Merge pull request #133 from hotosm/enhance/container-envvar

Improve envvar handling for container instances
hotosm · Jul 19, 2023 · 5a4616b · 5a4616b
2 parents ebd9ae5 + c5e9bef
commit 5a4616b
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/infra/production/container.tf b/infra/production/container.tf
@@ -1,3 +1,17 @@
+locals {
+  redis_connection_endpoint = join("", [
+    "rediss://",
+    ":",
+    azurerm_redis_cache.raw-data-queue.primary_access_key,
+    "@",
+    azurerm_redis_cache.raw-data-queue.hostname,
+    ":",
+    azurerm_redis_cache.raw-data-queue.ssl_port,
+    "/0?ssl_cert_reqs=required"
+    ]
+  )
+}
+
 resource "azurerm_container_group" "app" {
   name                = join("-", [var.project_name, var.deployment_environment])
   resource_group_name = azurerm_resource_group.raw-data.name
@@ -18,7 +32,24 @@ resource "azurerm_container_group" "app" {
       protocol = "TCP"
     }
 
-    environment_variables = var.container_envvar
+    environment_variables = merge(
+      var.container_envvar,
+      {
+        PGHOST     = azurerm_postgresql_flexible_server.raw-data.fqdn
+        PGPORT     = "5432"
+        PGUSER     = lookup(var.admin_usernames, "database")
+        PGDATABASE = azurerm_postgresql_flexible_server_database.default-db.name
+      }
+    )
+
+    secure_environment_variables = merge(
+      var.container_sensitive_envvar,
+      {
+        PGPASSWORD            = azurerm_key_vault_secret.raw-data-db.value
+        CELERY_BROKER_URL     = local.redis_connection_endpoint
+        CELERY_RESULT_BACKEND = local.redis_connection_endpoint
+      }
+    )
   }
 
   container {
@@ -34,7 +65,8 @@ resource "azurerm_container_group" "app" {
       protocol = "TCP"
     }
 
-    environment_variables = var.container_envvar
+    environment_variables        = var.container_envvar
+    secure_environment_variables = var.container_sensitive_envvar
   }
 
   tags = {

diff --git a/infra/production/variables.tf b/infra/production/variables.tf
@@ -87,3 +87,9 @@ variable "container_envvar" {
   description = "Environment Variables to pass to the container"
   type        = map(string)
 }
+
+variable "container_sensitive_envvar" {
+  description = "Environment Variables to pass to the container"
+  type        = map(string)
+}
+