Skip to content

Commit

Permalink
Add flex function
Browse files Browse the repository at this point in the history
  • Loading branch information
@marvinbuss
marvinbuss committed Nov 1, 2024
1 parent 2637c80 commit 9f5a5ce
Show file tree
Hide file tree
Showing 2 changed files with 182 additions and 0 deletions.
136 changes: 136 additions & 0 deletions code/infra/functionflex.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
resource "azapi_resource" "linux_function_app_flex" {
type = "Microsoft.Web/sites@2024-04-01"
location = var.location
parent_id = azurerm_resource_group.resource_group_ingestion.id
tags = var.tags
identity {
type = "UserAssigned"
identity_ids = [
module.user_assigned_identity_consumption.user_assigned_identity_id
]
}

body = {
kind = "functionapp,linux",
properties = {
autoGeneratedDomainNameLabelScope = "TenantReuse"
clientAffinityEnabled = false
clientCertEnabled = false
clientCertExclusionPaths = null
clientCertMode = "Required"
dailyMemoryTimeQuota = 0
daprConfig = null
dnsConfiguration = {}
enabled = true
endToEndEncryptionEnabled = true
functionAppConfig = {
deployment = {
storage = {
authentication = {
type = "UserAssignedIdentity"
userAssignedIdentityResourceId = module.user_assigned_identity_ingestion.user_assigned_identity_id
}
type = "blobContainer"
value = "${module.storage_account_function.storage_account_primary_blob_endpoint}/${local.storage_account_container_function_code_name}"
}
}
runtime = {
name = "python"
version = "3.11"
}
scaleAndConcurrency = {
alwaysReady = []
instanceMemoryMB = 2048
maximumInstanceCount = 10
triggers = {
http = {
perInstanceConcurrency = 5
}
}
}
}
hostNamesDisabled = false
hostNameSslStates = []
httpsOnly = true
hyperV = false
ipMode = "IPv4"
keyVaultReferenceIdentity = module.user_assigned_identity_ingestion.user_assigned_identity_id
publicNetworkAccess = "Enabled"
redundancyMode = null
scmSiteAlsoStopped = false
serverFarmId = module.app_service_plan_ingestion.service_plan_id
storageAccountRequired = true
virtualNetworkSubnetId = azapi_resource.subnet_function.id
siteConfig = {
appSettings = [
{
name = "AzureWebJobsStorage__accountName"
value = module.storage_account_function.storage_account_name
},
{
name = "AzureWebJobsStorage__credential"
value = "managedidentity"
},
{
name = "AzureWebJobsStorage__clientId"
value = module.user_assigned_identity_ingestion.user_assigned_identity_client_id
},
{
name = "APPLICATIONINSIGHTS_CONNECTION_STRING"
value = module.application_insights.application_insights_connection_string
},
{
name = "MANAGED_IDENTITY_CLIENT_ID"
value = module.user_assigned_identity_ingestion.user_assigned_identity_client_id
},
{
name = "AzureWebJobsSecretStorageType"
value = "keyvault"
},
{
name = "AzureWebJobsSecretStorageKeyVaultUri"
value = module.key_vault_ingestion.key_vault_uri
},
{
name = "AzureWebJobsSecretStorageKeyVaultClientId"
value = module.user_assigned_identity_ingestion.user_assigned_identity_client_id
},
{
name = "AZURE_FUNCTIONS_ENVIRONMENT"
value = "Production"
},
]
# autoSwapSlotName = ""
detailedErrorLoggingEnabled = true
functionsRuntimeScaleMonitoringEnabled = true
healthCheckPath = null
http20Enabled = true
httpLoggingEnabled = true
ipSecurityRestrictions = []
ipSecurityRestrictionsDefaultAction = "Allow" # "Deny"
keyVaultReferenceIdentity = module.user_assigned_identity_ingestion.user_assigned_identity_id
loadBalancing = "LeastRequests"
localMySqlEnabled = false
# minTlsCipherSuite = ""
minTlsVersion = "1.3"
publicNetworkAccess = "Enabled"
remoteDebuggingEnabled = false
requestTracingEnabled = true
scmIpSecurityRestrictions = []
scmIpSecurityRestrictionsDefaultAction = "Allow" # "Deny"
scmIpSecurityRestrictionsUseMain = false
scmMinTlsVersion = "1.3"
scmType = "None"
websiteTimeZone = "UTC"
webSocketsEnabled = false

}
}
}

response_export_values = ["*"]
schema_validation_enabled = true
locks = []
ignore_casing = false
ignore_missing_property = false
}
46 changes: 46 additions & 0 deletions code/infra/storage_functionflex.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
module "storage_account_function" {
source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/storage?ref=main"
providers = {
azurerm = azurerm
time = time
}

location = var.location
resource_group_name = azurerm_resource_group.resource_group_ingestion.name
tags = var.tags

storage_account_name = replace("${local.prefix}-flxfnc-stg001", "-", "")
storage_access_tier = "Hot"
storage_account_type = "StorageV2"
storage_account_tier = "Standard"
storage_account_replication_type = "ZRS"
storage_account_allowed_copy_scope = "AAD"
storage_blob_change_feed_enabled = false
storage_blob_container_delete_retention_in_days = 7
storage_blob_delete_retention_in_days = 7
storage_blob_cors_rules = {}
storage_blob_last_access_time_enabled = false
storage_blob_versioning_enabled = false
storage_is_hns_enabled = false
storage_network_bypass = ["None"]
storage_network_private_link_access = [
"/subscriptions/${data.azurerm_client_config.current.subscription_id}/providers/Microsoft.Security/datascanners/storageDataScanner",
]
storage_public_network_access_enabled = true
storage_nfsv3_enabled = false
storage_sftp_enabled = false
storage_shared_access_key_enabled = false
storage_container_names = [local.storage_account_container_function_code_name]
storage_static_website = []
diagnostics_configurations = local.diagnostics_configurations
subnet_id = azapi_resource.subnet_private_endpoints.id
connectivity_delay_in_seconds = var.connectivity_delay_in_seconds
private_endpoint_subresource_names = ["blob", "file"]
private_dns_zone_id_blob = var.private_dns_zone_id_blob
private_dns_zone_id_file = var.private_dns_zone_id_file
private_dns_zone_id_table = ""
private_dns_zone_id_queue = ""
private_dns_zone_id_web = ""
private_dns_zone_id_dfs = ""
customer_managed_key = local.customer_managed_key
}

0 comments on commit 9f5a5ce

Please sign in to comment.