From cff699d5f33e3559fb9276b5539b2780f7962a55 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Mon, 8 Apr 2024 14:44:19 +0100
Subject: [PATCH] Disable CDN health probes (#473)
Front Door's health probes are designed to detect situations where an origin is unavailable or unhealthy. When a health probe detects a problem with an origin, Front Door can be configured to send traffic to another origin in the origin group.
If you only have a single origin, Front Door always routes traffic to that origin even if its health probe reports an unhealthy status. The status of the health probe doesn't do anything to change Front Door's behavior. In this scenario, health probes don't provide a benefit and you should disable them to reduce the traffic on your origin.
---
terraform/README.md | 1 +
terraform/container-apps-hosting.tf | 1 +
terraform/locals.tf | 1 +
terraform/variables.tf | 6 ++++++
4 files changed, 9 insertions(+)
diff --git a/terraform/README.md b/terraform/README.md
index 5faf79554..962711d9b 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -165,6 +165,7 @@ No resources.
| [dns\_txt\_records](#input\_dns\_txt\_records) | DNS TXT records to add to the DNS Zone | map(
object({
ttl : optional(number, 300),
records : list(string)
})
)
| n/a | yes |
| [dns\_zone\_domain\_name](#input\_dns\_zone\_domain\_name) | DNS zone domain name. If created, records will automatically be created to point to the CDN. | `string` | n/a | yes |
| [enable\_cdn\_frontdoor](#input\_enable\_cdn\_frontdoor) | Enable Azure CDN FrontDoor. This will use the Container Apps endpoint as the origin. | `bool` | n/a | yes |
+| [enable\_cdn\_frontdoor\_health\_probe](#input\_enable\_cdn\_frontdoor\_health\_probe) | Enable CDN Front Door health probe | `bool` | `false` | no |
| [enable\_container\_registry](#input\_enable\_container\_registry) | Set to true to create a container registry | `bool` | n/a | yes |
| [enable\_dns\_zone](#input\_enable\_dns\_zone) | Conditionally create a DNS zone | `bool` | n/a | yes |
| [enable\_event\_hub](#input\_enable\_event\_hub) | Send Azure Container App logs to an Event Hub sink | `bool` | `false` | no |
diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
index e4eeb32b2..da3794a97 100644
--- a/terraform/container-apps-hosting.tf
+++ b/terraform/container-apps-hosting.tf
@@ -30,6 +30,7 @@ module "azure_container_apps_hosting" {
cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
+ enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
enable_event_hub = local.enable_event_hub
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 03dc6ce74..2ebfab8bb 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -31,6 +31,7 @@ locals {
cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
+ enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
container_health_probe_path = var.container_health_probe_path
cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 055ca1b04..5e11e38b5 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -247,3 +247,9 @@ variable "statuscake_contact_group_email_addresses" {
type = list(string)
default = []
}
+
+variable "enable_cdn_frontdoor_health_probe" {
+ description = "Enable CDN Front Door health probe"
+ type = bool
+ default = false
+}