144 lines
3.7 KiB
HCL
144 lines
3.7 KiB
HCL
terraform {
|
|
required_providers {
|
|
azurerm = {
|
|
source = "hashicorp/azurerm"
|
|
version = ">= 4.0.0"
|
|
}
|
|
}
|
|
|
|
backend "local" {
|
|
path = "azure-image-chooser.tfstate"
|
|
}
|
|
}
|
|
|
|
provider "azurerm" {
|
|
features {}
|
|
|
|
subscription_id = var.subscription_id
|
|
}
|
|
|
|
data "azurerm_client_config" "current" {}
|
|
|
|
locals {
|
|
kv_secret_name = "azure-client-secret"
|
|
}
|
|
|
|
resource "azurerm_resource_group" "rg" {
|
|
name = "rg-${var.project_name}"
|
|
location = "Poland Central"
|
|
}
|
|
|
|
resource "azurerm_log_analytics_workspace" "logaws" {
|
|
name = "${var.project_name}-logs"
|
|
location = azurerm_resource_group.rg.location
|
|
resource_group_name = azurerm_resource_group.rg.name
|
|
sku = "PerGB2018"
|
|
retention_in_days = 30
|
|
}
|
|
|
|
resource "azurerm_key_vault" "kv" {
|
|
name = "${var.project_name}-kv"
|
|
location = azurerm_resource_group.rg.location
|
|
resource_group_name = azurerm_resource_group.rg.name
|
|
sku_name = "standard"
|
|
tenant_id = data.azurerm_client_config.current.tenant_id
|
|
}
|
|
|
|
resource "azurerm_role_assignment" "app_assignment" {
|
|
scope = azurerm_key_vault.kv.id
|
|
principal_id = azurerm_user_assigned_identity.uai.principal_id
|
|
role_definition_name = "Key Vault Secrets User"
|
|
}
|
|
|
|
resource "azurerm_key_vault_secret" "azure_client_secret" {
|
|
key_vault_id = azurerm_key_vault.kv.id
|
|
name = local.kv_secret_name
|
|
value = var.azure_client_secret
|
|
}
|
|
|
|
resource "azurerm_container_app_environment" "env" {
|
|
name = "${var.project_name}-env"
|
|
resource_group_name = azurerm_resource_group.rg.name
|
|
location = azurerm_resource_group.rg.location
|
|
log_analytics_workspace_id = azurerm_log_analytics_workspace.logaws.id
|
|
}
|
|
|
|
resource "azurerm_container_app" "app" {
|
|
name = "${var.project_name}-app"
|
|
container_app_environment_id = azurerm_container_app_environment.env.id
|
|
resource_group_name = azurerm_resource_group.rg.name
|
|
revision_mode = "Single"
|
|
|
|
secret {
|
|
name = local.kv_secret_name
|
|
key_vault_secret_id = azurerm_key_vault_secret.azure_client_secret.id
|
|
identity = azurerm_user_assigned_identity.uai.id
|
|
}
|
|
|
|
template {
|
|
container {
|
|
name = "azure-image-chooser"
|
|
image = "skdomlab.azurecr.io/azure-image-chooser:latest"
|
|
cpu = "0.25"
|
|
memory = "0.5Gi"
|
|
|
|
env {
|
|
name = "AZURE_CLIENT_ID"
|
|
value = var.azure_client_id
|
|
}
|
|
|
|
env {
|
|
name = "AZURE_TENANT_ID"
|
|
value = var.azure_tenant_id
|
|
}
|
|
|
|
env {
|
|
name = "AZURE_CLIENT_SECRET"
|
|
secret_name = "azure_client_secret"
|
|
}
|
|
|
|
env {
|
|
name = "AZURE_SUBSCRIPTION_ID"
|
|
value = var.subscription_id
|
|
}
|
|
}
|
|
|
|
min_replicas = 1
|
|
max_replicas = 1
|
|
}
|
|
|
|
workload_profile_name = "Consumption"
|
|
|
|
ingress {
|
|
target_port = 8501
|
|
external_enabled = true
|
|
|
|
traffic_weight {
|
|
latest_revision = true
|
|
percentage = 100
|
|
}
|
|
}
|
|
|
|
registry {
|
|
server = "skdomlab.azurecr.io"
|
|
identity = azurerm_user_assigned_identity.uai.id
|
|
}
|
|
}
|
|
|
|
resource "azurerm_user_assigned_identity" "uai" {
|
|
name = "${var.project_name}-uai"
|
|
resource_group_name = azurerm_resource_group.rg.name
|
|
location = azurerm_resource_group.rg.location
|
|
}
|
|
|
|
resource "azurerm_role_assignment" "acr_pull" {
|
|
scope = data.azurerm_container_registry.acr.id
|
|
role_definition_name = "AcrPull"
|
|
principal_id = azurerm_user_assigned_identity.uai.principal_id
|
|
}
|
|
|
|
data "azurerm_container_registry" "acr" {
|
|
name = "skdomlab"
|
|
resource_group_name = "dom-lab-common"
|
|
}
|