terraform azure

.vitepress/config.mts

@@ -63,6 +63,7 @@ export default defineConfig({
         link: '/azure/',
         collapsed: true,
         items: [
+          { text: 'ACA with Terraform', link: '/azure/aca-with-terraform' },
           { text: 'Identify Untagged Resources', link: '/azure/identify-untagged-resources' },
         ]
       },

docs/azure/aca-with-terraform.md

@@ -0,0 +1,127 @@
+# ACA with Terraform
+
+Azure Container Apps (ACA) is a serverless container hosting service that allows you to run your containerized applications without managing the underlying infrastructure. Terraform is an Infrastructure as Code (IaC) tool that enables you to define and provision infrastructure using a declarative configuration language.
+
+```hcl
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "my_rg" {
+  name     = "my_rg"
+  location = "Australia East"
+  tags = {
+    environment = "production",
+    project     = "my-project",
+    managed_by  = "terraform"
+  }
+}
+
+resource "azurerm_container_registry" "acr" {
+  name                = "myacr${random_id.acr_suffix.hex}"
+  resource_group_name = azurerm_resource_group.my_rg.name
+  location            = azurerm_resource_group.my_rg.location
+  sku                 = "Basic"
+
+  tags = {
+    environment = "production",
+    project     = "my-project",
+    managed_by  = "terraform"
+  }
+}
+
+resource "azurerm_container_app_environment" "aca_env" {
+  name                = "aca-env"
+  resource_group_name = azurerm_resource_group.my_rg.name
+  location            = azurerm_resource_group.my_rg.location
+
+  tags = {
+    environment = "production",
+    project     = "my-project",
+    managed_by  = "terraform"
+  }
+}
+
+resource "azuread_application" "acr_push_app" {
+  display_name = "my-project-acr-push"
+}
+
+resource "azuread_service_principal" "acr_push_sp" {
+  client_id = azuread_application.acr_push_app.client_id
+}
+
+resource "azuread_service_principal_password" "acr_push_secret" {
+  service_principal_id = azuread_service_principal.acr_push_sp.id
+}
+
+resource "azurerm_role_assignment" "acr_push_role" {
+  scope                = azurerm_container_registry.acr.id
+  role_definition_name = "AcrPush"
+  principal_id         = azuread_service_principal.acr_push_sp.object_id
+}
+
+resource "azurerm_user_assigned_identity" "aca_identity" {
+  name                = "aca-identity"
+  resource_group_name = azurerm_resource_group.my_rg.name
+  location            = azurerm_resource_group.my_rg.location
+}
+
+resource "azurerm_role_assignment" "acr_pull_role" {
+  scope                = azurerm_container_registry.acr.id
+  role_definition_name = "AcrPull"
+  principal_id         = azurerm_user_assigned_identity.aca_identity.principal_id
+}
+
+resource "azurerm_container_app" "app" {
+  name                         = "app"
+  container_app_environment_id = azurerm_container_app_environment.aca_env.id
+  resource_group_name          = azurerm_resource_group.my_rg.name
+  revision_mode                = "Single"
+
+  identity {
+    type = "UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.aca_identity.id]
+  }
+
+  registry {
+    server = azurerm_container_registry.acr.login_server
+    identity = azurerm_user_assigned_identity.aca_identity.id
+  }
+
+  ingress {
+    allow_insecure_connections = false
+    external_enabled = true
+    target_port = 3000
+    transport = "auto"
+
+    traffic_weight {
+      latest_revision = true
+      percentage = 100
+    }
+  }
+
+  template {
+    container {
+      name   = "app"
+      image  = "${azurerm_container_registry.acr.login_server}/my-project:latest"
+      cpu    = "0.25"
+      memory = "0.5Gi"
+
+      env {
+        name = "NEXT_PUBLIC_APP_ENV"
+        value = "production"
+      }
+
+      readiness_probe {
+        transport = "HTTP"
+        port      = 3000
+      }
+
+      liveness_probe {
+        transport = "HTTP"
+        port      = 3000
+        path      = "/api/health"
+      }
+    }
+  }
+}
+
+```

docs/azure/index.md

@@ -1,3 +1,4 @@
 # Azure Snippets and Musings
 
-#### [Identify Untagged Resources](./identify-untagged-resources.md)
+#### [Identify Untagged Resources](./identify-untagged-resources.md)
+#### [ACA with Terraform](./aca-with-terraform.md)