azd 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +2 -0
- data/lib/generators/azd/install_generator.rb +14 -0
- data/lib/generators/templates/azure.yaml.tt +22 -0
- data/lib/generators/templates/infra/abbreviations.json +136 -0
- data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
- data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
- data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
- data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
- data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
- data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
- data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
- data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
- data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
- data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
- data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
- data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
- data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
- data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
- data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
- data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
- data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
- data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
- data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
- data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
- data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
- data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
- data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
- data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
- data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
- data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
- data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
- data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
- data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
- data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/role.bicep +21 -0
- data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
- data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
- data/lib/generators/templates/infra/identity.bicep +20 -0
- data/lib/generators/templates/infra/main.bicep +243 -0
- data/lib/generators/templates/infra/main.parameters.json +25 -0
- data/lib/generators/templates/infra/rails.bicep +95 -0
- metadata +115 -0
@@ -0,0 +1,280 @@
|
|
1
|
+
metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool as well as an additional user agent pool.'
|
2
|
+
@description('The name for the AKS managed cluster')
|
3
|
+
param name string
|
4
|
+
|
5
|
+
@description('The name for the Azure container registry (ACR)')
|
6
|
+
param containerRegistryName string
|
7
|
+
|
8
|
+
@description('The name of the connected log analytics workspace')
|
9
|
+
param logAnalyticsName string = ''
|
10
|
+
|
11
|
+
@description('The name of the keyvault to grant access')
|
12
|
+
param keyVaultName string
|
13
|
+
|
14
|
+
@description('The Azure region/location for the AKS resources')
|
15
|
+
param location string = resourceGroup().location
|
16
|
+
|
17
|
+
@description('Custom tags to apply to the AKS resources')
|
18
|
+
param tags object = {}
|
19
|
+
|
20
|
+
@description('AKS add-ons configuration')
|
21
|
+
param addOns object = {
|
22
|
+
azurePolicy: {
|
23
|
+
enabled: true
|
24
|
+
config: {
|
25
|
+
version: 'v2'
|
26
|
+
}
|
27
|
+
}
|
28
|
+
keyVault: {
|
29
|
+
enabled: true
|
30
|
+
config: {
|
31
|
+
enableSecretRotation: 'true'
|
32
|
+
rotationPollInterval: '2m'
|
33
|
+
}
|
34
|
+
}
|
35
|
+
openServiceMesh: {
|
36
|
+
enabled: false
|
37
|
+
config: {}
|
38
|
+
}
|
39
|
+
omsAgent: {
|
40
|
+
enabled: true
|
41
|
+
config: {}
|
42
|
+
}
|
43
|
+
applicationGateway: {
|
44
|
+
enabled: false
|
45
|
+
config: {}
|
46
|
+
}
|
47
|
+
}
|
48
|
+
|
49
|
+
@description('The managed cluster SKU.')
|
50
|
+
@allowed([ 'Free', 'Paid', 'Standard' ])
|
51
|
+
param sku string = 'Free'
|
52
|
+
|
53
|
+
@description('The load balancer SKU to use for ingress into the AKS cluster')
|
54
|
+
@allowed([ 'basic', 'standard' ])
|
55
|
+
param loadBalancerSku string = 'standard'
|
56
|
+
|
57
|
+
@description('Network plugin used for building the Kubernetes network.')
|
58
|
+
@allowed([ 'azure', 'kubenet', 'none' ])
|
59
|
+
param networkPlugin string = 'azure'
|
60
|
+
|
61
|
+
@description('Network policy used for building the Kubernetes network.')
|
62
|
+
@allowed([ 'azure', 'calico' ])
|
63
|
+
param networkPolicy string = 'azure'
|
64
|
+
|
65
|
+
@description('The DNS prefix to associate with the AKS cluster')
|
66
|
+
param dnsPrefix string = ''
|
67
|
+
|
68
|
+
@description('The name of the resource group for the managed resources of the AKS cluster')
|
69
|
+
param nodeResourceGroupName string = ''
|
70
|
+
|
71
|
+
@allowed([
|
72
|
+
'CostOptimised'
|
73
|
+
'Standard'
|
74
|
+
'HighSpec'
|
75
|
+
'Custom'
|
76
|
+
])
|
77
|
+
@description('The System Pool Preset sizing')
|
78
|
+
param systemPoolType string = 'CostOptimised'
|
79
|
+
|
80
|
+
@allowed([
|
81
|
+
''
|
82
|
+
'CostOptimised'
|
83
|
+
'Standard'
|
84
|
+
'HighSpec'
|
85
|
+
'Custom'
|
86
|
+
])
|
87
|
+
@description('The User Pool Preset sizing')
|
88
|
+
param agentPoolType string = ''
|
89
|
+
|
90
|
+
// Configure system / user agent pools
|
91
|
+
@description('Custom configuration of system node pool')
|
92
|
+
param systemPoolConfig object = {}
|
93
|
+
@description('Custom configuration of user node pool')
|
94
|
+
param agentPoolConfig object = {}
|
95
|
+
|
96
|
+
@description('Id of the user or app to assign application roles')
|
97
|
+
param principalId string = ''
|
98
|
+
|
99
|
+
@description('Kubernetes Version')
|
100
|
+
param kubernetesVersion string = '1.27.7'
|
101
|
+
|
102
|
+
@description('The Tenant ID associated to the Azure Active Directory')
|
103
|
+
param aadTenantId string = tenant().tenantId
|
104
|
+
|
105
|
+
@description('Whether RBAC is enabled for local accounts')
|
106
|
+
param enableRbac bool = true
|
107
|
+
|
108
|
+
@description('If set to true, getting static credentials will be disabled for this cluster.')
|
109
|
+
param disableLocalAccounts bool = false
|
110
|
+
|
111
|
+
@description('Enable RBAC using AAD')
|
112
|
+
param enableAzureRbac bool = false
|
113
|
+
|
114
|
+
// Add-ons
|
115
|
+
@description('Whether web app routing (preview) add-on is enabled')
|
116
|
+
param webAppRoutingAddon bool = true
|
117
|
+
|
118
|
+
// Configure AKS add-ons
|
119
|
+
var omsAgentConfig = (!empty(logAnalyticsName) && !empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? union(
|
120
|
+
addOns.omsAgent,
|
121
|
+
{
|
122
|
+
config: {
|
123
|
+
logAnalyticsWorkspaceResourceID: logAnalytics.id
|
124
|
+
}
|
125
|
+
}
|
126
|
+
) : {}
|
127
|
+
|
128
|
+
var addOnsConfig = union(
|
129
|
+
(!empty(addOns.azurePolicy) && addOns.azurePolicy.enabled) ? { azurepolicy: addOns.azurePolicy } : {},
|
130
|
+
(!empty(addOns.keyVault) && addOns.keyVault.enabled) ? { azureKeyvaultSecretsProvider: addOns.keyVault } : {},
|
131
|
+
(!empty(addOns.openServiceMesh) && addOns.openServiceMesh.enabled) ? { openServiceMesh: addOns.openServiceMesh } : {},
|
132
|
+
(!empty(addOns.omsAgent) && addOns.omsAgent.enabled) ? { omsagent: omsAgentConfig } : {},
|
133
|
+
(!empty(addOns.applicationGateway) && addOns.applicationGateway.enabled) ? { ingressApplicationGateway: addOns.applicationGateway } : {}
|
134
|
+
)
|
135
|
+
|
136
|
+
// Link to existing log analytics workspace when available
|
137
|
+
resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = if (!empty(logAnalyticsName)) {
|
138
|
+
name: logAnalyticsName
|
139
|
+
}
|
140
|
+
|
141
|
+
var systemPoolSpec = !empty(systemPoolConfig) ? systemPoolConfig : nodePoolPresets[systemPoolType]
|
142
|
+
|
143
|
+
// Create the primary AKS cluster resources and system node pool
|
144
|
+
module managedCluster 'aks-managed-cluster.bicep' = {
|
145
|
+
name: 'managed-cluster'
|
146
|
+
params: {
|
147
|
+
name: name
|
148
|
+
location: location
|
149
|
+
tags: tags
|
150
|
+
systemPoolConfig: union(
|
151
|
+
{ name: 'npsystem', mode: 'System' },
|
152
|
+
nodePoolBase,
|
153
|
+
systemPoolSpec
|
154
|
+
)
|
155
|
+
nodeResourceGroupName: nodeResourceGroupName
|
156
|
+
sku: sku
|
157
|
+
dnsPrefix: dnsPrefix
|
158
|
+
kubernetesVersion: kubernetesVersion
|
159
|
+
addOns: addOnsConfig
|
160
|
+
workspaceId: !empty(logAnalyticsName) ? logAnalytics.id : ''
|
161
|
+
enableAad: enableAzureRbac && aadTenantId != ''
|
162
|
+
disableLocalAccounts: disableLocalAccounts
|
163
|
+
aadTenantId: aadTenantId
|
164
|
+
enableRbac: enableRbac
|
165
|
+
enableAzureRbac: enableAzureRbac
|
166
|
+
webAppRoutingAddon: webAppRoutingAddon
|
167
|
+
loadBalancerSku: loadBalancerSku
|
168
|
+
networkPlugin: networkPlugin
|
169
|
+
networkPolicy: networkPolicy
|
170
|
+
}
|
171
|
+
}
|
172
|
+
|
173
|
+
var hasAgentPool = !empty(agentPoolConfig) || !empty(agentPoolType)
|
174
|
+
var agentPoolSpec = hasAgentPool && !empty(agentPoolConfig) ? agentPoolConfig : empty(agentPoolType) ? {} : nodePoolPresets[agentPoolType]
|
175
|
+
|
176
|
+
// Create additional user agent pool when specified
|
177
|
+
module agentPool 'aks-agent-pool.bicep' = if (hasAgentPool) {
|
178
|
+
name: 'aks-node-pool'
|
179
|
+
params: {
|
180
|
+
clusterName: managedCluster.outputs.clusterName
|
181
|
+
name: 'npuserpool'
|
182
|
+
config: union({ name: 'npuser', mode: 'User' }, nodePoolBase, agentPoolSpec)
|
183
|
+
}
|
184
|
+
}
|
185
|
+
|
186
|
+
// Creates container registry (ACR)
|
187
|
+
module containerRegistry 'container-registry.bicep' = {
|
188
|
+
name: 'container-registry'
|
189
|
+
params: {
|
190
|
+
name: containerRegistryName
|
191
|
+
location: location
|
192
|
+
tags: tags
|
193
|
+
workspaceId: !empty(logAnalyticsName) ? logAnalytics.id : ''
|
194
|
+
}
|
195
|
+
}
|
196
|
+
|
197
|
+
// Grant ACR Pull access from cluster managed identity to container registry
|
198
|
+
module containerRegistryAccess '../security/registry-access.bicep' = {
|
199
|
+
name: 'cluster-container-registry-access'
|
200
|
+
params: {
|
201
|
+
containerRegistryName: containerRegistry.outputs.name
|
202
|
+
principalId: managedCluster.outputs.clusterIdentity.objectId
|
203
|
+
}
|
204
|
+
}
|
205
|
+
|
206
|
+
// Give AKS cluster access to the specified principal
|
207
|
+
module clusterAccess '../security/aks-managed-cluster-access.bicep' = if (enableAzureRbac || disableLocalAccounts) {
|
208
|
+
name: 'cluster-access'
|
209
|
+
params: {
|
210
|
+
clusterName: managedCluster.outputs.clusterName
|
211
|
+
principalId: principalId
|
212
|
+
}
|
213
|
+
}
|
214
|
+
|
215
|
+
// Give the AKS Cluster access to KeyVault
|
216
|
+
module clusterKeyVaultAccess '../security/keyvault-access.bicep' = {
|
217
|
+
name: 'cluster-keyvault-access'
|
218
|
+
params: {
|
219
|
+
keyVaultName: keyVaultName
|
220
|
+
principalId: managedCluster.outputs.clusterIdentity.objectId
|
221
|
+
}
|
222
|
+
}
|
223
|
+
|
224
|
+
// Helpers for node pool configuration
|
225
|
+
var nodePoolBase = {
|
226
|
+
osType: 'Linux'
|
227
|
+
maxPods: 30
|
228
|
+
type: 'VirtualMachineScaleSets'
|
229
|
+
upgradeSettings: {
|
230
|
+
maxSurge: '33%'
|
231
|
+
}
|
232
|
+
}
|
233
|
+
|
234
|
+
var nodePoolPresets = {
|
235
|
+
CostOptimised: {
|
236
|
+
vmSize: 'Standard_B4ms'
|
237
|
+
count: 1
|
238
|
+
minCount: 1
|
239
|
+
maxCount: 3
|
240
|
+
enableAutoScaling: true
|
241
|
+
availabilityZones: []
|
242
|
+
}
|
243
|
+
Standard: {
|
244
|
+
vmSize: 'Standard_DS2_v2'
|
245
|
+
count: 3
|
246
|
+
minCount: 3
|
247
|
+
maxCount: 5
|
248
|
+
enableAutoScaling: true
|
249
|
+
availabilityZones: [
|
250
|
+
'1'
|
251
|
+
'2'
|
252
|
+
'3'
|
253
|
+
]
|
254
|
+
}
|
255
|
+
HighSpec: {
|
256
|
+
vmSize: 'Standard_D4s_v3'
|
257
|
+
count: 3
|
258
|
+
minCount: 3
|
259
|
+
maxCount: 5
|
260
|
+
enableAutoScaling: true
|
261
|
+
availabilityZones: [
|
262
|
+
'1'
|
263
|
+
'2'
|
264
|
+
'3'
|
265
|
+
]
|
266
|
+
}
|
267
|
+
}
|
268
|
+
|
269
|
+
// Module outputs
|
270
|
+
@description('The resource name of the AKS cluster')
|
271
|
+
output clusterName string = managedCluster.outputs.clusterName
|
272
|
+
|
273
|
+
@description('The AKS cluster identity')
|
274
|
+
output clusterIdentity object = managedCluster.outputs.clusterIdentity
|
275
|
+
|
276
|
+
@description('The resource name of the ACR')
|
277
|
+
output containerRegistryName string = containerRegistry.outputs.name
|
278
|
+
|
279
|
+
@description('The login server for the container registry')
|
280
|
+
output containerRegistryLoginServer string = containerRegistry.outputs.loginServer
|
@@ -0,0 +1,17 @@
|
|
1
|
+
metadata description = 'Updates app settings for an Azure App Service.'
|
2
|
+
@description('The name of the app service resource within the current resource group scope')
|
3
|
+
param name string
|
4
|
+
|
5
|
+
@description('The app settings to be applied to the app service')
|
6
|
+
@secure()
|
7
|
+
param appSettings object
|
8
|
+
|
9
|
+
resource appService 'Microsoft.Web/sites@2022-03-01' existing = {
|
10
|
+
name: name
|
11
|
+
}
|
12
|
+
|
13
|
+
resource settings 'Microsoft.Web/sites/config@2022-03-01' = {
|
14
|
+
name: 'appsettings'
|
15
|
+
parent: appService
|
16
|
+
properties: appSettings
|
17
|
+
}
|
@@ -0,0 +1,123 @@
|
|
1
|
+
metadata description = 'Creates an Azure App Service in an existing Azure App Service plan.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
// Reference Properties
|
7
|
+
param applicationInsightsName string = ''
|
8
|
+
param appServicePlanId string
|
9
|
+
param keyVaultName string = ''
|
10
|
+
param managedIdentity bool = !empty(keyVaultName)
|
11
|
+
|
12
|
+
// Runtime Properties
|
13
|
+
@allowed([
|
14
|
+
'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
|
15
|
+
])
|
16
|
+
param runtimeName string
|
17
|
+
param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
|
18
|
+
param runtimeVersion string
|
19
|
+
|
20
|
+
// Microsoft.Web/sites Properties
|
21
|
+
param kind string = 'app,linux'
|
22
|
+
|
23
|
+
// Microsoft.Web/sites/config
|
24
|
+
param allowedOrigins array = []
|
25
|
+
param alwaysOn bool = true
|
26
|
+
param appCommandLine string = ''
|
27
|
+
@secure()
|
28
|
+
param appSettings object = {}
|
29
|
+
param clientAffinityEnabled bool = false
|
30
|
+
param enableOryxBuild bool = contains(kind, 'linux')
|
31
|
+
param functionAppScaleLimit int = -1
|
32
|
+
param linuxFxVersion string = runtimeNameAndVersion
|
33
|
+
param minimumElasticInstanceCount int = -1
|
34
|
+
param numberOfWorkers int = -1
|
35
|
+
param scmDoBuildDuringDeployment bool = false
|
36
|
+
param use32BitWorkerProcess bool = false
|
37
|
+
param ftpsState string = 'FtpsOnly'
|
38
|
+
param healthCheckPath string = ''
|
39
|
+
|
40
|
+
resource appService 'Microsoft.Web/sites@2022-03-01' = {
|
41
|
+
name: name
|
42
|
+
location: location
|
43
|
+
tags: tags
|
44
|
+
kind: kind
|
45
|
+
properties: {
|
46
|
+
serverFarmId: appServicePlanId
|
47
|
+
siteConfig: {
|
48
|
+
linuxFxVersion: linuxFxVersion
|
49
|
+
alwaysOn: alwaysOn
|
50
|
+
ftpsState: ftpsState
|
51
|
+
minTlsVersion: '1.2'
|
52
|
+
appCommandLine: appCommandLine
|
53
|
+
numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null
|
54
|
+
minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null
|
55
|
+
use32BitWorkerProcess: use32BitWorkerProcess
|
56
|
+
functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null
|
57
|
+
healthCheckPath: healthCheckPath
|
58
|
+
cors: {
|
59
|
+
allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
|
60
|
+
}
|
61
|
+
}
|
62
|
+
clientAffinityEnabled: clientAffinityEnabled
|
63
|
+
httpsOnly: true
|
64
|
+
}
|
65
|
+
|
66
|
+
identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
|
67
|
+
|
68
|
+
resource basicPublishingCredentialsPoliciesFtp 'basicPublishingCredentialsPolicies' = {
|
69
|
+
name: 'ftp'
|
70
|
+
properties: {
|
71
|
+
allow: false
|
72
|
+
}
|
73
|
+
}
|
74
|
+
|
75
|
+
resource basicPublishingCredentialsPoliciesScm 'basicPublishingCredentialsPolicies' = {
|
76
|
+
name: 'scm'
|
77
|
+
properties: {
|
78
|
+
allow: false
|
79
|
+
}
|
80
|
+
}
|
81
|
+
}
|
82
|
+
|
83
|
+
// Updates to the single Microsoft.sites/web/config resources that need to be performed sequentially
|
84
|
+
// sites/web/config 'appsettings'
|
85
|
+
module configAppSettings 'appservice-appsettings.bicep' = {
|
86
|
+
name: '${name}-appSettings'
|
87
|
+
params: {
|
88
|
+
name: appService.name
|
89
|
+
appSettings: union(appSettings,
|
90
|
+
{
|
91
|
+
SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
|
92
|
+
ENABLE_ORYX_BUILD: string(enableOryxBuild)
|
93
|
+
},
|
94
|
+
runtimeName == 'python' && appCommandLine == '' ? { PYTHON_ENABLE_GUNICORN_MULTIWORKERS: 'true'} : {},
|
95
|
+
!empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
|
96
|
+
!empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
|
97
|
+
}
|
98
|
+
}
|
99
|
+
|
100
|
+
// sites/web/config 'logs'
|
101
|
+
resource configLogs 'Microsoft.Web/sites/config@2022-03-01' = {
|
102
|
+
name: 'logs'
|
103
|
+
parent: appService
|
104
|
+
properties: {
|
105
|
+
applicationLogs: { fileSystem: { level: 'Verbose' } }
|
106
|
+
detailedErrorMessages: { enabled: true }
|
107
|
+
failedRequestsTracing: { enabled: true }
|
108
|
+
httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
|
109
|
+
}
|
110
|
+
dependsOn: [configAppSettings]
|
111
|
+
}
|
112
|
+
|
113
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
|
114
|
+
name: keyVaultName
|
115
|
+
}
|
116
|
+
|
117
|
+
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
|
118
|
+
name: applicationInsightsName
|
119
|
+
}
|
120
|
+
|
121
|
+
output identityPrincipalId string = managedIdentity ? appService.identity.principalId : ''
|
122
|
+
output name string = appService.name
|
123
|
+
output uri string = 'https://${appService.properties.defaultHostName}'
|
@@ -0,0 +1,22 @@
|
|
1
|
+
metadata description = 'Creates an Azure App Service plan.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param kind string = ''
|
7
|
+
param reserved bool = true
|
8
|
+
param sku object
|
9
|
+
|
10
|
+
resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
|
11
|
+
name: name
|
12
|
+
location: location
|
13
|
+
tags: tags
|
14
|
+
sku: sku
|
15
|
+
kind: kind
|
16
|
+
properties: {
|
17
|
+
reserved: reserved
|
18
|
+
}
|
19
|
+
}
|
20
|
+
|
21
|
+
output id string = appServicePlan.id
|
22
|
+
output name string = appServicePlan.name
|
@@ -0,0 +1,109 @@
|
|
1
|
+
metadata description = 'Creates or updates an existing Azure Container App.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@description('The environment name for the container apps')
|
7
|
+
param containerAppsEnvironmentName string
|
8
|
+
|
9
|
+
@description('The number of CPU cores allocated to a single container instance, e.g., 0.5')
|
10
|
+
param containerCpuCoreCount string = '0.5'
|
11
|
+
|
12
|
+
@description('The maximum number of replicas to run. Must be at least 1.')
|
13
|
+
@minValue(1)
|
14
|
+
param containerMaxReplicas int = 10
|
15
|
+
|
16
|
+
@description('The amount of memory allocated to a single container instance, e.g., 1Gi')
|
17
|
+
param containerMemory string = '1.0Gi'
|
18
|
+
|
19
|
+
@description('The minimum number of replicas to run. Must be at least 1.')
|
20
|
+
@minValue(0)
|
21
|
+
param containerMinReplicas int = 1
|
22
|
+
|
23
|
+
@description('The name of the container')
|
24
|
+
param containerName string = 'main'
|
25
|
+
|
26
|
+
@description('The name of the container registry')
|
27
|
+
param containerRegistryName string = ''
|
28
|
+
|
29
|
+
@description('Hostname suffix for container registry. Set when deploying to sovereign clouds')
|
30
|
+
param containerRegistryHostSuffix string = 'azurecr.io'
|
31
|
+
|
32
|
+
@allowed([ 'http', 'grpc' ])
|
33
|
+
@description('The protocol used by Dapr to connect to the app, e.g., HTTP or gRPC')
|
34
|
+
param daprAppProtocol string = 'http'
|
35
|
+
|
36
|
+
@description('Enable or disable Dapr for the container app')
|
37
|
+
param daprEnabled bool = false
|
38
|
+
|
39
|
+
@description('The Dapr app ID')
|
40
|
+
param daprAppId string = containerName
|
41
|
+
|
42
|
+
@description('Specifies if the resource already exists')
|
43
|
+
param exists bool = false
|
44
|
+
|
45
|
+
@description('Specifies if Ingress is enabled for the container app')
|
46
|
+
param ingressEnabled bool = true
|
47
|
+
|
48
|
+
@description('The type of identity for the resource')
|
49
|
+
@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ])
|
50
|
+
param identityType string = 'None'
|
51
|
+
|
52
|
+
@description('The name of the user-assigned identity')
|
53
|
+
param identityName string = ''
|
54
|
+
|
55
|
+
@description('The name of the container image')
|
56
|
+
param imageName string = ''
|
57
|
+
|
58
|
+
@description('The secrets required for the container')
|
59
|
+
param secrets array = []
|
60
|
+
|
61
|
+
@description('The environment variables for the container')
|
62
|
+
param env array = []
|
63
|
+
|
64
|
+
@description('Specifies if the resource ingress is exposed externally')
|
65
|
+
param external bool = true
|
66
|
+
|
67
|
+
@description('The service binds associated with the container')
|
68
|
+
param serviceBinds array = []
|
69
|
+
|
70
|
+
@description('The target port for the container')
|
71
|
+
param targetPort int = 80
|
72
|
+
|
73
|
+
resource existingApp 'Microsoft.App/containerApps@2023-05-02-preview' existing = if (exists) {
|
74
|
+
name: name
|
75
|
+
}
|
76
|
+
|
77
|
+
module app 'container-app.bicep' = {
|
78
|
+
name: '${deployment().name}-update'
|
79
|
+
params: {
|
80
|
+
name: name
|
81
|
+
location: location
|
82
|
+
tags: tags
|
83
|
+
identityType: identityType
|
84
|
+
identityName: identityName
|
85
|
+
ingressEnabled: ingressEnabled
|
86
|
+
containerName: containerName
|
87
|
+
containerAppsEnvironmentName: containerAppsEnvironmentName
|
88
|
+
containerRegistryName: containerRegistryName
|
89
|
+
containerRegistryHostSuffix: containerRegistryHostSuffix
|
90
|
+
containerCpuCoreCount: containerCpuCoreCount
|
91
|
+
containerMemory: containerMemory
|
92
|
+
containerMinReplicas: containerMinReplicas
|
93
|
+
containerMaxReplicas: containerMaxReplicas
|
94
|
+
daprEnabled: daprEnabled
|
95
|
+
daprAppId: daprAppId
|
96
|
+
daprAppProtocol: daprAppProtocol
|
97
|
+
secrets: secrets
|
98
|
+
external: external
|
99
|
+
env: env
|
100
|
+
imageName: !empty(imageName) ? imageName : exists ? existingApp.properties.template.containers[0].image : ''
|
101
|
+
targetPort: targetPort
|
102
|
+
serviceBinds: serviceBinds
|
103
|
+
}
|
104
|
+
}
|
105
|
+
|
106
|
+
output defaultDomain string = app.outputs.defaultDomain
|
107
|
+
output imageName string = app.outputs.imageName
|
108
|
+
output name string = app.outputs.name
|
109
|
+
output uri string = app.outputs.uri
|