Created
April 21, 2023 10:25
-
-
Save Daniel-Krzyczkowski/9d04a29eb245d968566e52e30518ffb1 to your computer and use it in GitHub Desktop.
Gist for Azure Container App creation with OpenFGA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
targetScope = 'resourceGroup' | |
@description('The location for Azure Container App.') | |
param location string = resourceGroup().location | |
@description('Environment type.') | |
param environmentType string | |
@description('The name of the Azure Container Apps Environment.') | |
param containerAppsEnvName string | |
@description('The name of the Azure Container App.') | |
param contianerAppName string | |
@description('The full path to Docker image.') | |
param containerImage string | |
@description('The open FGA data store engine.') | |
param openFgaDataStoreEngine string | |
@secure() | |
@description('The open FGA data store URI.') | |
param openFgaDataStoreUri string | |
@description('The open FGA log format.') | |
param openFgaDataStoreLogFormat string | |
@description('The open FGA authentication method.') | |
param openFgaDataStoreAuthMethod string | |
@secure() | |
@description('The open FGA authentication key.') | |
param openFgaDataStorePresharedKey string | |
@description('The revision suffix for Azure Container App.') | |
param revisionSuffix string | |
@description('The switch for using external ingress for Azure Contianer App.') | |
param useExternalIngress bool = true | |
@description('The port number for the running container.') | |
param containerPort int | |
resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' existing = { | |
name: containerAppsEnvName | |
} | |
resource containerApp 'Microsoft.App/containerApps@2022-03-01' = { | |
name: contianerAppName | |
tags:{ | |
environment:environmentType | |
} | |
location: location | |
properties: { | |
managedEnvironmentId: containerAppEnvironment.id | |
configuration: { | |
activeRevisionsMode: 'single' | |
secrets: [ | |
{ | |
name: 'open-fga-data-store-uri' | |
value: openFgaDataStoreUri | |
} | |
{ | |
name: 'open-fga-authn-key' | |
value: openFgaDataStorePresharedKey | |
} | |
] | |
ingress: { | |
external: useExternalIngress | |
targetPort: containerPort | |
allowInsecure: true | |
} | |
} | |
template: { | |
revisionSuffix: revisionSuffix | |
containers: [ | |
{ | |
image: containerImage | |
name: contianerAppName | |
resources: { | |
cpu: json('.75') | |
memory: '1.5Gi' | |
} | |
command: [ | |
'./openfga' | |
'run' | |
] | |
env: [ | |
{ | |
name: 'OPENFGA_DATASTORE_ENGINE' | |
value: openFgaDataStoreEngine | |
} | |
{ | |
name: 'OPENFGA_DATASTORE_URI' | |
secretRef: 'open-fga-data-store-uri' | |
} | |
{ | |
name: 'OPENFGA_LOG_FORMAT' | |
value: openFgaDataStoreLogFormat | |
} | |
{ | |
name: 'OPENFGA_AUTHN_METHOD' | |
value: openFgaDataStoreAuthMethod | |
} | |
{ | |
name: 'OPENFGA_AUTHN_PRESHARED_KEYS' | |
secretRef: 'open-fga-authn-key' | |
} | |
] | |
} | |
] | |
scale: { | |
minReplicas: 1 | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment