Skip to content
This repository has been archived by the owner on Dec 20, 2024. It is now read-only.

Commit

Permalink
adding registry auth to container app
Browse files Browse the repository at this point in the history
  • Loading branch information
@Physer
Physer committed Dec 17, 2024
1 parent 7db9e58 commit 97b9daa
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
8 changes: 7 additions & 1 deletion infrastructure/cms/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { appendHash } from '../utilities.bicep'
param databaseClient string
param logAnalyticsWorkspaceName string
param keyVaultName string
param registryName string
param identityResourceId string
param cmsImageName string
param cmsInitImageName string = ''
Expand All @@ -15,6 +16,10 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: keyVaultName
}

resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' existing = {
name: registryName
}

module mySql '../modules/sql.bicep' = {
name: 'deployMysql'
params: {
Expand All @@ -30,9 +35,10 @@ module cmsContainerApp '../modules/containerApp.bicep' = {
imageName: cmsImageName
initImageName: cmsInitImageName
logAnalyicsWorkspaceName: logAnalyticsWorkspaceName
keyVaultName: keyVaultName
targetPort: 1337
cmsIdentityResourceId: identityResourceId
keyVaultUri: keyVault.properties.vaultUri
registryLoginServer: registry.properties.loginServer
environmentVariables: [
{
name: 'DATABASE_CLIENT'
Expand Down
17 changes: 10 additions & 7 deletions infrastructure/modules/containerApp.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ param containerAppName string
param imageName string
param initImageName string
param logAnalyicsWorkspaceName string
param registryLoginServer string
param keyVaultUri string
param cmsIdentityResourceId string

param cpu string = '.25'
param memory string = '0.5Gi'
Expand All @@ -14,19 +17,13 @@ param targetPort int = 80

param environmentVariables array
param secrets array = []
param keyVaultName string
param cmsIdentityResourceId string

var location = resourceGroup().location

resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
name: logAnalyicsWorkspaceName
}

resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: keyVaultName
}

resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01' = {
location: location
name: appendHash(containerAppEnvironmentName)
Expand Down Expand Up @@ -70,10 +67,16 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = {
}
]
}
registries: [
{
identity: cmsIdentityResourceId
server: registryLoginServer
}
]
secrets: [
for secret in secrets: {
name: secret.secretName
keyVaultUrl: secret.fromKeyVault ? '${keyVault.properties.vaultUri}secrets/${secret.secretName}' : null
keyVaultUrl: secret.fromKeyVault ? '${keyVaultUri}secrets/${secret.secretName}' : null
identity: secret.fromKeyVault ? cmsIdentityResourceId : null
value: !secret.fromKeyVault ? secret.secretValue : null
}
Expand Down

0 comments on commit 97b9daa

Please sign in to comment.