Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…into users/krbar/dcrAgentSettings
  • Loading branch information
krbar committed Aug 30, 2024
2 parents 63e13fe + 615b260 commit 470113b
Show file tree
Hide file tree
Showing 12 changed files with 147 additions and 17 deletions.
58 changes: 58 additions & 0 deletions avm/res/app/container-app/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,13 @@ module containerApp 'br/public:avm/res/app/container-app:<version>' = {
environmentResourceId: '<environmentResourceId>'
name: 'acavnet001'
// Non-required parameters
additionalPortMappings: [
{
exposedPort: 8080
external: false
targetPort: 8080
}
]
ingressAllowInsecure: false
ingressExternal: false
ingressTargetPort: 80
Expand Down Expand Up @@ -481,6 +488,15 @@ module containerApp 'br/public:avm/res/app/container-app:<version>' = {
"value": "acavnet001"
},
// Non-required parameters
"additionalPortMappings": {
"value": [
{
"exposedPort": 8080,
"external": false,
"targetPort": 8080
}
]
},
"ingressAllowInsecure": {
"value": false
},
Expand Down Expand Up @@ -667,6 +683,7 @@ module containerApp 'br/public:avm/res/app/container-app:<version>' = {
| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`activeRevisionsMode`](#parameter-activerevisionsmode) | string | Controls how active revisions are handled for the Container app. |
| [`additionalPortMappings`](#parameter-additionalportmappings) | array | Settings to expose additional ports on container app. |
| [`clientCertificateMode`](#parameter-clientcertificatemode) | string | Client certificate mode for mTLS. |
| [`corsPolicy`](#parameter-corspolicy) | object | Object userd to configure CORS policy. |
| [`customDomains`](#parameter-customdomains) | array | Custom domain bindings for Container App hostnames. |
Expand Down Expand Up @@ -1070,6 +1087,47 @@ Controls how active revisions are handled for the Container app.
]
```

### Parameter: `additionalPortMappings`

Settings to expose additional ports on container app.

- Required: No
- Type: array

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`external`](#parameter-additionalportmappingsexternal) | bool | Specifies whether the app port is accessible outside of the environment. |
| [`targetPort`](#parameter-additionalportmappingstargetport) | int | Specifies the port the container listens on. |

**Optional parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`exposedPort`](#parameter-additionalportmappingsexposedport) | int | Specifies the exposed port for the target port. If not specified, it defaults to target port. |

### Parameter: `additionalPortMappings.external`

Specifies whether the app port is accessible outside of the environment.

- Required: Yes
- Type: bool

### Parameter: `additionalPortMappings.targetPort`

Specifies the port the container listens on.

- Required: Yes
- Type: int

### Parameter: `additionalPortMappings.exposedPort`

Specifies the exposed port for the target port. If not specified, it defaults to target port.

- Required: No
- Type: int

### Parameter: `clientCertificateMode`

Client certificate mode for mTLS.
Expand Down
15 changes: 15 additions & 0 deletions avm/res/app/container-app/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ param service object = {}
@description('Optional. Toggle to include the service configuration.')
param includeAddOns bool = false

@description('Optional. Settings to expose additional ports on container app.')
param additionalPortMappings ingressPortMapping[]?

@description('Optional. Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections.')
param ingressAllowInsecure bool = true

Expand Down Expand Up @@ -217,6 +220,7 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = {
ingress: disableIngress
? null
: {
additionalPortMappings: additionalPortMappings
allowInsecure: ingressTransport != 'tcp' ? ingressAllowInsecure : false
customDomains: !empty(customDomains) ? customDomains : null
corsPolicy: corsPolicy != null && ingressTransport != 'tcp'
Expand Down Expand Up @@ -387,6 +391,17 @@ type container = {
volumeMounts: volumeMount[]?
}

type ingressPortMapping = {
@description('Optional. Specifies the exposed port for the target port. If not specified, it defaults to target port.')
exposedPort: int?

@description('Required. Specifies whether the app port is accessible outside of the environment.')
external: bool

@description('Required. Specifies the port the container listens on.')
targetPort: int
}

type serviceBind = {
@description('Required. The name of the service.')
name: string
Expand Down
38 changes: 36 additions & 2 deletions avm/res/app/container-app/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "16433987478692764186"
"templateHash": "7992196126209120702"
},
"name": "Container Apps",
"description": "This module deploys a Container App.",
Expand Down Expand Up @@ -208,6 +208,30 @@
}
}
},
"ingressPortMapping": {
"type": "object",
"properties": {
"exposedPort": {
"type": "int",
"nullable": true,
"metadata": {
"description": "Optional. Specifies the exposed port for the target port. If not specified, it defaults to target port."
}
},
"external": {
"type": "bool",
"metadata": {
"description": "Required. Specifies whether the app port is accessible outside of the environment."
}
},
"targetPort": {
"type": "int",
"metadata": {
"description": "Required. Specifies the port the container listens on."
}
}
}
},
"serviceBind": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -584,6 +608,16 @@
"description": "Optional. Toggle to include the service configuration."
}
},
"additionalPortMappings": {
"type": "array",
"items": {
"$ref": "#/definitions/ingressPortMapping"
},
"nullable": true,
"metadata": {
"description": "Optional. Settings to expose additional ports on container app."
}
},
"ingressAllowInsecure": {
"type": "bool",
"defaultValue": true,
Expand Down Expand Up @@ -846,7 +880,7 @@
"configuration": {
"activeRevisionsMode": "[parameters('activeRevisionsMode')]",
"dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]",
"ingress": "[if(parameters('disableIngress'), null(), createObject('allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]",
"ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]",
"service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]",
"maxInactiveRevisions": "[parameters('maxInactiveRevisions')]",
"registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]",
Expand Down
8 changes: 8 additions & 0 deletions avm/res/app/container-app/tests/e2e/vnet/main.test.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@ module testDeployment '../../../main.bicep' = [
ingressTransport: 'tcp'
ingressAllowInsecure: false
ingressTargetPort: 80
additionalPortMappings: [
{
external: false
targetPort: 8080
exposedPort: 8080
}
]

containers: [
{
name: 'simple-hello-world-container'
Expand Down
2 changes: 1 addition & 1 deletion avm/res/app/container-app/version.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
"version": "0.9",
"version": "0.10",
"pathFilters": [
"./main.json"
]
Expand Down
6 changes: 1 addition & 5 deletions avm/res/event-hub/namespace/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -733,7 +733,6 @@ module namespace 'br/public:avm/res/event-hub/namespace:<version>' = {
'hidden-title': 'This is visible in the resource name'
Role: 'DeploymentValidation'
}
zoneRedundant: true
}
}
```
Expand Down Expand Up @@ -908,9 +907,6 @@ module namespace 'br/public:avm/res/event-hub/namespace:<version>' = {
"hidden-title": "This is visible in the resource name",
"Role": "DeploymentValidation"
}
},
"zoneRedundant": {
"value": true
}
}
}
Expand Down Expand Up @@ -1840,7 +1836,7 @@ Switch to make the Event Hub Namespace zone redundant.

- Required: No
- Type: bool
- Default: `False`
- Default: `True`


## Outputs
Expand Down
2 changes: 1 addition & 1 deletion avm/res/event-hub/namespace/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ param skuName string = 'Standard'
param skuCapacity int = 1

@description('Optional. Switch to make the Event Hub Namespace zone redundant.')
param zoneRedundant bool = false
param zoneRedundant bool = true

@description('Optional. Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub.')
param isAutoInflateEnabled bool = false
Expand Down
4 changes: 2 additions & 2 deletions avm/res/event-hub/namespace/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "6513191517073559510"
"templateHash": "14415344651495261460"
},
"name": "Event Hub Namespaces",
"description": "This module deploys an Event Hub Namespace.",
Expand Down Expand Up @@ -522,7 +522,7 @@
},
"zoneRedundant": {
"type": "bool",
"defaultValue": false,
"defaultValue": true,
"metadata": {
"description": "Optional. Switch to make the Event Hub Namespace zone redundant."
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ module testDeployment '../../../main.bicep' = [
params: {
name: '${namePrefix}${serviceShort}001'
location: resourceLocation
zoneRedundant: true
skuName: 'Standard'
skuCapacity: 2
authorizationRules: [
Expand Down
2 changes: 1 addition & 1 deletion avm/res/event-hub/namespace/version.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
"version": "0.4",
"version": "0.5",
"pathFilters": [
"./main.json"
]
Expand Down
18 changes: 17 additions & 1 deletion avm/res/insights/component/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -82,14 +82,30 @@ var builtInRoleNames = {
Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
'Role Based Access Control Administrator (Preview)': subscriptionResourceId(
'Role Based Access Control Administrator': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'f58310d9-a9f6-439a-9e8d-f62e7b41a168'
)
'User Access Administrator': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'18d7d88d-d35e-4fb5-a5c3-7773c20a72d9'
)
'Monitoring Metrics Publisher': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'3913510d-42f4-4e42-8a64-420c390055eb'
)
'Application Insights Component Contributor': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'ae349356-3a1b-4a5e-921d-050484c6347e'
)
'Application Insights Snapshot Debugger': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'08954f03-6346-4c2e-81c0-ec3a5cfae23b'
)
'Monitoring Contributor': subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'749f88d5-cbae-40b8-bcfc-e573ddc772fa'
)
}

var formattedRoleAssignments = [
Expand Down
10 changes: 7 additions & 3 deletions avm/res/insights/component/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "4240320101610363383"
"templateHash": "707617228684994883"
},
"name": "Application Insights",
"description": "This component deploys an Application Insights instance.",
Expand Down Expand Up @@ -361,8 +361,12 @@
"Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
"User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
"Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
"User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
"Monitoring Metrics Publisher": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"Application Insights Component Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e')]",
"Application Insights Snapshot Debugger": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '08954f03-6346-4c2e-81c0-ec3a5cfae23b')]",
"Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]"
}
},
"resources": {
Expand Down

0 comments on commit 470113b

Please sign in to comment.