local.global_settings + settings = each.value +} + +output "container_app_dapr_component" { + value = module.container_app_dapr_component +} + diff --git a/container_app_environment.tf b/container_app_environment.tf new file mode 100644 index 0000000000..1a466bcc49 --- /dev/null +++ b/container_app_environment.tf @@ -0,0 +1,21 @@ +module "container_app_environment" { + source = "./modules/compute/container_app_environment" + for_each = local.compute.container_app_environment + + location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location + resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] + resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name + base_tags = local.global_settings.inherit_tags + subnet_id = can(each.value.subnet_id) ? each.value.subnet_id : try(local.combined_objects_networking[try(each.value.vnet.lz_key, local.client_config.landingzone_key)][each.value.vnet.vnet_key].subnets[each.value.vnet.subnet_key].id, null) + client_config = local.client_config + combined_diagnostics = local.combined_diagnostics + diagnostic_profiles = try(each.value.diagnostic_profiles, {}) + diagnostics = local.combined_diagnostics + global_settings = local.global_settings + settings = each.value +} + +output "container_app_environment" { + value = module.container_app_environment +} + diff --git a/container_app_environment_certificate.tf b/container_app_environment_certificate.tf new file mode 100644 index 0000000000..aa4497d279 --- /dev/null +++ b/container_app_environment_certificate.tf @@ -0,0 +1,15 @@ +module "container_app_environment_certificate" { + source = "./modules/compute/container_app_environment_certificate" + for_each = local.compute.container_app_environment_certificate + + base_tags = local.global_settings.inherit_tags + container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id + client_config = local.client_config + global_settings = local.global_settings + settings = each.value +} + +output "container_app_environment_certificate" { + value = module.container_app_environment_certificate +} + diff --git a/container_app_environment_storage.tf b/container_app_environment_storage.tf new file mode 100644 index 0000000000..9220d61f5d --- /dev/null +++ b/container_app_environment_storage.tf @@ -0,0 +1,18 @@ +module "container_app_environment_storage" { + source = "./modules/compute/container_app_environment_storage" + for_each = local.compute.container_app_environment_storage + + base_tags = local.global_settings.inherit_tags + container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id + client_config = local.client_config + global_settings = local.global_settings + combined_resources = { + storage_accounts = local.combined_objects_storage_accounts + } + settings = each.value +} + +output "container_app_environment_storage" { + value = module.container_app_environment_storage +} + diff --git a/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars b/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars new file mode 100644 index 0000000000..08dd21a4d0 --- /dev/null +++ b/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars @@ -0,0 +1,52 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "canadacentral" + } +} + +resource_groups = { + rg1 = { + name = "container-app-001" + region = "region1" + } +} + +diagnostic_log_analytics = { + central_logs_region1 = { + region = "region1" + name = "logs" + resource_group_key = "rg1" + } +} + +container_app_environment = { + cae1 = { + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" + } +} + +container_app = { + ca1 = { + name = "nginx-app" + container_app_environment_key = "cae1" + resource_group_key = "rg1" + + revision_mode = "Single" + template = { + container = { + cont1 = { + name = "nginx" + image = "nginx:latest" + cpu = 0.5 + memory = "1Gi" + } + } + min_replicas = 1 + max_replicas = 1 + } + } +} diff --git a/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars b/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars new file mode 100644 index 0000000000..c5156fe407 --- /dev/null +++ b/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars @@ -0,0 +1,86 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "canadacentral" + } +} + +resource_groups = { + rg1 = { + name = "container-app-001" + region = "region1" + } +} + +diagnostic_log_analytics = { + central_logs_region1 = { + region = "region1" + name = "logs" + resource_group_key = "rg1" + } +} + +vnets = { + cae_re1 = { + resource_group_key = "rg1" + region = "region1" + vnet = { + name = "container-app-network" + address_space = ["100.64.0.0/20"] + } + specialsubnets = {} + subnets = { + cae1 = { + name = "container-app-snet" + cidr = ["100.64.0.0/21"] + nsg_key = "empty_nsg" + } + } + + } +} + +network_security_group_definition = { + # This entry is applied to all subnets with no NSG defined + empty_nsg = {} +} + +container_app_environment = { + cae1 = { + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" + vnet = { + vnet_key = "cae_re1" + subnet_key = "cae1" + } + internal_load_balancer_enabled = true + + tags = { + environment = "testing" + } + } +} + +container_app = { + ca1 = { + name = "nginx-app" + container_app_environment_key = "cae1" + resource_group_key = "rg1" + + revision_mode = "Single" + template = { + container = { + cont1 = { + name = "nginx" + image = "nginx:latest" + cpu = 0.5 + memory = "1Gi" + } + } + min_replicas = 1 + max_replicas = 1 + } + } +} diff --git a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars new file mode 100644 index 0000000000..2b5ecaca41 --- /dev/null +++ b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars @@ -0,0 +1,270 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "canadacentral" + } +} + +resource_groups = { + rg1 = { + name = "container-app-001" + region = "region1" + } +} + +diagnostic_log_analytics = { + central_logs_region1 = { + region = "region1" + name = "logs" + resource_group_key = "rg1" + } +} + +vnets = { + cae_re1 = { + resource_group_key = "rg1" + region = "region1" + vnet = { + name = "container-app-network" + address_space = ["100.64.0.0/20"] + } + specialsubnets = {} + subnets = { + cae1 = { + name = "container-app-snet" + cidr = ["100.64.0.0/21"] + nsg_key = "empty_nsg" + } + } + + } +} + +network_security_group_definition = { + # This entry is applied to all subnets with no NSG defined + empty_nsg = {} +} + +managed_identities = { + msi1 = { + name = "ca-identity-001" + resource_group_key = "rg1" + } +} + +storage_accounts = { + sa1 = { + name = "sa1caes001" + resource_group_key = "rg1" + account_kind = "FileStorage" + account_tier = "Premium" + account_replication_type = "LRS" + min_tls_version = "TLS1_2" + large_file_share_enabled = true + + file_shares = { + fs1 = { + name = "fs1" + quota = "100" + } + } + } +} + +container_app_environment = { + cae1 = { + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" + vnet = { + vnet_key = "cae_re1" + subnet_key = "cae1" + } + internal_load_balancer_enabled = true + + tags = { + environment = "testing" + } + } +} + +container_app_dapr_component = { + dapr1 = { + name = "dapr-component-001" + container_app_environment_key = "cae1" + component_type = "state.azure.blobstorage" + version = "v1" + ignore_errors = false + init_timeout = "1m" + secret = [ + { + name = "dapr-secret1" + value = "ccecewEWewce" + } + ] + metadata = [ + { + name = "dapr-meta1" + value = "ccweceww" + }, + { + name = "dapr-meta2" + secret_name = "dapr-secret1" + } + ] + } +} + +container_app_environment_certificate = { + caec1 = { + name = "caec-cert-001" + container_app_environment_key = "cae1" + certificate_blob_base64 = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3lKR2o4dXlrTUN3UmIKcEx6NU9YWTJUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZwozYzdCYnI0VlNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0CmJBVXRIM0s4NE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMloKYXZ5a0VTb3EvWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOApiVVk0STNtNTk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1CmxqeERiQUpyQWdNQkFBRUNnZ0VBTVp3WUxNSEdkWmNmMkpHeEdzclkwOWp3NGl3Qlk4OEM2cUo3VE1HNHBrdSsKclZHYUpWTjYzZCtzT0F0c0dDd1FJdXRsN2h6ZDkyNFYxUVBRVDJnU3dZU3FuaHVFbG5kVXhDc2xJbC90UDNWTQpDellmakJERmdvMlR5NVJyelBCZ0dUVVVlOUV3bEI4VytJYkVqa05peFp6eGJsdWd5QlVxOEMyQ0YxM1ZOV05GClRSc1c1SXpiUnpaQm9Rd1U0aFQ5NWJGNkxkcHp1NWRFNjY5eEZrSmh6cWVlczNqWkVLK3BvVWV0VjFneEt1TkUKUW5MN1ZPQXdraFp5UjR4cXg2cVZPaEw0QlFSempJSDUzRlJBRWFiWmZhUVRDMm0wVlNzMndlOFJhaFFTOEFrYwptNitpWkJHcVFhQ0lLVDBQSkhNbi9GaFVQTHNwZEU3b1Z5WXc4UU5OS1FLQmdRRE9Wa0hVU25oOFhCR2VwMExXClVtdmtRQ1VvcXMzZnhKMmh3VjMxZ2IwZEt4OUZPU25qMkRlUHFic2hsVWdBMW4vcnFXQ05aNnhNazh3OWh2dDkKSXlkWWg3TWVjK3l4VTYxaElET1ZkcUxFS2d1UWZ5akZ1NzNUYTNIRDlKOEZvazBmWmFINWxMd3k1NHUvVjBWSApmaUpzZ3RTOTZVZnRuUC93ZnRWZUlpdFFEd0tCZ1FEZEJPVkt5S2xyUWFuWVptVGRTVUxFaE1TQnRDdm50ZTM4ClgvM3NwRms5WE45Z0NzUnpoekozQkM3NzA4SUlOdVZJV1kzRzBoYUNRNDMweURna29SNm8yWTlNSU1TNkQwWUQKREVXaXM5c2pEQlFQNEMrMXc1ZVlKRWFWUllaeE1vMXBsZitrNk5DK3ZaSXYxQXlPQTQ1S0twUDhZSmdmNk5GQQpNY2h0UVRkTDVRS0JnSDlOZEp2M3ZsSnJzMnRCSXRsOFRKaXNnc0NPY1NwbjhpRkVYaVlFZjVzcGFjZVp0eUNkCjI5bkZESEZ4MnRTNWduN3hKMkxXM2RUNU12K2E4anFJbjlQZEZVUHFuZFBpSG94WUE3dHBVSTdhcWZ2aW1GTTIKdTYxZkV2ZWxTeDk4dlR4cnhmMW9LSnozZ3A3d3h3dU81TW95QmZPTnBCVVQwa3ljMUNPWnpVTTlBb0dBWjZ6aQpPZUJDeUpNMnJ0SHBRbndaRzhJRHc2dldaSXpNby9RTFVyUU5RR0dPVHFqK1dncnpPeXoxTlIreUJ0UnBYVFRVCjhveWVEbUROK0NMcll4TkpKSDlaWHFhSVlaYkVpcTE1Qk1kRlpmMUdjK1AvdlUyUWtNZURiSVgrZUo3MEFyRmcKQitWRjloTkt2YkRFYXVGMEg0bzFmTTk2ekkwVGl2OVBPeUM2WlprQ2dZQVdkUjNxYVJrUzJuVVNiT2hrS2s2ZgoyK0xkRWMwcmFuSE5EYW9kMzZTbDYrRm5RbVNSWC90QTB3UUFnZnhoRERlWENGR3lnV1EvKytTUmt3a0g1Nnp2CjYxb0lCWmlEdkd5YkYrb251dDRJRnlTU0NQM3BiQ2ExeHpVNVNUaVgzMTdOVUVkUG00M3hOVS96eVA3MFlid1UKc01rd1AvUXFmaVcyTVhVcTRoaEU3QT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURiekNDQWxlZ0F3SUJBZ0lRUFMwL2ZLTlhWWUpoWW5YVm9zU0wxREFOQmdrcWhraUc5dzBCQVFzRkFEQVcKTVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG1OdmJUQWVGdzB5TWpBM01qWXhORFUxTlROYUZ3MHpNakEzTWpNeApORFUxTlROYU1GY3hDekFKQmdOVkJBWVRBbFZUTVJ3d0dnWURWUVFLRXhORmVHRnRjR3hsSUZObGJHWWdVMmxuCmJtVmtNUlF3RWdZRFZRUUxFd3RsZUdGdGNHeGxMbU52YlRFVU1CSUdBMVVFQXhNTFpYaGhiWEJzWlM1amIyMHcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lKR2o4dXlrTUN3UmJwTHo1T1hZMgpUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZzNjN0JicjRWClNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0YkFVdEgzSzgKNE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMlphdnlrRVNvcQovWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOGJVWTRJM201Cjk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1bGp4RGJBSnIKQWdNQkFBR2plREIyTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSQpLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEFxYWFkZ1diNGFLc1IyS2VFCmZlQ1NBNEFqZlRBV0JnTlZIUkVFRHpBTmdndGxlR0Z0Y0d4bExtTnZiVEFOQmdrcWhraUc5dzBCQVFzRkFBT0MKQVFFQVhSRkVraTVTbXJkL2p5OGk5TzBhYmpDSWczd0NpQkxaU0V0aE1MZ3hIbjZwUDN4K0xialZ3OGdOb0FQNApUNndaTmdhWkYvSlF0c09UQ2Ird0thenc0b1IvOE5xajFIWjdWT0hERU5yWVdPaG5nSjl0MFh1TC90OU1UaXBXCnRkR21wT0xVMURReU9VRFlJbWhhY05IVUxaeHd4TFdVU1F4Y25SSUJRTjdjemZ1NjFmcFp0dWFhMkhTYzIrVDkKNjFKeG5hRERlWldzQXQ1MXp3bjk0M3h2V3BFQjB1dGVKQnVIVWNUbUxGalVoaVV4RmxSM3Q0dWI0bDdPR1pmWgoxUG90OE4wM2lmNUN1N2lldGRhSUczYW4wNWZKYnJFTXVBaXFEdWtjb3FnNmxVRzlyZVdHQnRKUlBIMHMwRHNxCkVXNFM5Tzc2eHhUTWxLai9Tdlh2WHVkVUVBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + certificate_password = "" + } +} + +container_app_environment_storage = { + caes1 = { + name = "caes-storage-001" + container_app_environment_key = "cae1" + storage_account = { + account_key = "sa1" + } + share_name = "fs1" + access_mode = "ReadWrite" + } +} + +container_app = { + ca1 = { + name = "nginx-app" + container_app_environment_key = "cae1" + resource_group_key = "rg1" + + revision_mode = "Single" + template = { + container = { + cont1 = { + name = "nginx" + image = "nginx:latest" + cpu = 0.5 + memory = "1Gi" + liveness_probe = { + port = 80 + transport = "HTTP" + } + readiness_probe = { + port = 80 + transport = "HTTP" + } + startup_probe = { + port = 80 + transport = "HTTP" + } + env = [ + { + name = "VAR1" + value = "value1" + }, + { + name = "VAR2" + value = 2 + }, + { + name = "SECRET_VAR" + secret_name = "secret1" + } + ] + volume_mounts = { + vol1 = { + name = "vol1" + path = "/mnt/vol1" + } + } + } + } + min_replicas = 1 + max_replicas = 1 + volume = { + vol1 = { + name = "vol1" + storage_name = "caes-storage-001" + storage_type = "AzureFile" + } + } + } + ingress = { + external_enabled = false + target_port = 80 + transport = "http" + allow_insecure_connections = true + traffic_weight = { + blue = { + label = "blue" + latest_revision = false + revision_suffix = "blue" + percentage = 70 + } + green = { + label = "green" + latest_revision = true + revision_suffix = "green" + percentage = 30 + } + } + custom_domain = { + example = { + certificate_key = "caec1" + name = "example.com" + } + } + } + secret = [ + { + name = "secret1" + value = "djwHJcwjh" + }, + { + name = "secret2" + value = "cdjGHjew" + } + ] + identity = { + type = "UserAssigned" // Possible options are 'SystemAssigned, UserAssigned' 'SystemAssigned' or 'UserAssigned' + managed_identity_keys = [ + "msi1" + ] + } + # registry = { + # server = "testacr.azurecr.io" + # identity = { + # key = "msi1" + # } + # } + }, + ca2 = { + name = "dapr-app" + container_app_environment_key = "cae1" + resource_group_key = "rg1" + + revision_mode = "Single" + dapr = { + app_id = "nodeapp" + app_port = 3000 + } + template = { + container = { + cont1 = { + name = "nodeapp" + image = "daprio/daprd:edge" + cpu = 0.5 + memory = "1Gi" + } + } + min_replicas = 1 + max_replicas = 1 + } + } +} diff --git a/examples/module.tf b/examples/module.tf index b7d44ef80a..ea63479b0e 100644 --- a/examples/module.tf +++ b/examples/module.tf @@ -93,31 +93,36 @@ module "example" { communication_services = var.communication_services } compute = { - aks_clusters = var.aks_clusters - aro_clusters = var.aro_clusters - availability_sets = var.availability_sets - azure_container_registries = var.azure_container_registries - batch_accounts = var.batch_accounts - batch_applications = var.batch_applications - batch_certificates = var.batch_certificates - batch_jobs = var.batch_jobs - batch_pools = var.batch_pools - bastion_hosts = var.bastion_hosts - container_groups = var.container_groups - dedicated_host_groups = var.dedicated_host_groups - dedicated_hosts = var.dedicated_hosts - machine_learning_compute_instance = var.machine_learning_compute_instance - proximity_placement_groups = var.proximity_placement_groups - runbooks = var.runbooks - virtual_machine_scale_sets = var.virtual_machine_scale_sets - virtual_machines = var.virtual_machines - vmware_private_clouds = var.vmware_private_clouds - vmware_clusters = var.vmware_clusters - vmware_express_route_authorizations = var.vmware_express_route_authorizations - wvd_applications = var.wvd_applications - wvd_application_groups = var.wvd_application_groups - wvd_host_pools = var.wvd_host_pools - wvd_workspaces = var.wvd_workspaces + aks_clusters = var.aks_clusters + aro_clusters = var.aro_clusters + availability_sets = var.availability_sets + azure_container_registries = var.azure_container_registries + batch_accounts = var.batch_accounts + batch_applications = var.batch_applications + batch_certificates = var.batch_certificates + batch_jobs = var.batch_jobs + batch_pools = var.batch_pools + bastion_hosts = var.bastion_hosts + container_app = var.container_app + container_app_dapr_component = var.container_app_dapr_component + container_app_environment = var.container_app_environment + container_app_environment_certificate = var.container_app_environment_certificate + container_app_environment_storage = var.container_app_environment_storage + container_groups = var.container_groups + dedicated_host_groups = var.dedicated_host_groups + dedicated_hosts = var.dedicated_hosts + machine_learning_compute_instance = var.machine_learning_compute_instance + proximity_placement_groups = var.proximity_placement_groups + runbooks = var.runbooks + virtual_machine_scale_sets = var.virtual_machine_scale_sets + virtual_machines = var.virtual_machines + vmware_private_clouds = var.vmware_private_clouds + vmware_clusters = var.vmware_clusters + vmware_express_route_authorizations = var.vmware_express_route_authorizations + wvd_applications = var.wvd_applications + wvd_application_groups = var.wvd_application_groups + wvd_host_pools = var.wvd_host_pools + wvd_workspaces = var.wvd_workspaces } diagnostics = { diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf index 54a173be6e..c19688dd1c 100644 --- a/locals.combined_objects.tf +++ b/locals.combined_objects.tf @@ -47,6 +47,9 @@ locals { combined_objects_consumption_budgets_resource_groups = merge(tomap({ (local.client_config.landingzone_key) = module.consumption_budgets_resource_groups }), try(var.remote_objects.consumption_budgets_resource_groups, {}), try(var.data_sources.consumption_budgets_resource_groups, {})) combined_objects_consumption_budgets_subscriptions = merge(tomap({ (local.client_config.landingzone_key) = module.consumption_budgets_subscriptions }), try(var.remote_objects.consumption_budgets_subscriptions, {}), try(var.data_sources.consumption_budgets_subscriptions, {})) combined_objects_container_registry = merge(tomap({ (local.client_config.landingzone_key) = module.container_registry }), try(var.remote_objects.container_registry, {}), try(var.data_sources.container_registry, {})) + combined_objects_container_app_environments = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment }), try(var.remote_objects.container_app_environment, {})) + combined_objects_container_app_environment_certificates = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_certificate }), try(var.remote_objects.container_app_environment_certificate, {})) + combined_objects_container_app_environment_storage = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_storage }), try(var.remote_objects.container_app_environment_storage, {})) combined_objects_cosmos_dbs = merge(tomap({ (local.client_config.landingzone_key) = module.cosmos_dbs }), try(var.remote_objects.cosmos_dbs, {}), try(var.data_sources.cosmos_dbs, {})) combined_objects_cosmosdb_sql_databases = merge(tomap({ (local.client_config.landingzone_key) = module.cosmosdb_sql_databases }), try(var.remote_objects.cosmosdb_sql_databases, {})) combined_objects_data_factory = merge(tomap({ (local.client_config.landingzone_key) = merge(module.data_factory, try(var.data_sources.data_factory, {})) }), try(var.remote_objects.data_factory, {})) diff --git a/locals.tf b/locals.tf index abb558dbc0..51cf4c4cad 100644 --- a/locals.tf +++ b/locals.tf @@ -74,31 +74,36 @@ locals { }, var.cloud) compute = { - aks_clusters = try(var.compute.aks_clusters, {}) - aro_clusters = try(var.compute.aro_clusters, {}) - availability_sets = try(var.compute.availability_sets, {}) - azure_container_registries = try(var.compute.azure_container_registries, {}) - bastion_hosts = try(var.compute.bastion_hosts, {}) - batch_accounts = try(var.compute.batch_accounts, {}) - batch_applications = try(var.compute.batch_applications, {}) - batch_certificates = try(var.compute.batch_certificates, {}) - batch_jobs = try(var.compute.batch_jobs, {}) - batch_pools = try(var.compute.batch_pools, {}) - container_groups = try(var.compute.container_groups, {}) - dedicated_hosts = try(var.compute.dedicated_hosts, {}) - dedicated_host_groups = try(var.compute.dedicated_host_groups, {}) - machine_learning_compute_instance = try(var.compute.machine_learning_compute_instance, {}) - proximity_placement_groups = try(var.compute.proximity_placement_groups, {}) - vmware_clusters = try(var.compute.vmware_clusters, {}) - vmware_private_clouds = try(var.compute.vmware_private_clouds, {}) - vmware_express_route_authorizations = try(var.compute.vmware_express_route_authorizations, {}) - wvd_applications = try(var.compute.wvd_applications, {}) - wvd_application_groups = try(var.compute.wvd_application_groups, {}) - wvd_host_pools = try(var.compute.wvd_host_pools, {}) - wvd_workspaces = try(var.compute.wvd_workspaces, {}) - virtual_machines = try(var.compute.virtual_machines, {}) - virtual_machine_scale_sets = try(var.compute.virtual_machine_scale_sets, {}) - runbooks = try(var.compute.runbooks, {}) + aks_clusters = try(var.compute.aks_clusters, {}) + aro_clusters = try(var.compute.aro_clusters, {}) + availability_sets = try(var.compute.availability_sets, {}) + azure_container_registries = try(var.compute.azure_container_registries, {}) + bastion_hosts = try(var.compute.bastion_hosts, {}) + batch_accounts = try(var.compute.batch_accounts, {}) + batch_applications = try(var.compute.batch_applications, {}) + batch_certificates = try(var.compute.batch_certificates, {}) + batch_jobs = try(var.compute.batch_jobs, {}) + batch_pools = try(var.compute.batch_pools, {}) + container_app = try(var.compute.container_app, {}) + container_app_dapr_component = try(var.compute.container_app_dapr_component, {}) + container_app_environment = try(var.compute.container_app_environment, {}) + container_app_environment_certificate = try(var.compute.container_app_environment_certificate, {}) + container_app_environment_storage = try(var.compute.container_app_environment_storage, {}) + container_groups = try(var.compute.container_groups, {}) + dedicated_hosts = try(var.compute.dedicated_hosts, {}) + dedicated_host_groups = try(var.compute.dedicated_host_groups, {}) + machine_learning_compute_instance = try(var.compute.machine_learning_compute_instance, {}) + proximity_placement_groups = try(var.compute.proximity_placement_groups, {}) + vmware_clusters = try(var.compute.vmware_clusters, {}) + vmware_private_clouds = try(var.compute.vmware_private_clouds, {}) + vmware_express_route_authorizations = try(var.compute.vmware_express_route_authorizations, {}) + wvd_applications = try(var.compute.wvd_applications, {}) + wvd_application_groups = try(var.compute.wvd_application_groups, {}) + wvd_host_pools = try(var.compute.wvd_host_pools, {}) + wvd_workspaces = try(var.compute.wvd_workspaces, {}) + virtual_machines = try(var.compute.virtual_machines, {}) + virtual_machine_scale_sets = try(var.compute.virtual_machine_scale_sets, {}) + runbooks = try(var.compute.runbooks, {}) } communication = { diff --git a/modules/compute/container_app/container_app.tf b/modules/compute/container_app/container_app.tf new file mode 100644 index 0000000000..6c9fd290aa --- /dev/null +++ b/modules/compute/container_app/container_app.tf @@ -0,0 +1,209 @@ +resource "azurecaf_name" "ca" { + name = var.settings.name + prefixes = var.global_settings.prefixes + resource_type = "azurerm_container_app" + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough + use_slug = var.global_settings.use_slug +} + +resource "azurerm_container_app" "ca" { + name = azurecaf_name.ca.result + resource_group_name = local.resource_group_name + container_app_environment_id = var.container_app_environment_id + revision_mode = var.settings.revision_mode + tags = merge(local.tags, try(var.settings.tags, null)) + + template { + dynamic "container" { + for_each = var.settings.template.container + + content { + name = container.value.name + image = container.value.image + args = try(container.value.args, null) + command = try(container.value.command, null) + cpu = container.value.cpu + memory = container.value.memory + + dynamic "env" { + for_each = try(container.value.env, {}) + + content { + name = env.value.name + secret_name = try(env.value.secret_name, null) + value = try(env.value.value, null) + } + } + + dynamic "liveness_probe" { + for_each = can(container.value.liveness_probe) ? [container.value.liveness_probe] : [] + + content { + failure_count_threshold = try(liveness_probe.value.failure_count_threshold, null) + host = try(liveness_probe.value.host, null) + initial_delay = try(liveness_probe.value.initial_delay, null) + interval_seconds = try(liveness_probe.value.interval_seconds, null) + path = try(liveness_probe.value.path, null) + port = liveness_probe.value.port + termination_grace_period_seconds = try(liveness_probe.value.termination_grace_period_seconds, null) + timeout = try(liveness_probe.value.timeout, null) + transport = liveness_probe.value.transport + + dynamic "header" { + for_each = can(liveness_probe.value.header) ? [liveness_probe.value.header] : [] + + content { + name = header.value.name + value = header.value.value + } + } + } + } + + dynamic "readiness_probe" { + for_each = can(container.value.readiness_probe) ? [container.value.readiness_probe] : [] + + content { + failure_count_threshold = try(readiness_probe.value.failure_count_threshold, null) + host = try(readiness_probe.value.host, null) + interval_seconds = try(readiness_probe.value.interval_seconds, null) + path = try(readiness_probe.value.path, null) + port = readiness_probe.value.port + success_count_threshold = try(readiness_probe.value.success_count_threshold, null) + timeout = try(readiness_probe.value.timeout, null) + transport = readiness_probe.value.transport + + dynamic "header" { + for_each = can(readiness_probe.value.header) ? [readiness_probe.value.header] : [] + + content { + name = header.value.name + value = header.value.value + } + } + } + } + + dynamic "startup_probe" { + for_each = can(container.value.startup_probe) ? [container.value.startup_probe] : [] + + content { + failure_count_threshold = try(startup_probe.value.failure_count_threshold, null) + host = try(startup_probe.value.host, null) + interval_seconds = try(startup_probe.value.interval_seconds, null) + path = try(startup_probe.value.path, null) + port = startup_probe.value.port + termination_grace_period_seconds = try(startup_probe.value.termination_grace_period_seconds, null) + timeout = try(startup_probe.value.timeout, null) + transport = startup_probe.value.transport + + dynamic "header" { + for_each = can(startup_probe.value.header) ? [startup_probe.value.header] : [] + + content { + name = header.value.name + value = header.value.value + } + } + } + } + + dynamic "volume_mounts" { + for_each = try(container.value.volume_mounts, {}) + + content { + name = volume_mounts.value.name + path = volume_mounts.value.path + } + } + } + } + min_replicas = try(var.settings.template.min_replicas, null) + max_replicas = try(var.settings.template.max_replicas, null) + revision_suffix = try(var.settings.template.revision_suffix, null) + + dynamic "volume" { + for_each = try(var.settings.template.volume, {}) + + content { + name = volume.value.name + storage_name = try(volume.value.storage_name, null) + storage_type = try(volume.value.storage_type, null) + } + } + } + + dynamic "ingress" { + for_each = can(var.settings.ingress) ? [var.settings.ingress] : [] + + content { + allow_insecure_connections = try(ingress.value.allow_insecure_connections, null) + external_enabled = try(ingress.value.external_enabled, null) + fqdn = try(ingress.value.fqdn, null) + target_port = ingress.value.target_port + transport = ingress.value.transport + + dynamic "custom_domain" { + for_each = try(ingress.value.custom_domain, {}) + + content { + certificate_binding_type = try(custom_domain.value.certificate_binding_type, null) + certificate_id = can(custom_domain.value.certificate_id) ? custom_domain.value.certificate_id : var.combined_resources.container_app_environment_certificates[try(custom_domain.value.lz_key, var.client_config.landingzone_key)][custom_domain.value.certificate_key].id + name = custom_domain.value.name + } + } + + dynamic "traffic_weight" { + for_each = try(ingress.value.traffic_weight, {}) + + content { + label = traffic_weight.value.label + latest_revision = traffic_weight.value.latest_revision + revision_suffix = traffic_weight.value.revision_suffix + percentage = traffic_weight.value.percentage + } + } + } + } + + dynamic "dapr" { + for_each = can(var.settings.dapr) ? [var.settings.dapr] : [] + + content { + app_id = dapr.value.app_id + app_port = try(dapr.value.app_port, null) + app_protocol = try(dapr.value.app_protocol, null) + } + } + + dynamic "secret" { + for_each = try(var.settings.secret, {}) + + content { + name = secret.value.name + value = secret.value.value + } + } + + dynamic "identity" { + for_each = can(var.settings.identity) ? [var.settings.identity] : [] + + content { + type = var.settings.identity.type + identity_ids = local.managed_identities + } + } + + dynamic "registry" { + for_each = can(var.settings.registry) ? [var.settings.registry] : [] + + content { + server = registry.value.server + identity = can(registry.value.identity.key) ? var.combined_resources.managed_identities[try(registry.value.identity.lz_key, var.client_config.landingzone_key)][registry.value.identity.key].id : try(registry.value.identity.id, null) + username = try(registry.value.username, null) + password_secret_name = try(registry.value.password_secret_name, null) + } + } +} diff --git a/modules/compute/container_app/locals.tf b/modules/compute/container_app/locals.tf new file mode 100644 index 0000000000..4daa5a1ebd --- /dev/null +++ b/modules/compute/container_app/locals.tf @@ -0,0 +1,17 @@ +locals { + managed_local_identities = flatten([ + for managed_identity_key in try(var.settings.identity.managed_identity_keys, []) : [ + var.combined_resources.managed_identities[var.client_config.landingzone_key][managed_identity_key].id + ] + ]) + + managed_remote_identities = flatten([ + for lz_key, value in try(var.settings.identity.remote, []) : [ + for managed_identity_key in value.managed_identity_keys : [ + var.combined_resources.managed_identities[lz_key][managed_identity_key].id + ] + ] + ]) + + managed_identities = concat(local.managed_local_identities, local.managed_remote_identities) +} diff --git a/modules/compute/container_app/main.tf b/modules/compute/container_app/main.tf new file mode 100644 index 0000000000..e886ec6c93 --- /dev/null +++ b/modules/compute/container_app/main.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} + +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = var.base_tags ? merge( + var.global_settings.tags, + try(var.resource_group.tags, null), + local.module_tag, + try(var.settings.tags, null) + ) : merge( + local.module_tag, + try(var.settings.tags, + null) + ) + + location = coalesce(var.location, var.resource_group.location) + resource_group_name = coalesce(var.resource_group_name, var.resource_group.name) +} diff --git a/modules/compute/container_app/output.tf b/modules/compute/container_app/output.tf new file mode 100644 index 0000000000..fcd3430f8b --- /dev/null +++ b/modules/compute/container_app/output.tf @@ -0,0 +1,15 @@ +output "id" { + value = azurerm_container_app.ca.id +} +output "custom_domain_verification_id" { + value = azurerm_container_app.ca.custom_domain_verification_id +} +output "latest_revision_fqdn" { + value = azurerm_container_app.ca.latest_revision_fqdn +} +output "latest_revision_name" { + value = azurerm_container_app.ca.latest_revision_name +} +output "outbound_ip_addresses" { + value = azurerm_container_app.ca.outbound_ip_addresses +} diff --git a/modules/compute/container_app/variables.tf b/modules/compute/container_app/variables.tf new file mode 100644 index 0000000000..11e4f28fa9 --- /dev/null +++ b/modules/compute/container_app/variables.tf @@ -0,0 +1,20 @@ +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "client_config" {} +variable "diagnostics" {} +variable "diagnostic_profiles" {} +variable "combined_diagnostics" {} +variable "combined_resources" { + description = "Provide a map of combined resources for environment_variables_from_resources" + default = {} +} +variable "global_settings" {} +variable "location" {} +variable "resource_group_name" {} +variable "resource_group" { + description = "Resource group object to deploy the virtual machine" +} +variable "settings" {} +variable "container_app_environment_id" {} diff --git a/modules/compute/container_app_dapr_component/container_app_dapr_component.tf b/modules/compute/container_app_dapr_component/container_app_dapr_component.tf new file mode 100644 index 0000000000..5944658593 --- /dev/null +++ b/modules/compute/container_app_dapr_component/container_app_dapr_component.tf @@ -0,0 +1,28 @@ +resource "azurerm_container_app_environment_dapr_component" "cadc" { + name = var.settings.name + container_app_environment_id = var.container_app_environment_id + component_type = var.settings.component_type + version = var.settings.version + ignore_errors = try(var.settings.ignore_errors, false) + init_timeout = try(var.settings.init_timeout, null) + scopes = try(var.settings.scopes, null) + + dynamic "metadata" { + for_each = try(var.settings.metadata, {}) + + content { + name = metadata.value.name + secret_name = try(metadata.value.secret_name, null) + value = try(metadata.value.value, null) + } + } + + dynamic "secret" { + for_each = try(var.settings.secret, {}) + + content { + name = secret.value.name + value = secret.value.value + } + } +} diff --git a/modules/compute/container_app_dapr_component/main.tf b/modules/compute/container_app_dapr_component/main.tf new file mode 100644 index 0000000000..1fbfa06797 --- /dev/null +++ b/modules/compute/container_app_dapr_component/main.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} diff --git a/modules/compute/container_app_dapr_component/output.tf b/modules/compute/container_app_dapr_component/output.tf new file mode 100644 index 0000000000..3669022961 --- /dev/null +++ b/modules/compute/container_app_dapr_component/output.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_container_app_environment_dapr_component.cadc.id +} diff --git a/modules/compute/container_app_dapr_component/variables.tf b/modules/compute/container_app_dapr_component/variables.tf new file mode 100644 index 0000000000..a316af1bdc --- /dev/null +++ b/modules/compute/container_app_dapr_component/variables.tf @@ -0,0 +1,8 @@ +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "client_config" {} +variable "global_settings" {} +variable "settings" {} +variable "container_app_environment_id" {} diff --git a/modules/compute/container_app_environment/container_app_environment.tf b/modules/compute/container_app_environment/container_app_environment.tf new file mode 100644 index 0000000000..7801eba90e --- /dev/null +++ b/modules/compute/container_app_environment/container_app_environment.tf @@ -0,0 +1,19 @@ +resource "azurecaf_name" "cae" { + name = var.settings.name + resource_type = "azurerm_container_app_environment" + prefixes = var.global_settings.prefixes + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough + use_slug = var.global_settings.use_slug +} + +resource "azurerm_container_app_environment" "cae" { + name = azurecaf_name.cae.result + location = local.location + resource_group_name = local.resource_group_name + log_analytics_workspace_id = can(var.settings.log_analytics_workspace_id) ? var.settings.log_analytics_workspace_id : var.diagnostics.log_analytics[var.settings.log_analytics_key].id + infrastructure_subnet_id = try(var.subnet_id, null) + internal_load_balancer_enabled = try(var.settings.internal_load_balancer_enabled, false) + tags = merge(local.tags, try(var.settings.tags, null)) +} diff --git a/modules/compute/container_app_environment/main.tf b/modules/compute/container_app_environment/main.tf new file mode 100644 index 0000000000..e886ec6c93 --- /dev/null +++ b/modules/compute/container_app_environment/main.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} + +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = var.base_tags ? merge( + var.global_settings.tags, + try(var.resource_group.tags, null), + local.module_tag, + try(var.settings.tags, null) + ) : merge( + local.module_tag, + try(var.settings.tags, + null) + ) + + location = coalesce(var.location, var.resource_group.location) + resource_group_name = coalesce(var.resource_group_name, var.resource_group.name) +} diff --git a/modules/compute/container_app_environment/output.tf b/modules/compute/container_app_environment/output.tf new file mode 100644 index 0000000000..c20e15e443 --- /dev/null +++ b/modules/compute/container_app_environment/output.tf @@ -0,0 +1,23 @@ +output "id" { + value = azurerm_container_app_environment.cae.id +} + +output "default_domain" { + value = azurerm_container_app_environment.cae.default_domain +} + +output "docker_bridge_cidr" { + value = try(var.settings.infrastructure_subnet_id, null) != null ? azurerm_container_app_environment.cae.docker_bridge_cidr : null +} + +output "platform_reserved_cidr" { + value = try(var.settings.infrastructure_subnet_id, null) != null ? azurerm_container_app_environment.cae.platform_reserved_cidr : null +} + +output "platform_reserved_dns_ip_address" { + value = try(var.settings.infrastructure_subnet_id, null) != null ? azurerm_container_app_environment.cae.platform_reserved_dns_ip_address : null +} + +output "static_ip_address" { + value = try(var.settings.internal_load_balancer_enabled, false) == true ? azurerm_container_app_environment.cae.static_ip_address : null +} diff --git a/modules/compute/container_app_environment/variables.tf b/modules/compute/container_app_environment/variables.tf new file mode 100644 index 0000000000..5ceb7e3873 --- /dev/null +++ b/modules/compute/container_app_environment/variables.tf @@ -0,0 +1,20 @@ +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "client_config" {} +variable "diagnostics" {} +variable "diagnostic_profiles" {} +variable "combined_diagnostics" {} +variable "combined_resources" { + description = "Provide a map of combined resources for environment_variables_from_resources" + default = {} +} +variable "global_settings" {} +variable "location" {} +variable "resource_group_name" {} +variable "resource_group" { + description = "Resource group object to deploy the virtual machine" +} +variable "settings" {} +variable "subnet_id" {} diff --git a/modules/compute/container_app_environment_certificate/container_app_environment_certificate.tf b/modules/compute/container_app_environment_certificate/container_app_environment_certificate.tf new file mode 100644 index 0000000000..10d5fe0777 --- /dev/null +++ b/modules/compute/container_app_environment_certificate/container_app_environment_certificate.tf @@ -0,0 +1,7 @@ +resource "azurerm_container_app_environment_certificate" "caec" { + name = var.settings.name + container_app_environment_id = var.container_app_environment_id + certificate_blob_base64 = var.settings.certificate_blob_base64 + certificate_password = var.settings.certificate_password + tags = merge(local.tags, try(var.settings.tags, null)) +} diff --git a/modules/compute/container_app_environment_certificate/main.tf b/modules/compute/container_app_environment_certificate/main.tf new file mode 100644 index 0000000000..40fc6fa25f --- /dev/null +++ b/modules/compute/container_app_environment_certificate/main.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} + +locals { + module_tag = { + "module" = basename(abspath(path.module)) + } + tags = var.base_tags ? merge( + var.global_settings.tags, + local.module_tag, + try(var.settings.tags, null) + ) : merge( + local.module_tag, + try(var.settings.tags, + null) + ) +} diff --git a/modules/compute/container_app_environment_certificate/output.tf b/modules/compute/container_app_environment_certificate/output.tf new file mode 100644 index 0000000000..4820a27b2f --- /dev/null +++ b/modules/compute/container_app_environment_certificate/output.tf @@ -0,0 +1,15 @@ +output "id" { + value = azurerm_container_app_environment_certificate.caec.id +} +output "expiration_date" { + value = azurerm_container_app_environment_certificate.caec.expiration_date +} +output "issue_date" { + value = azurerm_container_app_environment_certificate.caec.issue_date +} +output "issuer" { + value = azurerm_container_app_environment_certificate.caec.issuer +} +output "subject_name" { + value = azurerm_container_app_environment_certificate.caec.subject_name +} diff --git a/modules/compute/container_app_environment_certificate/variables.tf b/modules/compute/container_app_environment_certificate/variables.tf new file mode 100644 index 0000000000..a316af1bdc --- /dev/null +++ b/modules/compute/container_app_environment_certificate/variables.tf @@ -0,0 +1,8 @@ +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "client_config" {} +variable "global_settings" {} +variable "settings" {} +variable "container_app_environment_id" {} diff --git a/modules/compute/container_app_environment_storage/container_app_environment_storage.tf b/modules/compute/container_app_environment_storage/container_app_environment_storage.tf new file mode 100644 index 0000000000..b7e0ee7fb6 --- /dev/null +++ b/modules/compute/container_app_environment_storage/container_app_environment_storage.tf @@ -0,0 +1,8 @@ +resource "azurerm_container_app_environment_storage" "caes" { + name = var.settings.name + container_app_environment_id = var.container_app_environment_id + account_name = can(var.settings.account_name) ? var.settings.account_name : var.combined_resources.storage_accounts[try(var.settings.storage_account.lz_key, var.client_config.landingzone_key)][var.settings.storage_account.account_key].name + share_name = var.settings.share_name + access_key = can(var.settings.access_key) ? var.settings.access_key : var.combined_resources.storage_accounts[try(var.settings.storage_account.lz_key, var.client_config.landingzone_key)][var.settings.storage_account.account_key].primary_access_key + access_mode = var.settings.access_mode +} diff --git a/modules/compute/container_app_environment_storage/main.tf b/modules/compute/container_app_environment_storage/main.tf new file mode 100644 index 0000000000..1fbfa06797 --- /dev/null +++ b/modules/compute/container_app_environment_storage/main.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} diff --git a/modules/compute/container_app_environment_storage/output.tf b/modules/compute/container_app_environment_storage/output.tf new file mode 100644 index 0000000000..874f0c1fad --- /dev/null +++ b/modules/compute/container_app_environment_storage/output.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_container_app_environment_storage.caes.id +} diff --git a/modules/compute/container_app_environment_storage/variables.tf b/modules/compute/container_app_environment_storage/variables.tf new file mode 100644 index 0000000000..05b84bd7b7 --- /dev/null +++ b/modules/compute/container_app_environment_storage/variables.tf @@ -0,0 +1,16 @@ +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "client_config" {} +variable "global_settings" {} +variable "combined_resources" { + description = "Provide a map of combined resources for environment_variables_from_resources" + default = {} +} +variable "remote_objects" { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + default = {} +} +variable "settings" {} +variable "container_app_environment_id" {} From 9e1f184736630ffe0709e5119e3f9247d75cda89 Mon Sep 17 00:00:00 2001 From: Oleksandr Trapeznikov Date: Wed, 6 Sep 2023 20:29:04 +0000 Subject: [PATCH 2/6] fix local variables names and format --- container_app.tf | 14 +++++++------- container_app_dapr_component.tf | 4 ++-- container_app_environment.tf | 4 ++-- container_app_environment_certificate.tf | 4 ++-- container_app_environment_storage.tf | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/container_app.tf b/container_app.tf index ef0cd453d8..cf660531cf 100644 --- a/container_app.tf +++ b/container_app.tf @@ -1,12 +1,12 @@ module "container_app" { - source = "./modules/compute/container_app" - for_each = local.compute.container_app + source = "./modules/compute/container_app" + for_each = local.compute.container_app location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name base_tags = local.global_settings.inherit_tags - container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id + container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id client_config = local.client_config combined_diagnostics = local.combined_diagnostics diagnostic_profiles = try(each.value.diagnostic_profiles, {}) @@ -14,11 +14,11 @@ module "container_app" { combined_resources = { keyvaults = local.combined_objects_keyvaults managed_identities = local.combined_objects_managed_identities - container_app_environment_certificates = local.container_app_environment_certificates - container_app_environment_storage = local.container_app_environment_storage + container_app_environment_certificates = local.combined_objects_container_app_environment_certificates + container_app_environment_storage = local.combined_objects_container_app_environment_storage } - global_settings = local.global_settings - settings = each.value + global_settings = local.global_settings + settings = each.value } output "container_app" { diff --git a/container_app_dapr_component.tf b/container_app_dapr_component.tf index 4db85cc046..733849bc7f 100644 --- a/container_app_dapr_component.tf +++ b/container_app_dapr_component.tf @@ -1,6 +1,6 @@ module "container_app_dapr_component" { - source = "./modules/compute/container_app_dapr_component" - for_each = local.compute.container_app_dapr_component + source = "./modules/compute/container_app_dapr_component" + for_each = local.compute.container_app_dapr_component base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id diff --git a/container_app_environment.tf b/container_app_environment.tf index 1a466bcc49..ce4a41ad54 100644 --- a/container_app_environment.tf +++ b/container_app_environment.tf @@ -1,6 +1,6 @@ module "container_app_environment" { - source = "./modules/compute/container_app_environment" - for_each = local.compute.container_app_environment + source = "./modules/compute/container_app_environment" + for_each = local.compute.container_app_environment location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] diff --git a/container_app_environment_certificate.tf b/container_app_environment_certificate.tf index aa4497d279..39de83025d 100644 --- a/container_app_environment_certificate.tf +++ b/container_app_environment_certificate.tf @@ -1,6 +1,6 @@ module "container_app_environment_certificate" { - source = "./modules/compute/container_app_environment_certificate" - for_each = local.compute.container_app_environment_certificate + source = "./modules/compute/container_app_environment_certificate" + for_each = local.compute.container_app_environment_certificate base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id diff --git a/container_app_environment_storage.tf b/container_app_environment_storage.tf index 9220d61f5d..ecc7750ee3 100644 --- a/container_app_environment_storage.tf +++ b/container_app_environment_storage.tf @@ -1,6 +1,6 @@ module "container_app_environment_storage" { - source = "./modules/compute/container_app_environment_storage" - for_each = local.compute.container_app_environment_storage + source = "./modules/compute/container_app_environment_storage" + for_each = local.compute.container_app_environment_storage base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id @@ -9,7 +9,7 @@ module "container_app_environment_storage" { combined_resources = { storage_accounts = local.combined_objects_storage_accounts } - settings = each.value + settings = each.value } output "container_app_environment_storage" { From 285811d7132bae93279d247722c6824759f4d76d Mon Sep 17 00:00:00 2001 From: Oleksandr Trapeznikov Date: Sat, 9 Sep 2023 00:42:17 +0000 Subject: [PATCH 3/6] add container_app variables in example module --- examples/variables.tf | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/examples/variables.tf b/examples/variables.tf index 533fe452a4..6a763d5a4c 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -559,6 +559,21 @@ variable "load_balancers" { variable "ip_groups" { default = {} } +variable "container_app_environment" { + default = {} +} +variable "container_app_environment_certificate" { + default = {} +} +variable "container_app_dapr_component" { + default = {} +} +variable "container_app" { + default = {} +} +variable "container_app_environment_storage" { + default = {} +} variable "container_groups" { default = {} } @@ -1101,4 +1116,4 @@ variable "cosmosdb_role_definitions" { } variable "data_sources" { default = {} -} \ No newline at end of file +} From bdbe498e28ecbdd8b563d5d99dcc8fb6a187c3e2 Mon Sep 17 00:00:00 2001 From: Oleksandr Trapeznikov Date: Wed, 1 Nov 2023 18:50:26 +0000 Subject: [PATCH 4/6] name container_app resources in a plural form --- ...ent.tf => container_app_dapr_components.tf | 8 +-- ... container_app_environment_certificates.tf | 8 +-- ...f => container_app_environment_storages.tf | 8 +-- ...onment.tf => container_app_environments.tf | 8 +-- container_app.tf => container_apps.tf | 10 ++-- .../configuration.tfvars | 12 ++-- .../configuration.tfvars | 12 ++-- .../configuration.tfvars | 30 +++++----- examples/module.tf | 60 +++++++++---------- examples/variables.tf | 10 ++-- locals.combined_objects.tf | 6 +- locals.tf | 60 +++++++++---------- 12 files changed, 116 insertions(+), 116 deletions(-) rename container_app_dapr_component.tf => container_app_dapr_components.tf (75%) rename container_app_environment_certificate.tf => container_app_environment_certificates.tf (80%) rename container_app_environment_storage.tf => container_app_environment_storages.tf (75%) rename container_app_environment.tf => container_app_environments.tf (89%) rename container_app.tf => container_apps.tf (89%) diff --git a/container_app_dapr_component.tf b/container_app_dapr_components.tf similarity index 75% rename from container_app_dapr_component.tf rename to container_app_dapr_components.tf index 733849bc7f..0cf0342b17 100644 --- a/container_app_dapr_component.tf +++ b/container_app_dapr_components.tf @@ -1,6 +1,6 @@ -module "container_app_dapr_component" { +module "container_app_dapr_components" { source = "./modules/compute/container_app_dapr_component" - for_each = local.compute.container_app_dapr_component + for_each = local.compute.container_app_dapr_components base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id @@ -9,7 +9,7 @@ module "container_app_dapr_component" { settings = each.value } -output "container_app_dapr_component" { - value = module.container_app_dapr_component +output "container_app_dapr_components" { + value = module.container_app_dapr_components } diff --git a/container_app_environment_certificate.tf b/container_app_environment_certificates.tf similarity index 80% rename from container_app_environment_certificate.tf rename to container_app_environment_certificates.tf index 39de83025d..65dc7832a2 100644 --- a/container_app_environment_certificate.tf +++ b/container_app_environment_certificates.tf @@ -1,6 +1,6 @@ -module "container_app_environment_certificate" { +module "container_app_environment_certificates" { source = "./modules/compute/container_app_environment_certificate" - for_each = local.compute.container_app_environment_certificate + for_each = local.compute.container_app_environment_certificates base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id @@ -9,7 +9,7 @@ module "container_app_environment_certificate" { settings = each.value } -output "container_app_environment_certificate" { - value = module.container_app_environment_certificate +output "container_app_environment_certificates" { + value = module.container_app_environment_certificates } diff --git a/container_app_environment_storage.tf b/container_app_environment_storages.tf similarity index 75% rename from container_app_environment_storage.tf rename to container_app_environment_storages.tf index ecc7750ee3..6bc36024c3 100644 --- a/container_app_environment_storage.tf +++ b/container_app_environment_storages.tf @@ -1,6 +1,6 @@ -module "container_app_environment_storage" { +module "container_app_environment_storages" { source = "./modules/compute/container_app_environment_storage" - for_each = local.compute.container_app_environment_storage + for_each = local.compute.container_app_environment_storages base_tags = local.global_settings.inherit_tags container_app_environment_id = can(each.value.container_app_environment_id) ? each.value.container_app_environment_id : local.combined_objects_container_app_environments[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.container_app_environment_key].id @@ -12,7 +12,7 @@ module "container_app_environment_storage" { settings = each.value } -output "container_app_environment_storage" { - value = module.container_app_environment_storage +output "container_app_environment_storages" { + value = module.container_app_environment_storages } diff --git a/container_app_environment.tf b/container_app_environments.tf similarity index 89% rename from container_app_environment.tf rename to container_app_environments.tf index ce4a41ad54..15a7066b6a 100644 --- a/container_app_environment.tf +++ b/container_app_environments.tf @@ -1,6 +1,6 @@ -module "container_app_environment" { +module "container_app_environments" { source = "./modules/compute/container_app_environment" - for_each = local.compute.container_app_environment + for_each = local.compute.container_app_environments location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] @@ -15,7 +15,7 @@ module "container_app_environment" { settings = each.value } -output "container_app_environment" { - value = module.container_app_environment +output "container_app_environments" { + value = module.container_app_environments } diff --git a/container_app.tf b/container_apps.tf similarity index 89% rename from container_app.tf rename to container_apps.tf index cf660531cf..45164e9463 100644 --- a/container_app.tf +++ b/container_apps.tf @@ -1,6 +1,6 @@ -module "container_app" { +module "container_apps" { source = "./modules/compute/container_app" - for_each = local.compute.container_app + for_each = local.compute.container_apps location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location resource_group = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)] @@ -15,13 +15,13 @@ module "container_app" { keyvaults = local.combined_objects_keyvaults managed_identities = local.combined_objects_managed_identities container_app_environment_certificates = local.combined_objects_container_app_environment_certificates - container_app_environment_storage = local.combined_objects_container_app_environment_storage + container_app_environment_storages = local.combined_objects_container_app_environment_storages } global_settings = local.global_settings settings = each.value } -output "container_app" { - value = module.container_app +output "container_apps" { + value = module.container_apps } diff --git a/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars b/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars index 08dd21a4d0..9cb5029007 100644 --- a/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars +++ b/examples/compute/container_app/101-simple-container-app-env/configuration.tfvars @@ -20,16 +20,16 @@ diagnostic_log_analytics = { } } -container_app_environment = { +container_app_environments = { cae1 = { - name = "cont-app-env-001" - region = "region1" - resource_group_key = "rg1" - log_analytics_key = "central_logs_region1" + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" } } -container_app = { +container_apps = { ca1 = { name = "nginx-app" container_app_environment_key = "cae1" diff --git a/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars b/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars index c5156fe407..cbe2d15b8e 100644 --- a/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars +++ b/examples/compute/container_app/102-simple-private-container-app-env/configuration.tfvars @@ -45,12 +45,12 @@ network_security_group_definition = { empty_nsg = {} } -container_app_environment = { +container_app_environments = { cae1 = { - name = "cont-app-env-001" - region = "region1" - resource_group_key = "rg1" - log_analytics_key = "central_logs_region1" + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" vnet = { vnet_key = "cae_re1" subnet_key = "cae1" @@ -63,7 +63,7 @@ container_app_environment = { } } -container_app = { +container_apps = { ca1 = { name = "nginx-app" container_app_environment_key = "cae1" diff --git a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars index 2b5ecaca41..7a2bea80c5 100644 --- a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars +++ b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars @@ -71,12 +71,12 @@ storage_accounts = { } } -container_app_environment = { +container_app_environments = { cae1 = { - name = "cont-app-env-001" - region = "region1" - resource_group_key = "rg1" - log_analytics_key = "central_logs_region1" + name = "cont-app-env-001" + region = "region1" + resource_group_key = "rg1" + log_analytics_key = "central_logs_region1" vnet = { vnet_key = "cae_re1" subnet_key = "cae1" @@ -89,7 +89,7 @@ container_app_environment = { } } -container_app_dapr_component = { +container_app_dapr_components = { dapr1 = { name = "dapr-component-001" container_app_environment_key = "cae1" @@ -116,7 +116,7 @@ container_app_dapr_component = { } } -container_app_environment_certificate = { +container_app_environment_certificates = { caec1 = { name = "caec-cert-001" container_app_environment_key = "cae1" @@ -125,19 +125,19 @@ container_app_environment_certificate = { } } -container_app_environment_storage = { +container_app_environment_storages = { caes1 = { name = "caes-storage-001" container_app_environment_key = "cae1" storage_account = { account_key = "sa1" } - share_name = "fs1" + share_name = "fs1" access_mode = "ReadWrite" } } -container_app = { +container_apps = { ca1 = { name = "nginx-app" container_app_environment_key = "cae1" @@ -152,15 +152,15 @@ container_app = { cpu = 0.5 memory = "1Gi" liveness_probe = { - port = 80 + port = 80 transport = "HTTP" } readiness_probe = { - port = 80 + port = 80 transport = "HTTP" } startup_probe = { - port = 80 + port = 80 transport = "HTTP" } env = [ @@ -173,7 +173,7 @@ container_app = { value = 2 }, { - name = "SECRET_VAR" + name = "SECRET_VAR" secret_name = "secret1" } ] @@ -217,7 +217,7 @@ container_app = { custom_domain = { example = { certificate_key = "caec1" - name = "example.com" + name = "example.com" } } } diff --git a/examples/module.tf b/examples/module.tf index ea63479b0e..77405a4e19 100644 --- a/examples/module.tf +++ b/examples/module.tf @@ -93,36 +93,36 @@ module "example" { communication_services = var.communication_services } compute = { - aks_clusters = var.aks_clusters - aro_clusters = var.aro_clusters - availability_sets = var.availability_sets - azure_container_registries = var.azure_container_registries - batch_accounts = var.batch_accounts - batch_applications = var.batch_applications - batch_certificates = var.batch_certificates - batch_jobs = var.batch_jobs - batch_pools = var.batch_pools - bastion_hosts = var.bastion_hosts - container_app = var.container_app - container_app_dapr_component = var.container_app_dapr_component - container_app_environment = var.container_app_environment - container_app_environment_certificate = var.container_app_environment_certificate - container_app_environment_storage = var.container_app_environment_storage - container_groups = var.container_groups - dedicated_host_groups = var.dedicated_host_groups - dedicated_hosts = var.dedicated_hosts - machine_learning_compute_instance = var.machine_learning_compute_instance - proximity_placement_groups = var.proximity_placement_groups - runbooks = var.runbooks - virtual_machine_scale_sets = var.virtual_machine_scale_sets - virtual_machines = var.virtual_machines - vmware_private_clouds = var.vmware_private_clouds - vmware_clusters = var.vmware_clusters - vmware_express_route_authorizations = var.vmware_express_route_authorizations - wvd_applications = var.wvd_applications - wvd_application_groups = var.wvd_application_groups - wvd_host_pools = var.wvd_host_pools - wvd_workspaces = var.wvd_workspaces + aks_clusters = var.aks_clusters + aro_clusters = var.aro_clusters + availability_sets = var.availability_sets + azure_container_registries = var.azure_container_registries + batch_accounts = var.batch_accounts + batch_applications = var.batch_applications + batch_certificates = var.batch_certificates + batch_jobs = var.batch_jobs + batch_pools = var.batch_pools + bastion_hosts = var.bastion_hosts + container_apps = var.container_apps + container_app_dapr_components = var.container_app_dapr_components + container_app_environments = var.container_app_environments + container_app_environment_certificates = var.container_app_environment_certificates + container_app_environment_storages = var.container_app_environment_storages + container_groups = var.container_groups + dedicated_host_groups = var.dedicated_host_groups + dedicated_hosts = var.dedicated_hosts + machine_learning_compute_instance = var.machine_learning_compute_instance + proximity_placement_groups = var.proximity_placement_groups + runbooks = var.runbooks + virtual_machine_scale_sets = var.virtual_machine_scale_sets + virtual_machines = var.virtual_machines + vmware_private_clouds = var.vmware_private_clouds + vmware_clusters = var.vmware_clusters + vmware_express_route_authorizations = var.vmware_express_route_authorizations + wvd_applications = var.wvd_applications + wvd_application_groups = var.wvd_application_groups + wvd_host_pools = var.wvd_host_pools + wvd_workspaces = var.wvd_workspaces } diagnostics = { diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces diff --git a/examples/variables.tf b/examples/variables.tf index 6a763d5a4c..1e071de10d 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -559,19 +559,19 @@ variable "load_balancers" { variable "ip_groups" { default = {} } -variable "container_app_environment" { +variable "container_app_environments" { default = {} } -variable "container_app_environment_certificate" { +variable "container_app_environment_certificates" { default = {} } -variable "container_app_dapr_component" { +variable "container_app_dapr_components" { default = {} } -variable "container_app" { +variable "container_apps" { default = {} } -variable "container_app_environment_storage" { +variable "container_app_environment_storages" { default = {} } variable "container_groups" { diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf index c19688dd1c..984060295f 100644 --- a/locals.combined_objects.tf +++ b/locals.combined_objects.tf @@ -47,9 +47,9 @@ locals { combined_objects_consumption_budgets_resource_groups = merge(tomap({ (local.client_config.landingzone_key) = module.consumption_budgets_resource_groups }), try(var.remote_objects.consumption_budgets_resource_groups, {}), try(var.data_sources.consumption_budgets_resource_groups, {})) combined_objects_consumption_budgets_subscriptions = merge(tomap({ (local.client_config.landingzone_key) = module.consumption_budgets_subscriptions }), try(var.remote_objects.consumption_budgets_subscriptions, {}), try(var.data_sources.consumption_budgets_subscriptions, {})) combined_objects_container_registry = merge(tomap({ (local.client_config.landingzone_key) = module.container_registry }), try(var.remote_objects.container_registry, {}), try(var.data_sources.container_registry, {})) - combined_objects_container_app_environments = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment }), try(var.remote_objects.container_app_environment, {})) - combined_objects_container_app_environment_certificates = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_certificate }), try(var.remote_objects.container_app_environment_certificate, {})) - combined_objects_container_app_environment_storage = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_storage }), try(var.remote_objects.container_app_environment_storage, {})) + combined_objects_container_app_environments = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environments }), try(var.remote_objects.container_app_environments, {})) + combined_objects_container_app_environment_certificates = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_certificates }), try(var.remote_objects.container_app_environment_certificates, {})) + combined_objects_container_app_environment_storages = merge(tomap({ (local.client_config.landingzone_key) = module.container_app_environment_storages }), try(var.remote_objects.container_app_environment_storages, {})) combined_objects_cosmos_dbs = merge(tomap({ (local.client_config.landingzone_key) = module.cosmos_dbs }), try(var.remote_objects.cosmos_dbs, {}), try(var.data_sources.cosmos_dbs, {})) combined_objects_cosmosdb_sql_databases = merge(tomap({ (local.client_config.landingzone_key) = module.cosmosdb_sql_databases }), try(var.remote_objects.cosmosdb_sql_databases, {})) combined_objects_data_factory = merge(tomap({ (local.client_config.landingzone_key) = merge(module.data_factory, try(var.data_sources.data_factory, {})) }), try(var.remote_objects.data_factory, {})) diff --git a/locals.tf b/locals.tf index 51cf4c4cad..1346e85242 100644 --- a/locals.tf +++ b/locals.tf @@ -74,36 +74,36 @@ locals { }, var.cloud) compute = { - aks_clusters = try(var.compute.aks_clusters, {}) - aro_clusters = try(var.compute.aro_clusters, {}) - availability_sets = try(var.compute.availability_sets, {}) - azure_container_registries = try(var.compute.azure_container_registries, {}) - bastion_hosts = try(var.compute.bastion_hosts, {}) - batch_accounts = try(var.compute.batch_accounts, {}) - batch_applications = try(var.compute.batch_applications, {}) - batch_certificates = try(var.compute.batch_certificates, {}) - batch_jobs = try(var.compute.batch_jobs, {}) - batch_pools = try(var.compute.batch_pools, {}) - container_app = try(var.compute.container_app, {}) - container_app_dapr_component = try(var.compute.container_app_dapr_component, {}) - container_app_environment = try(var.compute.container_app_environment, {}) - container_app_environment_certificate = try(var.compute.container_app_environment_certificate, {}) - container_app_environment_storage = try(var.compute.container_app_environment_storage, {}) - container_groups = try(var.compute.container_groups, {}) - dedicated_hosts = try(var.compute.dedicated_hosts, {}) - dedicated_host_groups = try(var.compute.dedicated_host_groups, {}) - machine_learning_compute_instance = try(var.compute.machine_learning_compute_instance, {}) - proximity_placement_groups = try(var.compute.proximity_placement_groups, {}) - vmware_clusters = try(var.compute.vmware_clusters, {}) - vmware_private_clouds = try(var.compute.vmware_private_clouds, {}) - vmware_express_route_authorizations = try(var.compute.vmware_express_route_authorizations, {}) - wvd_applications = try(var.compute.wvd_applications, {}) - wvd_application_groups = try(var.compute.wvd_application_groups, {}) - wvd_host_pools = try(var.compute.wvd_host_pools, {}) - wvd_workspaces = try(var.compute.wvd_workspaces, {}) - virtual_machines = try(var.compute.virtual_machines, {}) - virtual_machine_scale_sets = try(var.compute.virtual_machine_scale_sets, {}) - runbooks = try(var.compute.runbooks, {}) + aks_clusters = try(var.compute.aks_clusters, {}) + aro_clusters = try(var.compute.aro_clusters, {}) + availability_sets = try(var.compute.availability_sets, {}) + azure_container_registries = try(var.compute.azure_container_registries, {}) + bastion_hosts = try(var.compute.bastion_hosts, {}) + batch_accounts = try(var.compute.batch_accounts, {}) + batch_applications = try(var.compute.batch_applications, {}) + batch_certificates = try(var.compute.batch_certificates, {}) + batch_jobs = try(var.compute.batch_jobs, {}) + batch_pools = try(var.compute.batch_pools, {}) + container_apps = try(var.compute.container_apps, {}) + container_app_dapr_components = try(var.compute.container_app_dapr_components, {}) + container_app_environments = try(var.compute.container_app_environments, {}) + container_app_environment_certificates = try(var.compute.container_app_environment_certificates, {}) + container_app_environment_storages = try(var.compute.container_app_environment_storages, {}) + container_groups = try(var.compute.container_groups, {}) + dedicated_hosts = try(var.compute.dedicated_hosts, {}) + dedicated_host_groups = try(var.compute.dedicated_host_groups, {}) + machine_learning_compute_instance = try(var.compute.machine_learning_compute_instance, {}) + proximity_placement_groups = try(var.compute.proximity_placement_groups, {}) + vmware_clusters = try(var.compute.vmware_clusters, {}) + vmware_private_clouds = try(var.compute.vmware_private_clouds, {}) + vmware_express_route_authorizations = try(var.compute.vmware_express_route_authorizations, {}) + wvd_applications = try(var.compute.wvd_applications, {}) + wvd_application_groups = try(var.compute.wvd_application_groups, {}) + wvd_host_pools = try(var.compute.wvd_host_pools, {}) + wvd_workspaces = try(var.compute.wvd_workspaces, {}) + virtual_machines = try(var.compute.virtual_machines, {}) + virtual_machine_scale_sets = try(var.compute.virtual_machine_scale_sets, {}) + runbooks = try(var.compute.runbooks, {}) } communication = { From 2c6f3f59840eff4dea271ace1860316ef36d3649 Mon Sep 17 00:00:00 2001 From: Oleksandr Trapeznikov Date: Wed, 1 Nov 2023 20:55:49 +0000 Subject: [PATCH 5/6] add scale_rule support to container_app --- .../configuration.tfvars | 11 ++- .../compute/container_app/container_app.tf | 87 +++++++++++++++++-- 2 files changed, 89 insertions(+), 9 deletions(-) diff --git a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars index 7a2bea80c5..4557ef504d 100644 --- a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars +++ b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars @@ -185,8 +185,17 @@ container_apps = { } } } + min_replicas = 1 - max_replicas = 1 + max_replicas = 3 + + http_scale_rule = { + rule1 = { + name = "azure-http-rule" + concurrent_requests = 50 + } + } + volume = { vol1 = { name = "vol1" diff --git a/modules/compute/container_app/container_app.tf b/modules/compute/container_app/container_app.tf index 6c9fd290aa..f94b29fc68 100644 --- a/modules/compute/container_app/container_app.tf +++ b/modules/compute/container_app/container_app.tf @@ -26,7 +26,7 @@ resource "azurerm_container_app" "ca" { command = try(container.value.command, null) cpu = container.value.cpu memory = container.value.memory - + dynamic "env" { for_each = try(container.value.env, {}) @@ -45,7 +45,7 @@ resource "azurerm_container_app" "ca" { host = try(liveness_probe.value.host, null) initial_delay = try(liveness_probe.value.initial_delay, null) interval_seconds = try(liveness_probe.value.interval_seconds, null) - path = try(liveness_probe.value.path, null) + path = try(liveness_probe.value.path, null) port = liveness_probe.value.port termination_grace_period_seconds = try(liveness_probe.value.termination_grace_period_seconds, null) timeout = try(liveness_probe.value.timeout, null) @@ -69,7 +69,7 @@ resource "azurerm_container_app" "ca" { failure_count_threshold = try(readiness_probe.value.failure_count_threshold, null) host = try(readiness_probe.value.host, null) interval_seconds = try(readiness_probe.value.interval_seconds, null) - path = try(readiness_probe.value.path, null) + path = try(readiness_probe.value.path, null) port = readiness_probe.value.port success_count_threshold = try(readiness_probe.value.success_count_threshold, null) timeout = try(readiness_probe.value.timeout, null) @@ -93,7 +93,7 @@ resource "azurerm_container_app" "ca" { failure_count_threshold = try(startup_probe.value.failure_count_threshold, null) host = try(startup_probe.value.host, null) interval_seconds = try(startup_probe.value.interval_seconds, null) - path = try(startup_probe.value.path, null) + path = try(startup_probe.value.path, null) port = startup_probe.value.port termination_grace_period_seconds = try(startup_probe.value.termination_grace_period_seconds, null) timeout = try(startup_probe.value.timeout, null) @@ -120,6 +120,77 @@ resource "azurerm_container_app" "ca" { } } } + + dynamic "azure_queue_scale_rule" { + for_each = try(var.settings.template.azure_queue_scale_rule, {}) + content { + name = azure_queue_scale_rule.value.name + queue_name = azure_queue_scale_rule.value.queue_name + queue_length = azure_queue_scale_rule.value.queue_length + + dynamic "authentication" { + for_each = azure_queue_scale_rule.value.authentication + + content { + secret_name = authentication.value.secret_name + trigger_parameter = authentication.value.trigger_parameter + } + } + } + } + + dynamic "custom_scale_rule" { + for_each = try(var.settings.template.custom_scale_rule, {}) + content { + name = custom_scale_rule.value.name + custom_rule_type = custom_scale_rule.value.custom_rule_type + metadata = custom_scale_rule.value.metadata + + dynamic "authentication" { + for_each = try(custom_scale_rule.value.authentication, {}) + + content { + secret_name = authentication.value.secret_name + trigger_parameter = authentication.value.trigger_parameter + } + } + } + } + + dynamic "http_scale_rule" { + for_each = try(var.settings.template.http_scale_rule, {}) + content { + name = http_scale_rule.value.name + concurrent_requests = http_scale_rule.value.concurrent_requests + + dynamic "authentication" { + for_each = try(http_scale_rule.value.authentication, {}) + + content { + secret_name = authentication.value.secret_name + trigger_parameter = authentication.value.trigger_parameter + } + } + } + } + + dynamic "tcp_scale_rule" { + for_each = try(var.settings.template.tcp_scale_rule, {}) + content { + name = tcp_scale_rule.value.name + concurrent_requests = tcp_scale_rule.value.concurrent_requests + + dynamic "authentication" { + for_each = try(tcp_scale_rule.value.authentication, {}) + + content { + secret_name = authentication.value.secret_name + trigger_parameter = authentication.value.trigger_parameter + } + } + } + } + min_replicas = try(var.settings.template.min_replicas, null) max_replicas = try(var.settings.template.max_replicas, null) revision_suffix = try(var.settings.template.revision_suffix, null) @@ -135,7 +206,7 @@ resource "azurerm_container_app" "ca" { } } - dynamic "ingress" { + dynamic "ingress" { for_each = can(var.settings.ingress) ? [var.settings.ingress] : [] content { @@ -150,12 +221,12 @@ resource "azurerm_container_app" "ca" { content { certificate_binding_type = try(custom_domain.value.certificate_binding_type, null) - certificate_id = can(custom_domain.value.certificate_id) ? custom_domain.value.certificate_id : var.combined_resources.container_app_environment_certificates[try(custom_domain.value.lz_key, var.client_config.landingzone_key)][custom_domain.value.certificate_key].id - name = custom_domain.value.name + certificate_id = can(custom_domain.value.certificate_id) ? custom_domain.value.certificate_id : var.combined_resources.container_app_environment_certificates[try(custom_domain.value.lz_key, var.client_config.landingzone_key)][custom_domain.value.certificate_key].id + name = custom_domain.value.name } } - dynamic "traffic_weight" { + dynamic "traffic_weight" { for_each = try(ingress.value.traffic_weight, {}) content { From 0a4775693e309d5c326671cc40e61b59c3e8be2c Mon Sep 17 00:00:00 2001 From: Oleksandr Trapeznikov Date: Thu, 23 Nov 2023 19:58:27 +0000 Subject: [PATCH 6/6] add attributes to cae module --- .../configuration.tfvars | 1 + .../container_app_environment.tf | 16 +++++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars index 4557ef504d..8a0f24fc42 100644 --- a/examples/compute/container_app/103-private-container-app-env/configuration.tfvars +++ b/examples/compute/container_app/103-private-container-app-env/configuration.tfvars @@ -82,6 +82,7 @@ container_app_environments = { subnet_key = "cae1" } internal_load_balancer_enabled = true + zone_redundancy_enabled = true tags = { environment = "testing" diff --git a/modules/compute/container_app_environment/container_app_environment.tf b/modules/compute/container_app_environment/container_app_environment.tf index 7801eba90e..ab6517ba28 100644 --- a/modules/compute/container_app_environment/container_app_environment.tf +++ b/modules/compute/container_app_environment/container_app_environment.tf @@ -9,11 +9,13 @@ resource "azurecaf_name" "cae" { } resource "azurerm_container_app_environment" "cae" { - name = azurecaf_name.cae.result - location = local.location - resource_group_name = local.resource_group_name - log_analytics_workspace_id = can(var.settings.log_analytics_workspace_id) ? var.settings.log_analytics_workspace_id : var.diagnostics.log_analytics[var.settings.log_analytics_key].id - infrastructure_subnet_id = try(var.subnet_id, null) - internal_load_balancer_enabled = try(var.settings.internal_load_balancer_enabled, false) - tags = merge(local.tags, try(var.settings.tags, null)) + name = azurecaf_name.cae.result + location = local.location + resource_group_name = local.resource_group_name + log_analytics_workspace_id = can(var.settings.log_analytics_workspace_id) ? var.settings.log_analytics_workspace_id : var.diagnostics.log_analytics[var.settings.log_analytics_key].id + dapr_application_insights_connection_string = try(var.settings.dapr_application_insights_connection_string, null) + infrastructure_subnet_id = try(var.subnet_id, null) + internal_load_balancer_enabled = try(var.settings.internal_load_balancer_enabled, null) + zone_redundancy_enabled = try(var.settings.zone_redundancy_enabled, null) + tags = merge(local.tags, try(var.settings.tags, null)) }