From e917ab12ed1afd24f00009a8f778dfb002f2b611 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 28 Nov 2024 07:18:53 +0100 Subject: [PATCH] kaas --- infrastructure/app.bicep | 164 +++++++++++++-------------- infrastructure/bicepconfig.json | 7 ++ infrastructure/main.bicep | 21 ++-- infrastructure/monitoring.bicep | 18 ++- infrastructure/params/prd.bicepparam | 1 - infrastructure/registry.bicep | 35 +++--- infrastructure/types.bicep | 12 -- 7 files changed, 133 insertions(+), 125 deletions(-) delete mode 100644 infrastructure/types.bicep diff --git a/infrastructure/app.bicep b/infrastructure/app.bicep index 714568a..7510894 100644 --- a/infrastructure/app.bicep +++ b/infrastructure/app.bicep @@ -1,4 +1,6 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_name } from 'br/Tricep:common/context:latest' +import { container_app_environment, container_app, container, with_app_logs, with_auto_scaling, with_environment } from 'br/Tricep:recommended/app/container-app:latest' targetScope = 'resourceGroup' @@ -6,96 +8,92 @@ param context Context param version string @secure() param registryUrl string +param customerId string +param sharedKey string var appName = 'app' -resource environment 'Microsoft.App/managedEnvironments@2024-03-01' = { - name: 'cea-${context.locationAbbreviation}-${context.environment}-${context.projectName}' - location: context.location - properties: { - appLogsConfiguration: { - destination: 'azure-monitor' - } - peerAuthentication: { - mtls: { - enabled: false +var environmentConfig = container_app_environment(with_name(context, 'app'), [ + with_app_logs(customerId, sharedKey) + { + properties: { + appLogsConfiguration: { + destination: 'azure-monitor' } - } - peerTrafficConfiguration: { - encryption: { - enabled: false + peerAuthentication: { + mtls: { + enabled: false + } + } + peerTrafficConfiguration: { + encryption: { + enabled: false + } } } } +]) +var appConfig = container_app( + with_name(context, 'app'), + [ + container('${context.project}-${appName}', '${registryUrl}/${context.project}-${appName}:${version}') + ], + [ + with_environment(environment.id) + with_auto_scaling(0, 1, { + ruleName: { + concurrentRequests: '10' + } + }) + { + properties: { + configuration: { + activeRevisionsMode: 'Single' + + ingress: { + external: true + targetPort: 3000 + transport: 'auto' + allowInsecure: false + traffic: [ + { + weight: 100 + latestRevision: true + } + ] + corsPolicy: { + allowedOrigins: [ + // 'https://localhost:3000' + '*' + ] + allowCredentials: true + allowedHeaders: ['*'] + allowedMethods: ['Get, POST'] + maxAge: 0 + } + } + + registries: [ + { + identity: 'system' + server: registryUrl + } + ] + } + } + } + ] +) + +resource environment 'Microsoft.App/managedEnvironments@2024-03-01' = { + name: environmentConfig.name + location: environmentConfig.location + properties: environmentConfig.properties } resource app 'Microsoft.App/containerApps@2024-03-01' = { - name: 'ca-${context.locationAbbreviation}-${context.environment}-${context.projectName}-app' - location: context.location - identity: { - type: 'SystemAssigned' - } - properties: { - environmentId: environment.id - - configuration: { - activeRevisionsMode: 'Single' - - ingress: { - external: true - targetPort: 3000 - transport: 'auto' - allowInsecure: false - traffic: [ - { - weight: 100 - latestRevision: true - } - ] - corsPolicy: { - allowedOrigins: [ - // 'https://localhost:3000' - '*' - ] - allowCredentials: true - allowedHeaders: ['*'] - allowedMethods: ['Get, POST'] - maxAge: 0 - } - } - registries: [ - { - identity: 'system' - server: registryUrl - } - ] - } - - template: { - containers: [ - { - image: '${registryUrl}/${context.projectName}-${appName}:${version}' - name: '${context.projectName}-${appName}' - resources: { - cpu: json('0.25') - memory: '0.5Gi' - } - } - ] - scale: { - minReplicas: 1 - maxReplicas: 2 - rules: [ - { - name: 'http-rule' - http: { - metadata: { - concurrentRequests: '50' - } - } - } - ] - } - } - } + name: appConfig.name + location: appConfig.location + identity: appConfig.identity + properties: appConfig.properties } diff --git a/infrastructure/bicepconfig.json b/infrastructure/bicepconfig.json index 09945bd..622d0de 100644 --- a/infrastructure/bicepconfig.json +++ b/infrastructure/bicepconfig.json @@ -7,5 +7,12 @@ "resourceTypedParamsAndOutputs": true, "sourceMapping": true, "symbolicNameCodegen": true + }, + "moduleAliases": { + "br": { + "Tricep": { + "registry": "acreuwprdtricep.azurecr.io" + } + } } } \ No newline at end of file diff --git a/infrastructure/main.bicep b/infrastructure/main.bicep index 6e207c5..5130d1b 100644 --- a/infrastructure/main.bicep +++ b/infrastructure/main.bicep @@ -1,8 +1,8 @@ -import { Context } from 'types.bicep' +import { create_context } from 'br/Tricep:common/context:latest' +import { resource_group } from 'br/Tricep:recommended/resources/resource-group:latest' targetScope = 'subscription' -param locationAbbreviation string param location string param environment string param projectName string @@ -11,17 +11,22 @@ param version string param registryUrl string param deployedAt string = utcNow('yyyyMMdd') -var context = { - locationAbbreviation: locationAbbreviation +var context = create_context({ + name: '' + project: projectName + nameConventionTemplate: '$type-$env-$loc-$project-$name' location: location environment: environment - projectName: projectName deployedAt: deployedAt -} + tenant: tenant() + tags: {} +}) + +var resourceGroupConfig = resource_group(context, []) resource calqueResourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { - name: 'rg-${locationAbbreviation}-${environment}-${projectName}' - location: location + name: resourceGroupConfig.name + location: resourceGroupConfig.location } module monitoring 'monitoring.bicep' = { diff --git a/infrastructure/monitoring.bicep b/infrastructure/monitoring.bicep index f057cd0..9740965 100644 --- a/infrastructure/monitoring.bicep +++ b/infrastructure/monitoring.bicep @@ -1,11 +1,17 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_managed_identity } from 'br/Tricep:common/identity:latest' +import { log_analytics } from 'br/Tricep:recommended/operational-insights/log-analytics:latest' targetScope = 'resourceGroup' param context Context -// resource monitoring 'Microsoft.___/___@___' = { -// name: '___-${context.locationAbbreviation}-${context.environment}-${context.projectName}' -// location: context.location -// properties: {} -// } +var logAnalyticsConfig = log_analytics(context, [ + with_managed_identity() +]) + +resource monitoring 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { + name: logAnalyticsConfig.name + location: logAnalyticsConfig.location + properties: logAnalyticsConfig.properties +} diff --git a/infrastructure/params/prd.bicepparam b/infrastructure/params/prd.bicepparam index 5d93d34..06404bf 100644 --- a/infrastructure/params/prd.bicepparam +++ b/infrastructure/params/prd.bicepparam @@ -1,6 +1,5 @@ using '../main.bicep' -param locationAbbreviation = 'euw' param location = 'westeurope' param environment = 'prd' param projectName = 'calque' diff --git a/infrastructure/registry.bicep b/infrastructure/registry.bicep index a13abbf..dddded3 100644 --- a/infrastructure/registry.bicep +++ b/infrastructure/registry.bicep @@ -1,23 +1,28 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_managed_identity } from 'br/Tricep:common/identity:latest' +import { container_registry } from 'br/Tricep:recommended/container-registry/container-registry:latest' targetScope = 'resourceGroup' param context Context -resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { - name: 'acr${context.locationAbbreviation}${context.environment}${context.projectName}' - location: context.location - sku: { - name: 'Basic' - } - identity: { - type: 'SystemAssigned' - } - properties: { - adminUserEnabled: true - dataEndpointEnabled: false - encryption: { - status: 'disabled' +var registryConfig = container_registry(context, [ + with_managed_identity() + { + properties: { + adminUserEnabled: true + dataEndpointEnabled: false + encryption: { + status: 'disabled' + } } } +]) + +resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { + name: registryConfig.name + location: registryConfig.location + sku: registryConfig.sku + identity: registryConfig.identity + properties: registryConfig.properties } diff --git a/infrastructure/types.bicep b/infrastructure/types.bicep deleted file mode 100644 index 768ff80..0000000 --- a/infrastructure/types.bicep +++ /dev/null @@ -1,12 +0,0 @@ -@export() -type Context = { - @minLength(2) - locationAbbreviation: string - @minLength(2) - location: string - @minLength(3) - environment: string - @minLength(2) - projectName: string - deployedAt: string -}