-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.bicep
191 lines (165 loc) · 4.26 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
targetScope = 'resourceGroup'
import { Scale } from '../../modules/containerApp/main.bicep'
@description('The tag of the image to be used')
@minLength(3)
param imageTag string
@description('The environment for the deployment')
@minLength(3)
param environment string
@description('The location where the resources will be deployed')
@minLength(3)
param location string
@description('The IP address of the API Management instance')
@minLength(3)
param apimIp string
@description('The suffix for the revision of the container app')
@minLength(3)
param revisionSuffix string
@description('CPU and memory resources for the container app')
param resources object?
@description('The name of the container app environment')
@minLength(3)
@secure()
param containerAppEnvironmentName string
@description('The connection string for Application Insights')
@minLength(3)
@secure()
param appInsightConnectionString string
@description('The name of the App Configuration store')
@minLength(5)
@secure()
param appConfigurationName string
@description('The name of the Key Vault for the environment')
@minLength(3)
@secure()
param environmentKeyVaultName string
var namePrefix = 'dp-be-${environment}'
var baseImageUrl = 'ghcr.io/digdir/dialogporten-'
var tags = {
Environment: environment
Product: 'Dialogporten'
}
resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
name: appConfigurationName
}
resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01' existing = {
name: containerAppEnvironmentName
}
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: '${namePrefix}-graphql-identity'
location: location
tags: tags
}
var containerAppEnvVars = [
{
name: 'ASPNETCORE_ENVIRONMENT'
value: environment
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightConnectionString
}
{
name: 'AZURE_APPCONFIG_URI'
value: appConfiguration.properties.endpoint
}
{
name: 'AZURE_CLIENT_ID'
value: managedIdentity.properties.clientId
}
]
var port = 8080
var probes = [
{
periodSeconds: 5
initialDelaySeconds: 2
type: 'Liveness'
httpGet: {
path: '/health/liveness'
port: port
}
}
{
periodSeconds: 5
initialDelaySeconds: 2
type: 'Readiness'
httpGet: {
path: '/health/readiness'
port: port
}
}
{
periodSeconds: 5
initialDelaySeconds: 2
type: 'Startup'
httpGet: {
path: '/health/startup'
port: port
}
}
]
@description('The scaling configuration for the container app')
param scale Scale = {
minReplicas: 2
maxReplicas: 10
rules: [
{
name: 'cpu'
custom: {
type: 'cpu'
metadata: {
type: 'Utilization'
value: '70'
}
}
}
{
name: 'memory'
custom: {
type: 'memory'
metadata: {
type: 'Utilization'
value: '70'
}
}
}
]
}
resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: environmentKeyVaultName
}
var containerAppName = '${namePrefix}-graphql-ca'
module containerApp '../../modules/containerApp/main.bicep' = {
name: containerAppName
params: {
name: containerAppName
image: '${baseImageUrl}graphql:${imageTag}'
location: location
envVariables: containerAppEnvVars
containerAppEnvId: containerAppEnvironment.id
apimIp: apimIp
tags: tags
resources: resources
revisionSuffix: revisionSuffix
probes: probes
port: port
scale: scale
userAssignedIdentityId: managedIdentity.id
}
}
module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
name: 'keyVaultReaderAccessPolicy-${containerAppName}'
params: {
keyvaultName: environmentKeyVaultResource.name
principalIds: [managedIdentity.properties.principalId]
}
}
module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
name: 'appConfigReaderAccessPolicy-${containerAppName}'
params: {
appConfigurationName: appConfigurationName
principalIds: [managedIdentity.properties.principalId]
}
}
output name string = containerApp.outputs.name
output revisionName string = containerApp.outputs.revisionName