Created
April 14, 2022 12:31
-
-
Save takekazuomi/ed816bf8d3be3b7f548986bce1ba9eee to your computer and use it in GitHub Desktop.
deploy ACA with MSI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param containerAppName string | |
param location string = resourceGroup().location | |
param environmentId string | |
param containerImage string | |
param containerPort int | |
param isExternalIngress bool | |
param secrets array = [] | |
param env array = [] | |
param minReplicas int = 0 | |
@allowed([ | |
'multiple' | |
'single' | |
]) | |
param revisionMode string = 'single' | |
@allowed([ | |
'auto' | |
'http' | |
'http2' | |
]) | |
param transport string = 'auto' | |
param allowInsecure bool = false | |
param acrName string | |
param daprEnabled bool | |
// The 'memory' field for each container, if provided, must contain a decimal value to | |
// no more than 2 decimal places followed by 'Gi' to denote the unit (Gibibytes). | |
// Example: '1.25Gi' or '2Gi'. | |
// The total requested CPU and memory resources for this application (CPU: 0.5, memory: 0.5) is invalid. Total CPU and memory for all containers defined in a Container App must add up to one of the following CPU | |
// - Memory combinations: [cpu: 0.25, memory: 0.5Gi]; [cpu: 0.5, memory: 1.0Gi]; [cpu: 0.75, memory: 1.5Gi]; [cpu: 1.0, memory: 2.0Gi]; [cpu: 1.25, memory: 2.5Gi]; [cpu: 1.5, memory: 3.0Gi]; [cpu: 1.75, memory: 3.5Gi]; [cpu: 2.0, memory: 4.0Gi] | |
var resources = [ | |
{ | |
cpu: '0.25' | |
memory: '0.5Gi' | |
} | |
{ | |
cpu: '0.5' | |
memory: '1.0Gi' | |
} | |
{ | |
cpu: '0.75' | |
memory: '1.5Gi' | |
} | |
{ | |
cpu: '1.0' | |
memory: '2.0Gi' | |
} | |
{ | |
cpu: '1.25' | |
memory: '2.5Gi' | |
} | |
{ | |
cpu: '1.5' | |
memory: '3.0Gi' | |
} | |
{ | |
cpu: '1.75' | |
memory: '3.5Gi' | |
} | |
{ | |
cpu: '2.0' | |
memory: '4.0Gi' | |
} | |
] | |
resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = { | |
name: acrName | |
} | |
// https://github.com/Azure/azure-rest-api-specs/blob/09c4eba6c2d24c5f18226f36948d7987f3b50055/specification/app/resource-manager/Microsoft.App/preview/2022-01-01-preview/ContainerApps.json#L412 | |
resource containerApp 'Microsoft.App/containerApps@2022-01-01-preview' = { | |
name: containerAppName | |
location: location | |
identity: { | |
type: 'SystemAssigned' | |
//type: 'None' | |
} | |
properties: { | |
managedEnvironmentId: environmentId | |
configuration: { | |
activeRevisionsMode: revisionMode | |
secrets: union(secrets, [ | |
{ | |
name: 'container-registry-password' | |
value: acr.listCredentials().passwords[0].value | |
} | |
]) | |
registries: [ | |
{ | |
server: acr.properties.loginServer | |
username: acr.name | |
passwordSecretRef: 'container-registry-password' | |
} | |
] | |
ingress: { | |
external: isExternalIngress | |
targetPort: containerPort | |
transport: transport | |
allowInsecure: allowInsecure | |
// traffic: [ | |
// { | |
// weight: 100 | |
// latestRevision: true | |
// } | |
// ] | |
} | |
dapr: { | |
enabled: daprEnabled | |
appPort: 5000 | |
appId: 'web' | |
} | |
} | |
template: { | |
// revisionSuffix: 'somevalue' | |
containers: [ | |
{ | |
image: containerImage | |
name: containerAppName | |
env: env | |
resources: resources[0] | |
} | |
] | |
scale: { | |
minReplicas: minReplicas | |
maxReplicas: 10 | |
rules: [ | |
{ | |
name: 'http-scale' | |
http: { | |
metadata: { | |
concurrentRequests: '100' | |
} | |
} | |
} | |
] | |
} | |
} | |
} | |
} | |
output fqdn string = containerApp.properties.configuration.ingress.fqdn | |
output principalId string = containerApp.identity.principalId | |
output id string = containerApp.id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param environmentName string | |
param containerAppName string | |
param containerImage string | |
param containerPort int | |
param isExternalIngress bool = true | |
param location string = resourceGroup().location | |
param minReplicas int = 0 | |
param transport string = 'auto' | |
param allowInsecure bool = false | |
param env array = [] | |
param acrName string | |
param storageAccountName string | |
param roleDefinitionName string | |
param daprEnabled bool = true | |
resource environment 'Microsoft.App/managedEnvironments@2022-01-01-preview' existing = { | |
name: environmentName | |
} | |
resource role 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = { | |
name: roleDefinitionName | |
} | |
module containerApps 'container.bicep' = { | |
name: 'containerApps' | |
params: { | |
location: location | |
containerAppName: containerAppName | |
containerImage: containerImage | |
containerPort: containerPort | |
environmentId: environment.id | |
isExternalIngress: isExternalIngress | |
minReplicas: minReplicas | |
transport: transport | |
allowInsecure: allowInsecure | |
env: env | |
acrName: acrName | |
daprEnabled: daprEnabled | |
} | |
} | |
module roleAssignment 'roleAssignment.bicep' = { | |
name: 'roleAssignment' | |
params: { | |
roleDefinitionResourceId: role.id | |
containerAppPrincipalId: containerApps.outputs.principalId | |
containerAppResourceId: containerApps.outputs.id | |
storageAccountName: storageAccountName | |
} | |
} | |
output fqdn string = containerApps.outputs.fqdn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param roleDefinitionResourceId string | |
param containerAppPrincipalId string | |
param containerAppResourceId string | |
param storageAccountName string | |
resource sa 'Microsoft.Storage/storageAccounts@2021-08-01' existing = { | |
name: storageAccountName | |
} | |
resource rd 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = { | |
name: roleDefinitionResourceId | |
} | |
resource storageRole 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { | |
name: guid(containerAppResourceId, containerAppPrincipalId, roleDefinitionResourceId) | |
scope: sa | |
properties: { | |
roleDefinitionId: roleDefinitionResourceId | |
principalId: containerAppPrincipalId | |
principalType: 'ServicePrincipal' | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment