github/autogen
1
1
Fork 0
mirror of https://github.com/microsoft/autogen.git synced 2026-04-20 03:02:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2158e8cc84aa915d212888be90fc9f4622ffa00a
autogen/infra/core/host/container-app.bicep
Kosta Petan d6b917faf4 Add service to enable github issues workflow (#1) 
* big bang gitub workflows

* add missing settings in local.settings.json

* config refactor

* fix devlead plan response

* swap cosmos to table storage for metadata storage

* unify config via options

* azd-ify WIP

* add qdrant bicep WIP

* working azd provision setup

* consolidate SK version in projects

* replace localhost :)

* add fqdn to options

* httpclient fixes

* add managed identity to the function and assign contrib role

* qdrant endpoint setting

* add container instances cleanup code + wait on termination to upload to Github

* formatting fixes

* add tables in bicep

* local getting started WIP

* add azure setup instructions

* add the load-waf bits

* docs WIP

---------

Co-authored-by: Kosta Petan <Kosta.Petan@microsoft.com>
2023-08-28 20:57:56 +02:00

162 lines
5.5 KiB
Bicep
Raw Blame History

param name string
param location string = resourceGroup().location
param tags object = {}
@description('Allowed origins')
param allowedOrigins array = []
@description('Name of the environment for container apps')
param containerAppsEnvironmentName string
@description('CPU cores allocated to a single container instance, e.g., 0.5')
param containerCpuCoreCount string = '0.5'
@description('The maximum number of replicas to run. Must be at least 1.')
@minValue(1)
param containerMaxReplicas int = 10
@description('Memory allocated to a single container instance, e.g., 1Gi')
param containerMemory string = '1.0Gi'
@description('The minimum number of replicas to run. Must be at least 1.')
param containerMinReplicas int = 1
@description('The name of the container')
param containerName string = 'main'
@description('The name of the container registry')
param containerRegistryName string = ''
@description('The protocol used by Dapr to connect to the app, e.g., http or grpc')
@allowed([ 'http', 'grpc' ])
param daprAppProtocol string = 'http'
@description('The Dapr app ID')
param daprAppId string = containerName
@description('Enable Dapr')
param daprEnabled bool = false
@description('The environment variables for the container')
param env array = []
@description('Specifies if the resource ingress is exposed externally')
param external bool = true
@description('The name of the user-assigned identity')
param identityName string = ''
@description('The type of identity for the resource')
@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ])
param identityType string = 'None'
@description('The name of the container image')
param imageName string = ''
@description('Specifies if Ingress is enabled for the container app')
param ingressEnabled bool = true
param revisionMode string = 'Single'
@description('The secrets required for the container')
param secrets array = []
@description('The service binds associated with the container')
param serviceBinds array = []
@description('The name of the container apps add-on to use. e.g. redis')
param serviceType string = ''
@description('The target port for the container')
param targetPort int = 80
resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) {
name: identityName
}
// Private registry support requires both an ACR name and a User Assigned managed identity
var usePrivateRegistry = !empty(identityName) && !empty(containerRegistryName)
// Automatically set to `UserAssigned` when an `identityName` has been set
var normalizedIdentityType = !empty(identityName) ? 'UserAssigned' : identityType
module containerRegistryAccess '../security/registry-access.bicep' = if (usePrivateRegistry) {
name: '${deployment().name}-registry-access'
params: {
containerRegistryName: containerRegistryName
principalId: usePrivateRegistry ? userIdentity.properties.principalId : ''
}
}
resource app 'Microsoft.App/containerApps@2023-04-01-preview' = {
name: name
location: location
tags: tags
// It is critical that the identity is granted ACR pull access before the app is created
// otherwise the container app will throw a provision error
// This also forces us to use an user assigned managed identity since there would no way to
// provide the system assigned identity with the ACR pull access before the app is created
dependsOn: usePrivateRegistry ? [ containerRegistryAccess ] : []
identity: {
type: normalizedIdentityType
userAssignedIdentities: !empty(identityName) && normalizedIdentityType == 'UserAssigned' ? { '${userIdentity.id}': {} } : null
}
properties: {
managedEnvironmentId: containerAppsEnvironment.id
configuration: {
activeRevisionsMode: revisionMode
ingress: ingressEnabled ? {
external: external
targetPort: targetPort
transport: 'auto'
corsPolicy: {
allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
}
} : null
dapr: daprEnabled ? {
enabled: true
appId: daprAppId
appProtocol: daprAppProtocol
appPort: ingressEnabled ? targetPort : 0
} : { enabled: false }
secrets: secrets
service: !empty(serviceType) ? { type: serviceType } : null
registries: usePrivateRegistry ? [
{
server: '${containerRegistryName}.azurecr.io'
identity: userIdentity.id
}
] : []
}
template: {
serviceBinds: !empty(serviceBinds) ? serviceBinds : null
containers: [
{
image: !empty(imageName) ? imageName : 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
name: containerName
env: env
resources: {
cpu: json(containerCpuCoreCount)
memory: containerMemory
}
}
]
scale: {
minReplicas: containerMinReplicas
maxReplicas: containerMaxReplicas
}
}
}
}
resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' existing = {
name: containerAppsEnvironmentName
}
output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
output identityPrincipalId string = normalizedIdentityType == 'None' ? '' : (empty(identityName) ? app.identity.principalId : userIdentity.properties.principalId)
output imageName string = imageName
output name string = app.name
output serviceBind object = !empty(serviceType) ? { serviceId: app.id, name: name } : {}
output uri string = ingressEnabled ? 'https://${app.properties.configuration.ingress.fqdn}' : ''
Reference in New Issue View Git Blame Copy Permalink