Skip to content

azurermContainerApp

Manages a Container App.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermLogAnalyticsWorkspaceExample =
  new azurerm.logAnalyticsWorkspace.LogAnalyticsWorkspace(this, "example_1", {
    location: azurermResourceGroupExample.location,
    name: "acctest-01",
    resource_group_name: azurermResourceGroupExample.name,
    retention_in_days: 30,
    sku: "PerGB2018",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsWorkspaceExample.overrideLogicalId("example");
const azurermContainerAppEnvironmentExample =
  new azurerm.containerAppEnvironment.ContainerAppEnvironment(
    this,
    "example_2",
    {
      location: azurermResourceGroupExample.location,
      log_analytics_workspace_id: azurermLogAnalyticsWorkspaceExample.id,
      name: "Example-Environment",
      resource_group_name: azurermResourceGroupExample.name,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermContainerAppEnvironmentExample.overrideLogicalId("example");
const azurermContainerAppExample = new azurerm.containerApp.ContainerApp(
  this,
  "example_3",
  {
    container_app_environment_id: azurermContainerAppEnvironmentExample.id,
    name: "example-app",
    resource_group_name: azurermResourceGroupExample.name,
    revision_mode: "Single",
    template: [
      {
        container: [
          {
            cpu: 0.25,
            image:
              "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
            memory: "0.5Gi",
            name: "examplecontainerapp",
          },
        ],
      },
    ],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermContainerAppExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • containerAppEnvironmentId - (Required) The ID of the Container App Environment within which this Container App should exist. Changing this forces a new resource to be created.

  • name - (Required) The name for this Container App. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which the Container App Environment is to be created. Changing this forces a new resource to be created.

  • revisionMode - (Required) The revisions operational mode for the Container App. Possible values include single and multiple. In single mode, a single revision is in operation at any given time. In multiple mode, more than one revision can be active at a time and can be configured with load distribution via the trafficWeight block in the ingress configuration.

  • template - (Required) A template block as detailed below.

  • dapr - (Optional) A dapr block as detailed below.

  • identity - (Optional) An identity block as detailed below.

  • ingress - (Optional) An ingress block as detailed below.

  • registry - (Optional) A registry block as detailed below.

  • secret - (Optional) One or more secret block as detailed below.

  • tags - (Optional) A mapping of tags to assign to the Container App.

A secret block supports the following:

  • name - (Required) The Secret name.

  • value - (Required) The value for this secret.

!> Note: Secrets cannot be removed from the service once added, attempting to do so will result in an error. Their values may be zeroed, i.e. set to "", but the named secret must persist. This is due to a technical limitation on the service which causes the service to become unmanageable. See this issue for more details.

A template block supports the following:

  • container - (Required) One or more container blocks as detailed below.

  • maxReplicas - (Optional) The maximum number of replicas for this container.

  • minReplicas - (Optional) The minimum number of replicas for this container.

  • revisionSuffix - (Optional) The suffix for the revision. This value must be unique for the lifetime of the Resource. If omitted the service will use a hash function to create one.

  • volume - (Optional) A volume block as detailed below.

A volume block supports the following:

  • name - (Required) The name of the volume.

  • storageName - (Optional) The name of the azureFile storage.

  • storageType - (Optional) The type of storage volume. Possible values include azureFile and emptyDir. Defaults to emptyDir.

A container block supports the following:

  • args - (Optional) A list of extra arguments to pass to the container.

  • command - (Optional) A command to pass to the container to override the default. This is provided as a list of command line elements without spaces.

  • cpu - (Required) The amount of vCPU to allocate to the container. Possible values include 025, 05, 075, 10, 125, 15, 175, and 20.

\~> NOTE: cpu and memory must be specified in 025'/'05Gi combination increments. e.g. 10 / 20 or 05 / 10

  • env - (Optional) One or more env blocks as detailed below.

  • ephemeralStorage - The amount of ephemeral storage available to the Container App.

\~> NOTE: ephemeralStorage is currently in preview and not configurable at this time.

  • image - (Required) The image to use to create the container.

  • livenessProbe - (Optional) A livenessProbe block as detailed below.

  • memory - (Required) The amount of memory to allocate to the container. Possible values include 05Gi, 10Gi, 15Gi, 20Gi, 25Gi, 30Gi, 35Gi, and 40Gi.

\~> NOTE: cpu and memory must be specified in 025'/'05Gi combination increments. e.g. 125 / 25Gi or 075 / 15Gi

  • name - (Required) The name of the container

  • readinessProbe - (Optional) A readinessProbe block as detailed below.

  • startupProbe - (Optional) A startupProbe block as detailed below.

  • volumeMounts - (Optional) A volumeMounts block as detailed below.

A livenessProbe block supports the following:

  • failureCountThreshold - (Optional) The number of consecutive failures required to consider this probe as failed. Possible values are between 1 and 10. Defaults to 3.

  • header - (Optional) A header block as detailed below.

  • host - (Optional) The probe hostname. Defaults to the pod IP address. Setting a value for host in headers can be used to override this for http and https type probes.

  • initialDelay - (Optional) The time in seconds to wait after the container has started before the probe is started.

  • intervalSeconds - (Optional) (Optional) How often, in seconds, the probe should run. Possible values are in the range 1 - 240. Defaults to 10.

  • path - (Optional) The URI to use with the host for http type probes. Not valid for tcp type probes. Defaults to /.

  • port - (Required) The port number on which to connect. Possible values are between 1 and 65535.

  • terminationGracePeriodSeconds - The time in seconds after the container is sent the termination signal before the process if forcibly killed.

  • timeout - (Optional) Time in seconds after which the probe times out. Possible values are in the range 1 - 240. Defaults to 1.

  • transport - (Required) Type of probe. Possible values are tcp, http, and https.

A header block supports the following:

  • name - (Required) The HTTP Header Name.

  • value - (Required) The HTTP Header value.

An env block supports the following:

  • name - (Required) The name of the environment variable for the container.

  • secretName - (Optional) The name of the secret that contains the value for this environment variable.

  • value - (Optional) The value for this environment variable.

\~> NOTE: This value is ignored if secretName is used

A readinessProbe block supports the following:

  • failureCountThreshold - (Optional) The number of consecutive failures required to consider this probe as failed. Possible values are between 1 and 10. Defaults to 3.

  • header - (Optional) A header block as detailed below.

  • host - (Optional) The probe hostname. Defaults to the pod IP address. Setting a value for host in headers can be used to override this for http and https type probes.

  • intervalSeconds - (Optional) How often, in seconds, the probe should run. Possible values are between 1 and 240. Defaults to 10

  • path - (Optional) The URI to use for http type probes. Not valid for tcp type probes. Defaults to /.

  • port - (Required) The port number on which to connect. Possible values are between 1 and 65535.

  • successCountThreshold - (Optional) The number of consecutive successful responses required to consider this probe as successful. Possible values are between 1 and 10. Defaults to 3.

  • timeout - (Optional) Time in seconds after which the probe times out. Possible values are in the range 1 - 240. Defaults to 1.

  • transport - (Required) Type of probe. Possible values are tcp, http, and https.

A header block supports the following:

  • name - (Required) The HTTP Header Name.

  • value - (Required) The HTTP Header value.

A startupProbe block supports the following:

  • failureCountThreshold - (Optional) The number of consecutive failures required to consider this probe as failed. Possible values are between 1 and 10. Defaults to 3.

  • header - (Optional) A header block as detailed below.

  • host - (Optional) The value for the host header which should be sent with this probe. If unspecified, the IP Address of the Pod is used as the host header. Setting a value for host in headers can be used to override this for http and https type probes.

  • intervalSeconds - (Optional) How often, in seconds, the probe should run. Possible values are between 1 and 240. Defaults to 10

  • path - (Optional) The URI to use with the host for http type probes. Not valid for tcp type probes. Defaults to /.

  • port - (Required) The port number on which to connect. Possible values are between 1 and 65535.

  • terminationGracePeriodSeconds - The time in seconds after the container is sent the termination signal before the process if forcibly killed.

  • timeout - (Optional) Time in seconds after which the probe times out. Possible values are in the range 1 - 240. Defaults to 1.

  • transport - (Required) Type of probe. Possible values are tcp, http, and https.

A header block supports the following:

  • name - (Required) The HTTP Header Name.

  • value - (Required) The HTTP Header value.

A volumeMounts block supports the following:

  • name - (Required) The name of the Volume to be mounted in the container.

  • path - (Required) The path in the container at which to mount this volume.

An identity block supports the following:

  • type - (Required) The type of managed identity to assign. Possible values are userAssigned and systemAssigned

  • identityIds - (Optional) - A list of one or more Resource IDs for User Assigned Managed identities to assign. Required when type is set to userAssigned.

An ingress block supports the following:

  • allowInsecureConnections - (Optional) Should this ingress allow insecure connections?

  • customDomain - (Optional) One or more customDomain block as detailed below.

  • fqdn - The FQDN of the ingress.

  • externalEnabled - (Optional) Is this an external Ingress.

  • targetPort - (Required) The target port on the container for the Ingress traffic.

  • trafficWeight - (Required) A trafficWeight block as detailed below.

\~> Note: trafficWeight can only be specified when revisionMode is set to multiple.

  • transport - (Optional) The transport method for the Ingress. Possible values include auto, http, and http2. Defaults to auto

A customDomain block supports the following:

  • certificateBindingType - (Optional) The Binding type. Possible values include disabled and sniEnabled. Defaults to disabled.

  • certificateId - (Required) The ID of the Container App Environment Certificate.

  • name - (Required) The hostname of the Certificate. Must be the CN or a named SAN in the certificate.

A trafficWeight block supports the following:

\~> Note: This block only applies when revisionMode is set to multiple.

  • label - (Optional) The label to apply to the revision as a name prefix for routing traffic.

  • latestRevision - (Optional) This traffic Weight relates to the latest stable Container Revision.

  • revisionSuffix - (Optional) The suffix string to which this trafficWeight applies.

  • percentage - (Required) The percentage of traffic which should be sent this revision.

\~> Note: The cumulative values for weight must equal 100 exactly and explicitly, no default weights are assumed.

A dapr block supports the following:

  • appId - (Required) The Dapr Application Identifier.

  • appPort - (Required) The port which the application is listening on. This is the same as the ingress port.

  • appProtocol - (Optional) The protocol for the app. Possible values include http and grpc. Defaults to http.

A registry block supports the following:

  • server - (Required) The hostname for the Container Registry.

The authentication details must also be supplied, identity and username/passwordSecretName are mutually exclusive.

  • identity - (Optional) Resource ID for the User Assigned Managed identity to use when pulling from the Container Registry.

  • passwordSecretName - (Optional) The name of the Secret Reference containing the password value for this user on the Container Registry, username must also be supplied.

  • username - (Optional) The username to use for this Container Registry, passwordSecretName must also be supplied..

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Container App.

  • customDomainVerificationId - The ID of the Custom Domain Verification for this Container App.

  • latestRevisionFqdn - The FQDN of the Latest Revision of the Container App.

  • latestRevisionName - The name of the latest Container Revision.

  • location - The location this Container App is deployed in. This is the same as the Environment in which it is deployed.

  • outboundIpAddresses - A list of the Public IP Addresses which the Container App uses for outbound network access.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Container App.
  • update - (Defaults to 30 minutes) Used when updating the Container App.
  • read - (Defaults to 5 minutes) Used when retrieving the Container App.
  • delete - (Defaults to 30 minutes) Used when deleting the Container App.

Import

A Container App can be imported using the resourceId, e.g.

terraform import azurerm_container_app.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.App/containerApps/myContainerApp"