-
-
Save ilmax/11817b6c0e00df9237ae54e2c5fcef84 to your computer and use it in GitHub Desktop.
resource "azapi_resource" "aca-test-environment" { | |
name = "aca-test-environment" | |
type = "Microsoft.App/managedEnvironments@2022-03-01" | |
location = var.location | |
parent_id = azurerm_resource_group.aca-test-rg.id | |
body = jsonencode({ | |
properties = { | |
appLogsConfiguration = { | |
destination = "log-analytics" | |
logAnalyticsConfiguration = { | |
customerId = azurerm_log_analytics_workspace.aca-test-ws.workspace_id | |
sharedKey = azurerm_log_analytics_workspace.aca-test-ws.primary_shared_key | |
} | |
} | |
} | |
}) | |
} | |
resource "azapi_resource" "producer_container_app" { | |
name = "producer-containerapp" | |
location = var.location | |
parent_id = azurerm_resource_group.aca-test-rg.id | |
type = "Microsoft.App/containerApps@2022-03-01" | |
body = jsonencode({ | |
properties = { | |
managedEnvironmentId = azapi_resource.aca-test-environment.id | |
configuration = { | |
ingress = { | |
targetPort = 80 | |
external = true | |
}, | |
registries = [ | |
{ | |
server = azurerm_container_registry.aca-test-registry.login_server | |
username = azurerm_container_registry.aca-test-registry.admin_username | |
passwordSecretRef = "registry-password" | |
} | |
], | |
secrets : [ | |
{ | |
name = "registry-password" | |
# Todo: Container apps does not yet support Managed Identity connection to ACR | |
value = azurerm_container_registry.aca-test-registry.admin_password | |
} | |
] | |
}, | |
template = { | |
containers = [ | |
{ | |
image = "${azurerm_container_registry.aca-test-registry.login_server}/${var.producer_image_name}:latest" | |
name = "producer", | |
env : [ | |
{ | |
"name" : "EnvVariable", | |
"value" : "Value" | |
} | |
] | |
} | |
] | |
} | |
} | |
}) | |
# This seems to be important for the private registry to work(?) | |
ignore_missing_property = true | |
response_export_values = ["properties.configuration.ingress"] | |
} |
terraform { | |
required_providers { | |
azurerm = { | |
source = "hashicorp/azurerm" | |
version = "~> 3.7.0" | |
} | |
azapi = { | |
source = "Azure/azapi" | |
} | |
} | |
} |
Hello @rolandihms
the terraform above should get you working with azure container registry, this is an excerpt from a public repo I have here where I create the ACR and the tasks to deploy to ACA.
Unfortunately terraform support for container apps is not yet available, you can follow the issue here.
For pulling images using managed identity I know it's now supported, see docs here but I didn't have a chance to set it up with terraform yet.
One trick to set it up is configure it manually via the portal, the look at the resource json (via either the portal or the cli) and from that deduce what you have to set in terraform. Most likely you also need to use a newer api version.
Hope this helps!
Cheers
Hey @ilmax,
Thanks for the feedback, info and links. Will check out the sample repo. It looks like the containers are actually deployed but terraform times out somewhere and responds with "Operation Expired". Looks like its an issue on the Azure Rest API. AzApi.
--------------------------------------------------------------------------------
│ RESPONSE 200: 200 OK
│ ERROR CODE: ContainerAppOperationError
│ --------------------------------------------------------------------------------
{
│ "id": "/subscriptions/xxxxxxx/providers/Microsoft.App/locations/southafricanorth/containerappOperationStatuses/xxxxxxxxxx",
│ "name": "ec9f023d-9014-42a1-b224-3d87f8f91480",
│ "status": "Failed",
│ "error": {
│ "error": {
│ "code": "ContainerAppOperationError",
│ "message": "Failed to provision revision for container app 'msgraph-api'. Error details: Operation expired."
│ },
│ "code": "ContainerAppOperationError",
│ "message": "Failed to provision revision for container app 'msgraph-api'. Error details: Operation expired."
│ },
│ "startTime": "2022-11-25T12:56:08.3368327"
│ }
I will destroy and start fresh to see if this is reproduced.
Eagerly waiting for the next version bump.
Thanks again, have a great day...
Cheers
Hey @rolandihms it may be related to this let's hope we can get some fixes there because ACA for me is an amazing product!
Cheers
Yeah @ilmax I am very impressed with ACA product offering.
Take care!
Finally got back full control of the infra 💥. complete destroy and fresh deploy did the trick and sorted the ACR issue that led me here in the first place.🤦♂️
Thanks again!
Hi Massimiliano @ilmax ,
Thanks for putting this terraform config out on medium, it has helped me spin up my infra using Container apps.
This works with private docker images but I am having issues getting this to work with the Azure Container Registry.
Line 42 "Todo: Container apps does not yet support Managed Identity connection to ACR", Have you maybe got an update on this? Or have you managed to use an Azure registry image?
Appreciate any feedback in this regard,
Thanks/Cheers