terraform app container

DFE-Digital · Feb 19, 2024 · d4e63c2 · d4e63c2
1 parent 4e561ea
commit d4e63c2
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 21 deletions.
diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -27,6 +27,8 @@ env:
   TF_BACKEND_CONTAINER_NAME: ${{ secrets.TF_BACKEND_CONTAINER_NAME }}
   TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
   TF_BACKEND_RESOURCE_GROUP: ${{ secrets.TF_BACKEND_RESOURCE_GROUP }}
+  TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }}
+  TF_VAR_container_app_image_name : ${{ vars.container_app_image_name }}
 
 
   TF_VAR_project_name: ${{ secrets.DFE_PROJECT_NAME }}
@@ -39,7 +41,12 @@ env:
   TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }}
   TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }}  
 
-
+  TF_VAR_registry_server: "ghcr.io"
+  TF_VAR_registry_username: ${{ github.repository_owner }}
+  TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/sts-knowledgebase:v0.0.1-development.0"
+  TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
+
+  TF_VAR_serviceprinciple_identity : ${{ secrets.serviceprinciple }} 
   TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
 
 
@@ -100,7 +107,7 @@ jobs:
         id: plan
         run: terraform plan
 
-      - uses: trstringer/manual-approval@v1
+       - uses: trstringer/manual-approval@v1
         with:
           secret: ${{ github.TOKEN }}
           approvers: sathishmani219
@@ -109,9 +116,9 @@ jobs:
           issue-body: "Review the terraform plan, then approve."
           exclude-workflow-initiator-as-approver: false
 
-      - name: Apply Terraform changes
-        id: apply
-        run: terraform apply -auto-approve
+     # - name: Apply Terraform changes
+     #   id: apply
+     #   run: terraform apply -auto-approve
 
       - name: Remove Runner to KV whitelist
         uses: azure/CLI@v1

diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -9,23 +9,40 @@ locals {
   azure_location            = var.azure_location
   resource_prefix           = "${local.environment}${local.project_name}"
   azure_resource_group_name = var.resource_group_name
+  registry_server           = var.registry_server
+  registry_username         = var.registry_username
+  registry_password         = var.registry_password
+  registry_custom_image_url = var.registry_custom_image_url
 
 
   tags = {
     "Environment"      = var.az_tag_environment,
     "Service Offering" = var.az_tag_product,
     "Product"          = var.az_tag_product
-  }
+ }
 
-  ##################
-  # Azure KeyVault #
-  ##################
-  kv_name = "${local.environment}${local.project_name}-kv"
 
+    ########################
+    ### Container App ###
+    ########################
 
-  ###########
+   container_app_image_name = var.container_app_image_name
+   container_port           = var.az_container_port
+   kestrel_endpoint = var.az_app_kestrel_endpoint
+
+   ##################
+   # Azure KeyVault #
+   ##################
+   kv_name = "${local.environment}${local.project_name}-kv"
+
+
+   ###########
   # tfstate storage container #
-  ###########
-  tfstate_container_name = var.tfstate_storage_container_name
-  azurerm_terraform_storage_account = var.tf_state_storage_account
-}
+   ###########
+   tfstate_container_name = var.tfstate_storage_container_name
+   azurerm_terraform_storage_account = var.tf_state_storage_account
+
+  ####################
+  # Managed Identity #
+  ####################
+  user_identity_name = var.serviceprinciple_identity
diff --git a/terraform/main-hosting.tf b/terraform/main-hosting.tf
@@ -1,9 +1,6 @@
   #####################
   # Key Vault #
   #####################
-
-# module "main_hosting" {
-  # source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.2.0"
 
  resource "azurerm_key_vault" "vault" {
   name                       = local.kv_name
@@ -49,8 +46,6 @@
     }
   }
 
-# }
-
 
   #####################
   # Storage Container #
@@ -61,4 +56,48 @@
   storage_account_name  = local.azurerm_terraform_storage_account
   container_access_type = "private"
 }
-#
+
+
+module "main_hosting" {
+  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.2.0"
+
+  ###########
+  # General #
+  ###########
+  environment    = local.environment
+  project_name   = local.project_name
+  azure_location = local.azure_location
+  tags           = local.tags
+
+  #################
+  # Container App #
+  #################
+  enable_container_registry           = true
+  use_external_container_registry_url = true
+  image_name                          = local.container_app_image_name
+  container_port                      = local.container_port
+  container_secret_environment_variables = {
+    "AZURE_CLIENT_ID" = azurerm_user_assigned_identity.user_assigned_identity.client_id,
+    "KeyVaultName"    = local.kv_name
+  }
+
+  container_environment_variables = {
+    "Kestrel__Endpoints__Http__Url"       = local.kestrel_endpoint,
+    "ASPNETCORE_FORWARDEDHEADERS_ENABLED" = "true"
+  }
+
+  container_app_identities = {
+    type         = "UserAssigned",
+    identity_ids = [azurerm_user_assigned_identity.user_assigned_identity.id]
+  }
+
+
+  #############################
+  # Github Container Registry #
+  #############################
+  registry_server           = local.registry_server
+  registry_username         = local.registry_username
+  registry_password         = local.registry_password
+  registry_custom_image_url = local.registry_custom_image_url
+
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -77,4 +77,57 @@ variable "msi_id" {
   type        = string
   description = "The Managed Service Identity ID. If this value isn't null (the default), 'data.azurerm_client_config.current.object_id' will be set to this value."
   default     = null
+}
+
+
+
+################
+# Container App#
+################
+
+variable "container_app_image_name" {
+  type = string
+  description = "This variable is to define container App image name"
+}
+
+variable "az_container_port" {
+  type = number
+  description = "This variable defines the port of the Container App"
+  default     = 8080
+}
+
+
+variable "az_app_kestrel_endpoint" {
+  description = "Endpoint for Kestrel setup"
+  type        = string
+}
+
+
+###################
+# Github Registry #
+###################
+
+variable "registry_server" {
+  description = "Container registry server"
+  type        = string
+}
+
+variable "registry_username" {
+  description = "Container registry username"
+  type        = string
+}
+
+variable "registry_password" {
+  description = "Container registry password"
+  type        = string
+}
+
+variable "registry_custom_image_url" {
+  description = "Pass in the address to your image from your custom registry"
+  type        = string
+}
+
+variable "serviceprinciple_identity"{
+  description = "Variable to define the service principle"
+  type = string
 }