takekazuomi/container.bicep

## container.bicep
param containerAppName string
param location string = resourceGroup().location
param environmentId string
param containerImage string
param containerPort int
param isExternalIngress bool
param secrets array = []
param env array = []

param minReplicas int = 0

@allowed([
  'multiple'
  'single'
])
param revisionMode string = 'single'

@allowed([
  'auto'
  'http'
  'http2'
])
param transport string = 'auto'

param allowInsecure bool = false

param acrName string

param daprEnabled bool


// The 'memory' field for each container, if provided, must contain a decimal value to
// no more than 2 decimal places followed by 'Gi' to denote the unit (Gibibytes).
// Example: '1.25Gi' or '2Gi'.
// The total requested CPU and memory resources for this application (CPU: 0.5, memory: 0.5) is invalid. Total CPU and memory for all containers defined in a Container App must add up to one of the following CPU
// - Memory combinations: [cpu: 0.25, memory: 0.5Gi]; [cpu: 0.5, memory: 1.0Gi]; [cpu: 0.75, memory: 1.5Gi]; [cpu: 1.0, memory: 2.0Gi]; [cpu: 1.25, memory: 2.5Gi]; [cpu: 1.5, memory: 3.0Gi]; [cpu: 1.75, memory: 3.5Gi]; [cpu: 2.0, memory: 4.0Gi]

var resources = [
  {
    cpu: '0.25'
    memory: '0.5Gi'
  }
  {
    cpu: '0.5'
    memory: '1.0Gi'
  }
  {
    cpu: '0.75'
    memory: '1.5Gi'
  }
  {
    cpu: '1.0'
    memory: '2.0Gi'
  }
  {
    cpu: '1.25'
    memory: '2.5Gi'
  }
  {
    cpu: '1.5'
    memory: '3.0Gi'
  }
  {
    cpu: '1.75'
    memory: '3.5Gi'
  }
  {
    cpu: '2.0'
    memory: '4.0Gi'
  }
]

resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
  name: acrName
}

// https://github.com/Azure/azure-rest-api-specs/blob/09c4eba6c2d24c5f18226f36948d7987f3b50055/specification/app/resource-manager/Microsoft.App/preview/2022-01-01-preview/ContainerApps.json#L412
resource containerApp 'Microsoft.App/containerApps@2022-01-01-preview' = {
  name: containerAppName
  location: location
  identity: {
    type: 'SystemAssigned'
    //type: 'None'
  }
  properties: {
    managedEnvironmentId: environmentId
    configuration: {
      activeRevisionsMode: revisionMode
      secrets: union(secrets, [
        {
          name: 'container-registry-password'
          value: acr.listCredentials().passwords[0].value
        }
      ])
      registries: [
        {
          server: acr.properties.loginServer
          username: acr.name
          passwordSecretRef: 'container-registry-password'
        }
      ]
      ingress: {
        external: isExternalIngress
        targetPort: containerPort
        transport: transport
        allowInsecure: allowInsecure
        // traffic: [
        //   {
        //     weight: 100
        //     latestRevision: true
        //   }
        // ]
      }
      dapr: {
        enabled: daprEnabled
        appPort: 5000
        appId: 'web'
      }
    }
    template: {
      // revisionSuffix: 'somevalue'
      containers: [
        {
          image: containerImage
          name: containerAppName
          env: env
          resources: resources[0]
        }
      ]
      scale: {
        minReplicas: minReplicas
        maxReplicas: 10
        rules: [
          {
            name: 'http-scale'
            http: {
              metadata: {
                concurrentRequests: '100'
              }
            }
          }
        ]
      }
    }
  }
}

output fqdn string = containerApp.properties.configuration.ingress.fqdn
output principalId string = containerApp.identity.principalId
output id string = containerApp.id

## main.bicep
param environmentName string
param containerAppName string

param containerImage string
param containerPort int
param isExternalIngress bool = true
param location string = resourceGroup().location
param minReplicas int = 0
param transport string = 'auto'
param allowInsecure bool = false
param env array = []
param acrName string
param storageAccountName string
param roleDefinitionName string
param daprEnabled bool = true

resource environment 'Microsoft.App/managedEnvironments@2022-01-01-preview' existing = {
  name: environmentName
}

resource role 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  name: roleDefinitionName
}

module containerApps 'container.bicep' = {
  name: 'containerApps'
  params: {
    location: location
    containerAppName: containerAppName
    containerImage: containerImage
    containerPort: containerPort
    environmentId: environment.id
    isExternalIngress: isExternalIngress
    minReplicas: minReplicas
    transport: transport
    allowInsecure: allowInsecure
    env: env
    acrName: acrName
    daprEnabled: daprEnabled
  }
}

module roleAssignment 'roleAssignment.bicep' = {
  name: 'roleAssignment'
  params: {
    roleDefinitionResourceId: role.id
    containerAppPrincipalId: containerApps.outputs.principalId
    containerAppResourceId: containerApps.outputs.id
    storageAccountName: storageAccountName
  }
}
output fqdn string = containerApps.outputs.fqdn

## roleAssignment.bicep
param roleDefinitionResourceId string
param containerAppPrincipalId string
param containerAppResourceId string
param storageAccountName string

resource sa 'Microsoft.Storage/storageAccounts@2021-08-01' existing = {
  name: storageAccountName
}

resource rd 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  name: roleDefinitionResourceId
}

resource storageRole 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(containerAppResourceId, containerAppPrincipalId, roleDefinitionResourceId)
  scope: sa
  properties: {
    roleDefinitionId: roleDefinitionResourceId
    principalId: containerAppPrincipalId
    principalType: 'ServicePrincipal'
  }
}
	param containerAppName string
	param location string = resourceGroup().location
	param environmentId string
	param containerImage string
	param containerPort int
	param isExternalIngress bool
	param secrets array = []
	param env array = []

	param minReplicas int = 0

	@allowed([
	'multiple'
	'single'
	])
	param revisionMode string = 'single'

	@allowed([
	'auto'
	'http'
	'http2'
	])
	param transport string = 'auto'

	param allowInsecure bool = false

	param acrName string

	param daprEnabled bool


	// The 'memory' field for each container, if provided, must contain a decimal value to
	// no more than 2 decimal places followed by 'Gi' to denote the unit (Gibibytes).
	// Example: '1.25Gi' or '2Gi'.
	// The total requested CPU and memory resources for this application (CPU: 0.5, memory: 0.5) is invalid. Total CPU and memory for all containers defined in a Container App must add up to one of the following CPU
	// - Memory combinations: [cpu: 0.25, memory: 0.5Gi]; [cpu: 0.5, memory: 1.0Gi]; [cpu: 0.75, memory: 1.5Gi]; [cpu: 1.0, memory: 2.0Gi]; [cpu: 1.25, memory: 2.5Gi]; [cpu: 1.5, memory: 3.0Gi]; [cpu: 1.75, memory: 3.5Gi]; [cpu: 2.0, memory: 4.0Gi]

	var resources = [
	{
	cpu: '0.25'
	memory: '0.5Gi'
	}
	{
	cpu: '0.5'
	memory: '1.0Gi'
	}
	{
	cpu: '0.75'
	memory: '1.5Gi'
	}
	{
	cpu: '1.0'
	memory: '2.0Gi'
	}
	{
	cpu: '1.25'
	memory: '2.5Gi'
	}
	{
	cpu: '1.5'
	memory: '3.0Gi'
	}
	{
	cpu: '1.75'
	memory: '3.5Gi'
	}
	{
	cpu: '2.0'
	memory: '4.0Gi'
	}
	]

	resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
	name: acrName
	}

	// https://github.com/Azure/azure-rest-api-specs/blob/09c4eba6c2d24c5f18226f36948d7987f3b50055/specification/app/resource-manager/Microsoft.App/preview/2022-01-01-preview/ContainerApps.json#L412
	resource containerApp 'Microsoft.App/containerApps@2022-01-01-preview' = {
	name: containerAppName
	location: location
	identity: {
	type: 'SystemAssigned'
	//type: 'None'
	}
	properties: {
	managedEnvironmentId: environmentId
	configuration: {
	activeRevisionsMode: revisionMode
	secrets: union(secrets, [
	{
	name: 'container-registry-password'
	value: acr.listCredentials().passwords[0].value
	}
	])
	registries: [
	{
	server: acr.properties.loginServer
	username: acr.name
	passwordSecretRef: 'container-registry-password'
	}
	]
	ingress: {
	external: isExternalIngress
	targetPort: containerPort
	transport: transport
	allowInsecure: allowInsecure
	// traffic: [
	// {
	// weight: 100
	// latestRevision: true
	// }
	// ]
	}
	dapr: {
	enabled: daprEnabled
	appPort: 5000
	appId: 'web'
	}
	}
	template: {
	// revisionSuffix: 'somevalue'
	containers: [
	{
	image: containerImage
	name: containerAppName
	env: env
	resources: resources[0]
	}
	]
	scale: {
	minReplicas: minReplicas
	maxReplicas: 10
	rules: [
	{
	name: 'http-scale'
	http: {
	metadata: {
	concurrentRequests: '100'
	}
	}
	}
	]
	}
	}
	}
	}

	output fqdn string = containerApp.properties.configuration.ingress.fqdn
	output principalId string = containerApp.identity.principalId
	output id string = containerApp.id
	param environmentName string
	param containerAppName string

	param containerImage string
	param containerPort int
	param isExternalIngress bool = true
	param location string = resourceGroup().location
	param minReplicas int = 0
	param transport string = 'auto'
	param allowInsecure bool = false
	param env array = []
	param acrName string
	param storageAccountName string
	param roleDefinitionName string
	param daprEnabled bool = true

	resource environment 'Microsoft.App/managedEnvironments@2022-01-01-preview' existing = {
	name: environmentName
	}

	resource role 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
	name: roleDefinitionName
	}

	module containerApps 'container.bicep' = {
	name: 'containerApps'
	params: {
	location: location
	containerAppName: containerAppName
	containerImage: containerImage
	containerPort: containerPort
	environmentId: environment.id
	isExternalIngress: isExternalIngress
	minReplicas: minReplicas
	transport: transport
	allowInsecure: allowInsecure
	env: env
	acrName: acrName
	daprEnabled: daprEnabled
	}
	}

	module roleAssignment 'roleAssignment.bicep' = {
	name: 'roleAssignment'
	params: {
	roleDefinitionResourceId: role.id
	containerAppPrincipalId: containerApps.outputs.principalId
	containerAppResourceId: containerApps.outputs.id
	storageAccountName: storageAccountName
	}
	}
	output fqdn string = containerApps.outputs.fqdn
	param roleDefinitionResourceId string
	param containerAppPrincipalId string
	param containerAppResourceId string
	param storageAccountName string

	resource sa 'Microsoft.Storage/storageAccounts@2021-08-01' existing = {
	name: storageAccountName
	}

	resource rd 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
	name: roleDefinitionResourceId
	}

	resource storageRole 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
	name: guid(containerAppResourceId, containerAppPrincipalId, roleDefinitionResourceId)
	scope: sa
	properties: {
	roleDefinitionId: roleDefinitionResourceId
	principalId: containerAppPrincipalId
	principalType: 'ServicePrincipal'
	}
	}