cicorias · March 22, 2023 04:07
diff --git a/.gitignore b/.gitignore
 .vscode/
 .terraform/
 *.hcl
 *.info
 *.tfstate
 *.backup
diff --git a/broken-ci.tf.bad b/broken-ci.tf.bad
 resource "azurerm_container_group" "test" {
  name                = "${random_pet.pet.id}-cg"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  ip_address_type     = "None"
  os_type             = "Linux"
  restart_policy      = "Never"
  sku                 = "Standard"

  init_container {
    name     = "${random_pet.pet.id}-init"
    image    = "busybox"
    commands = ["touch", "/sharedempty/file.txt", "echo 'hello world' > /sharedempty/file.txt"]

    volume {
      name       = "logs"
      mount_path = "/sharedempty"
      read_only  = false
      empty_dir  = true
    }
  }

  container {
    name   = "${random_pet.pet.id}-reader"
    # container groups can't pull ubuntu -- so this is an ubuntu 20.04 image
    image  = "busybox"
    cpu    = "1"
    memory = "1.5"

    volume {
      name       = "logs"
      mount_path = "/sharedempty"
      read_only  = false
      empty_dir  = true
    }

    commands = ["/bin/sh", "-c", "timeout 90 watch --interval 1 --errexit \"! cat /sharedempty/file.txt\""]
  }
 }
diff --git a/deploy2.yml b/deploy2.yml
 apiVersion: 2019-12-01
 # az group create -l eastus -n spc-citest
 # resource_id=$(az identity create --name spc-citest-id -g spc-citest | jq -r .id)
 # sed "s,{RESOURCE_ID},${resource_id},g" deploy2.yml > deployme.yml
 # az container create --resource-group spc-citest --file deployme.yml
 location: eastus
 name: spc-cgitest
 identity:
  type: UserAssigned
  # put the resource id of the managed ID here -- ensure it trails with a :{}
  userAssignedIdentities: {{RESOURCE_ID}:{}}
 properties:
  containers:
  - name: b-container
    properties:
      image: mcr.microsoft.com/azure-cli:latest
      resources:
        requests:
          cpu: 1
          memoryInGb: 1.5
      volumeMounts:
      - name: shared-data
        mountPath: /mnt/data
        readOnly: false
      command: ['sh', '-c', 'set -x; apk add curl;curl -s -H "Metadata: true" -X GET "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" > /mnt/data/imdscurl2.txt; tail -f /dev/null']
  - name: a-container
    properties:
      image: busybox
      resources:
        requests:
          cpu: 1
          memoryInGb: 1.5
      volumeMounts:
      - name: shared-data
        mountPath: /mnt/data
        readOnly: false
      command: ['sh', '-c', 'tail -f /dev/null']
  initContainers:
  - name: myinit
    properties:
      image: mcr.microsoft.com/azure-cli:latest
      command: ['sh', '-c', 'set -x;apk add curl;az login --identity --allow-no-subscriptions; echo "Init container completed" > /mnt/data/output.txt']
      volumeMounts:
      - name: shared-data
        mountPath: /mnt/data
        readOnly: false
  osType: Linux
  volumes:
  - name: shared-data
    emptyDir: {}
 tags: {exampleTag: tutorial}
 type: Microsoft.ContainerInstance/containerGroups
diff --git a/main.tf b/main.tf
 # first do a terraform init
 # then simply "terraform apply -auto-approve"

 terraform {
  required_providers {
    azapi = {
      source  = "azure/azapi"
      version = "~> 1.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.42"
    }
  }
 }
 provider "azurerm" {
  features {}
 }

 resource "random_pet" "pet" {
  length = 2
 }

 resource "azurerm_resource_group" "test" {
  name     = "${random_pet.pet.id}-rg"
  location = "eastus"
 }

diff --git a/working-ci.tf b/working-ci.tf
 resource "azapi_resource" "symbolicname" {
  type      = "Microsoft.ContainerInstance/containerGroups@2022-09-01"
  name      = "spc-aci-rg"
  location  = "eastus"
  parent_id = azurerm_resource_group.test.id
  tags = {
    environment = "testing"
  }
  body = jsonencode({
    properties = {
      containers = [
        {
          name = "a-container"
          properties = {
            command = [
              "/bin/sh",
              "-c",
              "tail -f /dev/null"
            ]
            image = "busybox"
            resources = {
              limits = {
                cpu        = 1
                memoryInGB = 1.0
              }
              requests = {
                cpu        = 1
                memoryInGB = 1.0
              }
            }
            volumeMounts = [
              {
                mountPath = "/mnt/data"
                name      = "shared-data"
                readOnly  = false
              }
            ]
          }
        }
      ],
      initContainers = [
        {
          name = "myinit"
          properties = {
            command = [
              "/bin/sh",
              "-c",
              "echo \"Init container completed\" > /mnt/data/output.txt"
            ]
            image = "busybox"
            volumeMounts = [
              {
                mountPath = "/mnt/data"
                name      = "shared-data"
                readOnly  = false
              }
            ]
          }
        }
      ]
      osType        = "Linux"
      restartPolicy = "OnFailure"
      sku           = "Standard"
      volumes = [
        {
          name     = "shared-data"
          emptyDir = {}
        }
      ]
    }
  })
 }
	resource "azurerm_container_group" "test" {
	name = "${random_pet.pet.id}-cg"
	location = azurerm_resource_group.test.location
	resource_group_name = azurerm_resource_group.test.name
	ip_address_type = "None"
	os_type = "Linux"
	restart_policy = "Never"
	sku = "Standard"

	init_container {
	name = "${random_pet.pet.id}-init"
	image = "busybox"
	commands = ["touch", "/sharedempty/file.txt", "echo 'hello world' > /sharedempty/file.txt"]

	volume {
	name = "logs"
	mount_path = "/sharedempty"
	read_only = false
	empty_dir = true
	}
	}

	container {
	name = "${random_pet.pet.id}-reader"
	# container groups can't pull ubuntu -- so this is an ubuntu 20.04 image
	image = "busybox"
	cpu = "1"
	memory = "1.5"

	volume {
	name = "logs"
	mount_path = "/sharedempty"
	read_only = false
	empty_dir = true
	}

	commands = ["/bin/sh", "-c", "timeout 90 watch --interval 1 --errexit \"! cat /sharedempty/file.txt\""]
	}
	}
	apiVersion: 2019-12-01
	# az group create -l eastus -n spc-citest
	# resource_id=$(az identity create --name spc-citest-id -g spc-citest \| jq -r .id)
	# sed "s,{RESOURCE_ID},${resource_id},g" deploy2.yml > deployme.yml
	# az container create --resource-group spc-citest --file deployme.yml
	location: eastus
	name: spc-cgitest
	identity:
	type: UserAssigned
	# put the resource id of the managed ID here -- ensure it trails with a :{}
	userAssignedIdentities: {{RESOURCE_ID}:{}}
	properties:
	containers:
	- name: b-container
	properties:
	image: mcr.microsoft.com/azure-cli:latest
	resources:
	requests:
	cpu: 1
	memoryInGb: 1.5
	volumeMounts:
	- name: shared-data
	mountPath: /mnt/data
	readOnly: false
	command: ['sh', '-c', 'set -x; apk add curl;curl -s -H "Metadata: true" -X GET "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" > /mnt/data/imdscurl2.txt; tail -f /dev/null']
	- name: a-container
	properties:
	image: busybox
	resources:
	requests:
	cpu: 1
	memoryInGb: 1.5
	volumeMounts:
	- name: shared-data
	mountPath: /mnt/data
	readOnly: false
	command: ['sh', '-c', 'tail -f /dev/null']
	initContainers:
	- name: myinit
	properties:
	image: mcr.microsoft.com/azure-cli:latest
	command: ['sh', '-c', 'set -x;apk add curl;az login --identity --allow-no-subscriptions; echo "Init container completed" > /mnt/data/output.txt']
	volumeMounts:
	- name: shared-data
	mountPath: /mnt/data
	readOnly: false
	osType: Linux
	volumes:
	- name: shared-data
	emptyDir: {}
	tags: {exampleTag: tutorial}
	type: Microsoft.ContainerInstance/containerGroups
	# first do a terraform init
	# then simply "terraform apply -auto-approve"

	terraform {
	required_providers {
	azapi = {
	source = "azure/azapi"
	version = "~> 1.0"
	}
	azurerm = {
	source = "hashicorp/azurerm"
	version = "~> 3.42"
	}
	}
	}
	provider "azurerm" {
	features {}
	}

	resource "random_pet" "pet" {
	length = 2
	}

	resource "azurerm_resource_group" "test" {
	name = "${random_pet.pet.id}-rg"
	location = "eastus"
	}
	resource "azapi_resource" "symbolicname" {
	type = "Microsoft.ContainerInstance/containerGroups@2022-09-01"
	name = "spc-aci-rg"
	location = "eastus"
	parent_id = azurerm_resource_group.test.id
	tags = {
	environment = "testing"
	}
	body = jsonencode({
	properties = {
	containers = [
	{
	name = "a-container"
	properties = {
	command = [
	"/bin/sh",
	"-c",
	"tail -f /dev/null"
	]
	image = "busybox"
	resources = {
	limits = {
	cpu = 1
	memoryInGB = 1.0
	}
	requests = {
	cpu = 1
	memoryInGB = 1.0
	}
	}
	volumeMounts = [
	{
	mountPath = "/mnt/data"
	name = "shared-data"
	readOnly = false
	}
	]
	}
	}
	],
	initContainers = [
	{
	name = "myinit"
	properties = {
	command = [
	"/bin/sh",
	"-c",
	"echo \"Init container completed\" > /mnt/data/output.txt"
	]
	image = "busybox"
	volumeMounts = [
	{
	mountPath = "/mnt/data"
	name = "shared-data"
	readOnly = false
	}
	]
	}
	}
	]
	osType = "Linux"
	restartPolicy = "OnFailure"
	sku = "Standard"
	volumes = [
	{
	name = "shared-data"
	emptyDir = {}
	}
	]
	}
	})
	}