ryan/DevOpsOpenHack
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2022-11-03. You can view files and clone it, but cannot push or open issues or pull requests.
main
DevOpsOpenHack/iac/bicep/appService.bicep
Ryan Peters b2c9f7e29f add openhack files
2022-11-03 16:41:13 -04:00

775 lines
21 KiB
Bicep
Raw Permalink Blame History

param resourcesPrefix string
param sqlServerAdminLogin string
@secure()
param sqlServerAdminPassword string
param sqlServerFqdn string
param sqlDatabaseName string
param containerRegistryLoginServer string
param containerRegistryName string
param containerRegistryAdminUsername string
param containerRegistryAdminPassword string
param keyVaultName string // for Key Vault integration
param appInsightsInstrumentationKey string
param appInsightsConnectionString string
param appInsightsStagingInstrumentationKey string
param appInsightsStagingConnectionString string
param apiPoiBaseImageTag string
param apiTripsBaseImageTag string
param apiUserJavaBaseImageTag string
param apiUserprofileBaseImageTag string
var location = resourceGroup().location
var varfile = json(loadTextContent('./variables.json'))
// https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
// AcrPull
var acrPullRoleDefinitionId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
resource containerRegistry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
name: containerRegistryName
}
// Prepared for Key Vault integration
resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = {
name: keyVaultName
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/serverfarms?tabs=bicep
resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
name: '${resourcesPrefix}plan'
kind: 'linux'
location: location
properties: {
reserved: true
}
sku: {
name: 'S1'
tier: 'Standard'
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep
resource appServiceTripviewer 'Microsoft.Web/sites@2021-02-01' = {
name: '${resourcesPrefix}tripviewer'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
acrUseManagedIdentityCreds: true
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/tripviewer:latest'
appSettings: [
{
name: 'BING_MAPS_KEY'
value: varfile.bingMapsKey
}
{
name: 'USER_ROOT_URL'
value: 'https://${appServiceApiUserprofile.properties.defaultHostName}'
}
{
name: 'USER_JAVA_ROOT_URL'
value: 'https://${appServiceApiUserJava.properties.defaultHostName}'
}
{
name: 'TRIPS_ROOT_URL'
value: 'https://${appServiceApiTrips.properties.defaultHostName}'
}
{
name: 'POI_ROOT_URL'
value: 'https://${appServiceApiPoi.properties.defaultHostName}'
}
{
name: 'STAGING_USER_ROOT_URL'
value: 'https://${appServiceApiUserprofileStaging.properties.defaultHostName}'
}
{
name: 'STAGING_USER_JAVA_ROOT_URL'
value: 'https://${appServiceApiUserJavaStaging.properties.defaultHostName}'
}
{
name: 'STAGING_TRIPS_ROOT_URL'
value: 'https://${appServiceApiTripsStaging.properties.defaultHostName}'
}
{
name: 'STAGING_POI_ROOT_URL'
value: 'https://${appServiceApiPoiStaging.properties.defaultHostName}'
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceTripviewerExtension 'Microsoft.Web/sites/config@2021-02-01' = {
parent: appServiceTripviewer
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?tabs=bicep
resource acrPullRoleAssignmentTripviewer 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
name: guid(resourceGroup().id, containerRegistry.id, 'tripviewer', acrPullRoleDefinitionId)
scope: containerRegistry
properties: {
roleDefinitionId: acrPullRoleDefinitionId
principalId: appServiceTripviewer.identity.principalId
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep
resource appServiceApiPoi 'Microsoft.Web/sites@2021-02-01' = {
name: '${resourcesPrefix}poi'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-poi:${apiPoiBaseImageTag}'
healthCheckPath: '/api/healthcheck/poi'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
//value: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=SQL-PASSWORD)' // for Key Vault integration
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'WEBSITES_PORT'
value: '8080'
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
//value: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=DOCKER-REGISTRY-SERVER-PASSWORD)' // for Key Vault integration
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiPoiExtension 'Microsoft.Web/sites/config@2021-02-01' = {
parent: appServiceApiPoi
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// Prepared for Key Vault integration
// resource keyVaultAccessPolicyApiPoi 'Microsoft.KeyVault/vaults/accessPolicies@2021-06-01-preview' = {
// name: 'add'
// parent: keyVault
// properties: {
// accessPolicies: [
// {
// tenantId: appServiceApiPoi.identity.tenantId
// objectId: appServiceApiPoi.identity.principalId
// permissions: {
// secrets: [
// 'get'
// 'list'
// 'set'
// ]
// }
// }
// ]
// }
// }
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/slots?tabs=bicep
resource appServiceApiPoiStaging 'Microsoft.Web/sites/slots@2021-02-01' = {
parent: appServiceApiPoi
name: 'staging'
identity: {
type: 'SystemAssigned'
}
location: location
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-poi:${apiPoiBaseImageTag}'
healthCheckPath: '/api/healthcheck/poi'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
//value: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=SQL-PASSWORD)' // for Key Vault integration
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'WEBSITES_PORT'
value: '8080'
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
//value: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=DOCKER-REGISTRY-SERVER-PASSWORD)' // for Key Vault integration
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsStagingInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsStagingConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiPoiStagingExtension 'Microsoft.Web/sites/slots/config@2021-02-01' = {
parent: appServiceApiPoiStaging
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// Prepared for Key Vault integration
// resource keyVaultAccessPolicyApiPoiStaging 'Microsoft.KeyVault/vaults/accessPolicies@2021-06-01-preview' = {
// name: 'add'
// parent: keyVault
// properties: {
// accessPolicies: [
// {
// tenantId: appServiceApiPoiStaging.identity.tenantId
// objectId: appServiceApiPoiStaging.identity.principalId
// permissions: {
// secrets: [
// 'get'
// 'list'
// 'set'
// ]
// }
// }
// ]
// }
// }
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep
resource appServiceApiTrips 'Microsoft.Web/sites@2021-02-01' = {
name: '${resourcesPrefix}trips'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-trips:${apiTripsBaseImageTag}'
healthCheckPath: '/api/healthcheck/trips'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiTripsExtension 'Microsoft.Web/sites/config@2021-02-01' = {
parent: appServiceApiTrips
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/slots?tabs=bicep
resource appServiceApiTripsStaging 'Microsoft.Web/sites/slots@2021-02-01' = {
parent: appServiceApiTrips
name: 'staging'
identity: {
type: 'SystemAssigned'
}
location: location
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-trips:${apiTripsBaseImageTag}'
healthCheckPath: '/api/healthcheck/trips'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsStagingInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsStagingConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiTripsStagingExtension 'Microsoft.Web/sites/slots/config@2021-02-01' = {
parent: appServiceApiTripsStaging
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep
resource appServiceApiUserJava 'Microsoft.Web/sites@2021-02-01' = {
name: '${resourcesPrefix}userjava'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-user-java:${apiUserJavaBaseImageTag}'
healthCheckPath: '/api/healthcheck/user-java'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiUserJavaExtension 'Microsoft.Web/sites/config@2021-02-01' = {
parent: appServiceApiUserJava
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/slots?tabs=bicep
resource appServiceApiUserJavaStaging 'Microsoft.Web/sites/slots@2021-02-01' = {
parent: appServiceApiUserJava
name: 'staging'
identity: {
type: 'SystemAssigned'
}
location: location
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-user-java:${apiUserJavaBaseImageTag}'
healthCheckPath: '/api/healthcheck/user-java'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsStagingInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsStagingConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiUserJavaStagingExtension 'Microsoft.Web/sites/slots/config@2021-02-01' = {
parent: appServiceApiUserJavaStaging
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep
resource appServiceApiUserprofile 'Microsoft.Web/sites@2021-02-01' = {
name: '${resourcesPrefix}userprofile'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-userprofile:${apiUserprofileBaseImageTag}'
healthCheckPath: '/api/healthcheck/user'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiUserprofileExtension 'Microsoft.Web/sites/config@2021-02-01' = {
parent: appServiceApiUserprofile
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/slots?tabs=bicep
resource appServiceApiUserprofileStaging 'Microsoft.Web/sites/slots@2021-02-01' = {
parent: appServiceApiUserprofile
name: 'staging'
identity: {
type: 'SystemAssigned'
}
location: location
properties: {
serverFarmId: appServicePlan.id
siteConfig: {
linuxFxVersion: 'DOCKER|${containerRegistryLoginServer}/devopsoh/api-userprofile:${apiUserprofileBaseImageTag}'
healthCheckPath: '/api/healthcheck/user'
appSettings: [
{
name: 'SQL_USER'
value: sqlServerAdminLogin
}
{
name: 'SQL_PASSWORD'
value: sqlServerAdminPassword
}
{
name: 'SQL_SERVER'
value: sqlServerFqdn
}
{
name: 'SQL_DBNAME'
value: sqlDatabaseName
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: 'https://${containerRegistryLoginServer}'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: containerRegistryAdminUsername
}
{
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: containerRegistryAdminPassword
}
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsightsStagingInstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: appInsightsStagingConnectionString
}
]
alwaysOn: true
}
httpsOnly: true
}
}
// https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-logs?tabs=bicep
resource appServiceApiUserprofileStagingExtension 'Microsoft.Web/sites/slots/config@2021-02-01' = {
parent: appServiceApiUserprofileStaging
name: 'logs'
properties: {
httpLogs: {
fileSystem: {
retentionInMb: 50
retentionInDays: 7
enabled: true
}
}
}
}
output appServiceApiPoiHostname string = appServiceApiPoi.properties.defaultHostName
output appServiceApiTripsHostname string = appServiceApiTrips.properties.defaultHostName
output appServiceApiUserJavaHostname string = appServiceApiUserJava.properties.defaultHostName
output appServiceApiUserprofileHostname string = appServiceApiUserprofile.properties.defaultHostName
Reference in New Issue View Git Blame Copy Permalink