diff --git a/.vitepress/config.mts b/.vitepress/config.mts index 3b3f8c0..c00d206 100644 --- a/.vitepress/config.mts +++ b/.vitepress/config.mts @@ -63,6 +63,7 @@ export default defineConfig({ link: '/azure/', collapsed: true, items: [ + { text: 'ACA with Terraform', link: '/azure/aca-with-terraform' }, { text: 'Identify Untagged Resources', link: '/azure/identify-untagged-resources' }, ] }, diff --git a/docs/azure/aca-with-terraform.md b/docs/azure/aca-with-terraform.md new file mode 100644 index 0000000..427e5f3 --- /dev/null +++ b/docs/azure/aca-with-terraform.md @@ -0,0 +1,127 @@ +# ACA with Terraform + +Azure Container Apps (ACA) is a serverless container hosting service that allows you to run your containerized applications without managing the underlying infrastructure. Terraform is an Infrastructure as Code (IaC) tool that enables you to define and provision infrastructure using a declarative configuration language. + +```hcl +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "my_rg" { + name = "my_rg" + location = "Australia East" + tags = { + environment = "production", + project = "my-project", + managed_by = "terraform" + } +} + +resource "azurerm_container_registry" "acr" { + name = "myacr${random_id.acr_suffix.hex}" + resource_group_name = azurerm_resource_group.my_rg.name + location = azurerm_resource_group.my_rg.location + sku = "Basic" + + tags = { + environment = "production", + project = "my-project", + managed_by = "terraform" + } +} + +resource "azurerm_container_app_environment" "aca_env" { + name = "aca-env" + resource_group_name = azurerm_resource_group.my_rg.name + location = azurerm_resource_group.my_rg.location + + tags = { + environment = "production", + project = "my-project", + managed_by = "terraform" + } +} + +resource "azuread_application" "acr_push_app" { + display_name = "my-project-acr-push" +} + +resource "azuread_service_principal" "acr_push_sp" { + client_id = azuread_application.acr_push_app.client_id +} + +resource "azuread_service_principal_password" "acr_push_secret" { + service_principal_id = azuread_service_principal.acr_push_sp.id +} + +resource "azurerm_role_assignment" "acr_push_role" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPush" + principal_id = azuread_service_principal.acr_push_sp.object_id +} + +resource "azurerm_user_assigned_identity" "aca_identity" { + name = "aca-identity" + resource_group_name = azurerm_resource_group.my_rg.name + location = azurerm_resource_group.my_rg.location +} + +resource "azurerm_role_assignment" "acr_pull_role" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPull" + principal_id = azurerm_user_assigned_identity.aca_identity.principal_id +} + +resource "azurerm_container_app" "app" { + name = "app" + container_app_environment_id = azurerm_container_app_environment.aca_env.id + resource_group_name = azurerm_resource_group.my_rg.name + revision_mode = "Single" + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.aca_identity.id] + } + + registry { + server = azurerm_container_registry.acr.login_server + identity = azurerm_user_assigned_identity.aca_identity.id + } + + ingress { + allow_insecure_connections = false + external_enabled = true + target_port = 3000 + transport = "auto" + + traffic_weight { + latest_revision = true + percentage = 100 + } + } + + template { + container { + name = "app" + image = "${azurerm_container_registry.acr.login_server}/my-project:latest" + cpu = "0.25" + memory = "0.5Gi" + + env { + name = "NEXT_PUBLIC_APP_ENV" + value = "production" + } + + readiness_probe { + transport = "HTTP" + port = 3000 + } + + liveness_probe { + transport = "HTTP" + port = 3000 + path = "/api/health" + } + } + } +} + +``` \ No newline at end of file diff --git a/docs/azure/index.md b/docs/azure/index.md index f42226a..1d6958f 100644 --- a/docs/azure/index.md +++ b/docs/azure/index.md @@ -1,3 +1,4 @@ # Azure Snippets and Musings -#### [Identify Untagged Resources](./identify-untagged-resources.md) \ No newline at end of file +#### [Identify Untagged Resources](./identify-untagged-resources.md) +#### [ACA with Terraform](./aca-with-terraform.md) \ No newline at end of file