-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
170 lines (147 loc) · 5.18 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# see https://github.com/hashicorp/terraform
terraform {
required_version = "1.0.11"
required_providers {
# see https://github.com/hashicorp/terraform-provider-random
# see https://registry.terraform.io/providers/hashicorp/random
random = {
source = "hashicorp/random"
version = "3.1.0"
}
# see https://github.com/terraform-providers/terraform-provider-azurerm
# see https://registry.terraform.io/providers/hashicorp/azurerm
azurerm = {
source = "hashicorp/azurerm"
version = "2.88.1"
}
}
}
provider "azurerm" {
features {}
}
# NB you can test the relative speed from you browser to a location using https://azurespeedtest.azurewebsites.net/
# get the available locations with: az account list-locations --output table
variable "location" {
default = "France Central" # see https://azure.microsoft.com/en-us/global-infrastructure/france/
}
# NB this name must be unique within the Azure subscription.
# all the other names must be unique within this resource group.
variable "resource_group_name" {
default = "rgl-terraform-azure-dns-example"
}
# NB for this to actually be used, this DNS zone MUST be delegated from
# the parent DNS zone (in this case, ruilopes.com).
variable "dns_zone" {
default = "azure-dns-example.ruilopes.com"
}
data "azurerm_client_config" "current" {
}
locals {
# NB this name must be unique within the given azure region/location.
# it will be used as the container public FQDN as {dns_name_label}.{location}.azurecontainer.io.
# NB this FQDN length is limited to Let's Encrypt Certicate CN maximum length of 64 characters.
# NB this results in a 32 character string. e.g. f64e997403f65d32aa7fb0a482c49e1b.
dns_name_label = replace(uuidv5("url", "https://azurecontainer.io/${data.azurerm_client_config.current.subscription_id}/${var.resource_group_name}/example"), "/\\-/", "")
container_fqdn = "${local.dns_name_label}.${replace(lower(azurerm_resource_group.example.location), "/ /", "")}.azurecontainer.io"
fqdn = "test.${var.dns_zone}"
}
output "ip_address" {
value = azurerm_container_group.example.ip_address
}
output "fqdn" {
value = local.fqdn
}
output "url" {
value = "https://${local.fqdn}"
}
output "dns_zone" {
value = azurerm_dns_zone.example.name
}
output "dns_name_servers" {
value = azurerm_dns_zone.example.name_servers
}
# NB this generates a random number for the storage account.
# NB this must be at most 12 bytes.
resource "random_id" "example" {
keepers = {
resource_group = azurerm_resource_group.example.name
}
byte_length = 12
}
resource "azurerm_resource_group" "example" {
name = var.resource_group_name # NB this name must be unique within the Azure subscription.
location = var.location
}
# see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone
resource "azurerm_dns_zone" "example" {
name = var.dns_zone
resource_group_name = azurerm_resource_group.example.name
}
# see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record
resource "azurerm_dns_cname_record" "example" {
resource_group_name = azurerm_resource_group.example.name
zone_name = azurerm_dns_zone.example.name
name = split(".", local.fqdn)[0]
record = local.container_fqdn
ttl = 300
}
resource "azurerm_storage_account" "example" {
# NB this name must be globally unique as all the azure storage accounts share the same namespace.
# NB this name must be at most 24 characters long.
name = random_id.example.hex
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
account_kind = "StorageV2"
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_share" "example" {
name = "example-caddy-data"
storage_account_name = azurerm_storage_account.example.name
quota = 1
}
resource "azurerm_container_group" "example" {
name = "example"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_address_type = "Public"
dns_name_label = local.dns_name_label
os_type = "Linux"
container {
name = "caddy"
image = "caddy:2"
cpu = "0.5"
memory = "0.2"
volume {
name = "config"
read_only = true
mount_path = "/etc/caddy"
secret = {
"Caddyfile" = base64encode(<<-EOF
${local.fqdn} {
log
respond "Hello, World!"
}
EOF
),
}
}
# see https://caddyserver.com/docs/conventions#data-directory
# see https://github.com/caddyserver/caddy-docker
volume {
name = "data"
mount_path = "/data"
share_name = azurerm_storage_share.example.name
storage_account_name = azurerm_storage_account.example.name
storage_account_key = azurerm_storage_account.example.primary_access_key
}
ports {
port = 80
protocol = "TCP"
}
ports {
port = 443
protocol = "TCP"
}
}
}