Azure container app environment is fully managed environment to run containerized applications. This blog contains terraform script that can be used to deploy Azure Container App Environment with internal only ingress which means accessible only from VNet. You can find the complete code sample in GitHub here.
Providers.tf - include provider information.
provider "azurerm" {
subscription_id = "your_subscription_id"
features {}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.48.0"
}
}
}
State.tf - We use remote state file created in Azure storage. Following terraform script can be used to connect with the remote state file.
terraform {
backend "azurerm" {
resource_group_name = "your state file resource group"
storage_account_name = "your state file storage acc"
container_name = "your state file container"
key = "your state file name.tfstate"
}
}
Main.tf
Following scripts create resource group, log analytics workspace, VNet, subnet and the container app environment.
You can add multiple container applications to one container app environment. However, ingress of the container applications depends on the configurations selected during the container app environment creation. You can make container applications publicly accessible or accessible only from VNet.
This Terraform sample shows how to enable container application ingress only from VNet by adding following two lines to azurerm_container_app_environment resource block.
internal_load_balancer_enabled = true
infrastructure_subnet_id = azurerm_subnet.demo-cae-subnet.id
resource "azurerm_resource_group" "demo-cae-rg" {
name = "container-app-rg"
location = "West Europe"
}
resource "azurerm_log_analytics_workspace" "demo-cae-logs" {
name = "democaelogs"
location = azurerm_resource_group.demo-cae-rg.location
resource_group_name = azurerm_resource_group.demo-cae-rg.name
sku = "PerGB2018"
retention_in_days = 30
}
resource "azurerm_virtual_network" "demo-cae-vnet" {
name = "demo-cae-network"
location = azurerm_resource_group.demo-cae-rg.location
resource_group_name = azurerm_resource_group.demo-cae-rg.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "demo-cae-subnet" {
name = "demo-cae-snet"
resource_group_name = azurerm_resource_group.demo-cae-rg.name
virtual_network_name = azurerm_virtual_network.demo-cae-vnet.name
address_prefixes = ["10.0.0.0/23"]
}
resource "azurerm_container_app_environment" "demo-cae" {
name = "container-app-env"
location = azurerm_resource_group.demo-cae-rg.location
resource_group_name = azurerm_resource_group.demo-cae-rg.name
log_analytics_workspace_id = azurerm_log_analytics_workspace.demo-cae-logs.id
internal_load_balancer_enabled = true
infrastructure_subnet_id = azurerm_subnet.demo-cae-subnet.id
}
No comments:
Post a Comment