From 2bbf150088a297bee5d19cd38f483c8eed9e66a7 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 17:29:18 +0100 Subject: [PATCH 01/15] Add missing app configuration --- code/infra/function.tf | 8 ++++++++ code/infra/variables.tf | 10 ++++++++++ config/PerfectThymeTech/vars.tfvars | 1 + 3 files changed, 19 insertions(+) diff --git a/code/infra/function.tf b/code/infra/function.tf index b3ef222..b8f33a1 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -117,6 +117,10 @@ resource "azapi_resource" "function" { name = "DOCKER_SHM_SIZE" value = "268435456" }, + { + name = "DOCKER_REGISTRY_SERVER_URL" + value = var.function_container_registry_url + }, { name = "PYTHON_THREADPOOL_THREAD_COUNT" value = "None" @@ -133,6 +137,10 @@ resource "azapi_resource" "function" { name = "WEBSITE_RUN_FROM_PACKAGE" value = "0" }, + { + name = "WEBSITES_ENABLE_APP_SERVICE_STORAGE" + value = "false" + }, { name = "PYTHON_ENABLE_WORKER_EXTENSIONS" value = "1" diff --git a/code/infra/variables.tf b/code/infra/variables.tf index 1c273da..fce5846 100644 --- a/code/infra/variables.tf +++ b/code/infra/variables.tf @@ -34,6 +34,16 @@ variable "tags" { } # Function variables +variable "function_container_registry_url" { + description = "Specifies the container image reference of the Azure Function." + type = string + sensitive = false + validation { + condition = startswith(var.function_container_registry_url, "https://") + error_message = "Please specify a valid container image reference." + } +} + variable "function_container_image" { description = "Specifies the container image reference of the Azure Function." type = string diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars index 9c19dfb..e31d4c2 100644 --- a/config/PerfectThymeTech/vars.tfvars +++ b/config/PerfectThymeTech/vars.tfvars @@ -5,6 +5,7 @@ prefix = "myfunc" tags = {} # Function variables +function_container_registry_url = "https://ghcr.io" function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:main" function_sku = "P0v3" function_sku_cpus = 1 From 8c680556a22e1c0e8ec2de0c198ac4d759714940 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 17:29:50 +0100 Subject: [PATCH 02/15] Enable deployment --- .github/workflows/_terraformEnvironmentTemplate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml index 354506e..ff62b0d 100644 --- a/.github/workflows/_terraformEnvironmentTemplate.yml +++ b/.github/workflows/_terraformEnvironmentTemplate.yml @@ -189,7 +189,7 @@ jobs: runs-on: self-hosted continue-on-error: false environment: ${{ inputs.environment }} - if: github.event_name == 'push' || github.event_name == 'release' + # if: github.event_name == 'push' || github.event_name == 'release' needs: [plan] env: From 24d3ba4c8c58f26c6de9e68749be9233deeebb98 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 17:38:01 +0100 Subject: [PATCH 03/15] Lint --- code/infra/variables.tf | 2 +- config/PerfectThymeTech/vars.tfvars | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/code/infra/variables.tf b/code/infra/variables.tf index fce5846..616b8cd 100644 --- a/code/infra/variables.tf +++ b/code/infra/variables.tf @@ -39,7 +39,7 @@ variable "function_container_registry_url" { type = string sensitive = false validation { - condition = startswith(var.function_container_registry_url, "https://") + condition = startswith(var.function_container_registry_url, "https://") error_message = "Please specify a valid container image reference." } } diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars index e31d4c2..9be4ab5 100644 --- a/config/PerfectThymeTech/vars.tfvars +++ b/config/PerfectThymeTech/vars.tfvars @@ -6,10 +6,10 @@ tags = {} # Function variables function_container_registry_url = "https://ghcr.io" -function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:main" -function_sku = "P0v3" -function_sku_cpus = 1 -function_health_path = "/v1/health/heartbeat" +function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:main" +function_sku = "P0v3" +function_sku_cpus = 1 +function_health_path = "/v1/health/heartbeat" # Network variables vnet_id = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/virtualNetworks/mycrp-prd-function-vnet001" From 8d0a5449f54d2f3bce6fe589099495ffd82e7a1e Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 18:18:02 +0100 Subject: [PATCH 04/15] Image pull from public registry --- code/infra/function.tf | 82 +++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/code/infra/function.tf b/code/infra/function.tf index b8f33a1..9f762ac 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -68,7 +68,7 @@ resource "azapi_resource" "function" { serverFarmId = azurerm_service_plan.service_plan.id storageAccountRequired = false vnetContentShareEnabled = true - vnetImagePullEnabled = true + vnetImagePullEnabled = false # Set to 'true' when pulling image from private Azure Container Registry virtualNetworkSubnetId = azapi_resource.subnet_function.id vnetRouteAllEnabled = true siteConfig = { @@ -105,30 +105,6 @@ resource "azapi_resource" "function" { name = "FUNCTIONS_EXTENSION_VERSION" value = "~4" }, - { - name = "FUNCTIONS_WORKER_RUNTIME" - value = "python" - }, - { - name = "FUNCTIONS_WORKER_SHARED_MEMORY_DATA_TRANSFER_ENABLED" - value = "1" - }, - { - name = "DOCKER_SHM_SIZE" - value = "268435456" - }, - { - name = "DOCKER_REGISTRY_SERVER_URL" - value = var.function_container_registry_url - }, - { - name = "PYTHON_THREADPOOL_THREAD_COUNT" - value = "None" - }, - { - name = "PYTHON_ENABLE_DEBUG_LOGGING" - value = "0" - }, { name = "WEBSITE_CONTENTOVERVNET" value = "1" @@ -137,22 +113,6 @@ resource "azapi_resource" "function" { name = "WEBSITE_RUN_FROM_PACKAGE" value = "0" }, - { - name = "WEBSITES_ENABLE_APP_SERVICE_STORAGE" - value = "false" - }, - { - name = "PYTHON_ENABLE_WORKER_EXTENSIONS" - value = "1" - }, - { - name = "ENABLE_ORYX_BUILD" - value = "1" - }, - { - name = "SCM_DO_BUILD_DURING_DEPLOYMENT" - value = "1" - }, { name = "AzureWebJobsStorage__accountName" value = azurerm_storage_account.storage.name @@ -165,6 +125,46 @@ resource "azapi_resource" "function" { name = "AzureWebJobsSecretStorageKeyVaultUri" value = azurerm_key_vault.key_vault.vault_uri }, + { + name = "WEBSITES_ENABLE_APP_SERVICE_STORAGE" # Disable when not running a container + value = "false" + }, + { + name = "DOCKER_REGISTRY_SERVER_URL" # Disable when not running a container + value = var.function_container_registry_url + }, + # { + # name = "FUNCTIONS_WORKER_RUNTIME" # Enable when running Python directly on the Function host + # value = "python" + # }, + # { + # name = "FUNCTIONS_WORKER_SHARED_MEMORY_DATA_TRANSFER_ENABLED" # Enable when running Python directly on the Function host + # value = "1" + # }, + # { + # name = "DOCKER_SHM_SIZE" # Enable when running Python directly on the Function host + # value = "268435456" + # }, + # { + # name = "PYTHON_THREADPOOL_THREAD_COUNT" # Enable when running Python directly on the Function host + # value = "None" + # }, + # { + # name = "PYTHON_ENABLE_DEBUG_LOGGING" # Enable when running Python directly on the Function host + # value = "0" + # }, + # { + # name = "PYTHON_ENABLE_WORKER_EXTENSIONS" # Enable when running Python directly on the Function host + # value = "1" + # }, + # { + # name = "ENABLE_ORYX_BUILD" # Enable when running Python directly on the Function host + # value = "1" + # }, + # { + # name = "SCM_DO_BUILD_DURING_DEPLOYMENT" # Enable when running Python directly on the Function host + # value = "1" + # }, { name = "MY_SECRET_CONFIG" value = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.key_vault_secret_sample.id})" From 8b378ed152554f9645684c135266445f5c590cbb Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 19:42:00 +0100 Subject: [PATCH 05/15] Push different image --- .github/workflows/_containerTemplate.yml | 4 ++-- code/function/requirements.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index b9f4bda..638315c 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -74,7 +74,7 @@ jobs: - name: Login Container Registry uses: docker/login-action@v3.0.0 id: registry_login - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' with: registry: ${{ inputs.registry_uri }} username: ${{ secrets.USER_NAME }} @@ -101,7 +101,7 @@ jobs: with: context: ${{ inputs.working_directory }} file: ${{ inputs.working_directory }}/Dockerfile - push: ${{ github.event_name != 'pull_request' }} + push: true # ${{ github.event_name != 'pull_request' }} tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} cache-from: type=gha diff --git a/code/function/requirements.txt b/code/function/requirements.txt index f4a40cd..e999c8e 100644 --- a/code/function/requirements.txt +++ b/code/function/requirements.txt @@ -4,7 +4,7 @@ # azure-identity~=1.13.0 azure-functions~=1.17.0 -fastapi~=0.106.0 +fastapi~=0.104.1 pydantic-settings~=2.1.0 aiohttp~=3.9.1 opentelemetry-instrumentation-fastapi==0.43b0 From 8dce5cfeb6d892f87486bd571152dad1f64cdd82 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 26 Dec 2023 19:43:54 +0100 Subject: [PATCH 06/15] Test different image --- config/PerfectThymeTech/vars.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars index 9be4ab5..920fa7a 100644 --- a/config/PerfectThymeTech/vars.tfvars +++ b/config/PerfectThymeTech/vars.tfvars @@ -6,7 +6,7 @@ tags = {} # Function variables function_container_registry_url = "https://ghcr.io" -function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:main" +function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:pr-91" function_sku = "P0v3" function_sku_cpus = 1 function_health_path = "/v1/health/heartbeat" From 7df0ddb3f15090082d61aa8850fcc06f466fe950 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 10:36:28 +0100 Subject: [PATCH 07/15] Update function config --- code/infra/function.tf | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/code/infra/function.tf b/code/infra/function.tf index 9f762ac..20bce4a 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -69,23 +69,23 @@ resource "azapi_resource" "function" { storageAccountRequired = false vnetContentShareEnabled = true vnetImagePullEnabled = false # Set to 'true' when pulling image from private Azure Container Registry + vnetRouteAllEnabled = true virtualNetworkSubnetId = azapi_resource.subnet_function.id - vnetRouteAllEnabled = true siteConfig = { - autoHealEnabled = true - autoHealRules = { - actions = { - actionType = "LogEvent" - } - triggers = { - statusCodes = [ - "429", - "504", - "507", - "508" - ] - } - } + # autoHealEnabled = true + # autoHealRules = { + # actions = { + # actionType = "LogEvent" + # } + # triggers = { + # statusCodes = [ + # "429", + # "504", + # "507", + # "508" + # ] + # } + # } acrUseManagedIdentityCreds = false alwaysOn = true appSettings = [ @@ -182,7 +182,7 @@ resource "azapi_resource" "function" { localMySqlEnabled = false loadBalancing = "LeastRequests" minTlsVersion = "1.2" - minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + # minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" minimumElasticInstanceCount = 0 numberOfWorkers = 1 preWarmedInstanceCount = 0 @@ -198,7 +198,7 @@ resource "azapi_resource" "function" { } }) - schema_validation_enabled = false + # schema_validation_enabled = false # ignore_body_changes = [ # "properties.siteConfig.appSettings" # ] From 18e6d81cc2b7986ad5fdbb3df2d90f6dc0628e6f Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 10:38:10 +0100 Subject: [PATCH 08/15] lint --- .github/workflows/_containerTemplate.yml | 4 ++-- code/infra/function.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index 638315c..b9f4bda 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -74,7 +74,7 @@ jobs: - name: Login Container Registry uses: docker/login-action@v3.0.0 id: registry_login - # if: github.event_name != 'pull_request' + if: github.event_name != 'pull_request' with: registry: ${{ inputs.registry_uri }} username: ${{ secrets.USER_NAME }} @@ -101,7 +101,7 @@ jobs: with: context: ${{ inputs.working_directory }} file: ${{ inputs.working_directory }}/Dockerfile - push: true # ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} cache-from: type=gha diff --git a/code/infra/function.tf b/code/infra/function.tf index 20bce4a..aa91123 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -69,7 +69,7 @@ resource "azapi_resource" "function" { storageAccountRequired = false vnetContentShareEnabled = true vnetImagePullEnabled = false # Set to 'true' when pulling image from private Azure Container Registry - vnetRouteAllEnabled = true + vnetRouteAllEnabled = true virtualNetworkSubnetId = azapi_resource.subnet_function.id siteConfig = { # autoHealEnabled = true From 099568a4eef81a9f825b6fb707fcc50ae8b943f8 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:39:07 +0100 Subject: [PATCH 09/15] Add schema validation --- code/infra/function.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/infra/function.tf b/code/infra/function.tf index aa91123..5fa9538 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -198,7 +198,7 @@ resource "azapi_resource" "function" { } }) - # schema_validation_enabled = false + schema_validation_enabled = false # ignore_body_changes = [ # "properties.siteConfig.appSettings" # ] From f6f928bbb8f496c6c50a57b635c2ab38ac3a56fe Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:53:23 +0100 Subject: [PATCH 10/15] Enable apply condition --- .github/workflows/_terraformEnvironmentTemplate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml index ff62b0d..354506e 100644 --- a/.github/workflows/_terraformEnvironmentTemplate.yml +++ b/.github/workflows/_terraformEnvironmentTemplate.yml @@ -189,7 +189,7 @@ jobs: runs-on: self-hosted continue-on-error: false environment: ${{ inputs.environment }} - # if: github.event_name == 'push' || github.event_name == 'release' + if: github.event_name == 'push' || github.event_name == 'release' needs: [plan] env: From 1f8a53b5a3f706458d88d1d51afb3bf72a26c0c8 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:53:41 +0100 Subject: [PATCH 11/15] Add commments and enable min TLS cipher --- code/infra/function.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/infra/function.tf b/code/infra/function.tf index 5fa9538..30216b9 100644 --- a/code/infra/function.tf +++ b/code/infra/function.tf @@ -72,7 +72,7 @@ resource "azapi_resource" "function" { vnetRouteAllEnabled = true virtualNetworkSubnetId = azapi_resource.subnet_function.id siteConfig = { - # autoHealEnabled = true + # autoHealEnabled = true # Enable to auto heal app based on configs # autoHealRules = { # actions = { # actionType = "LogEvent" @@ -182,7 +182,7 @@ resource "azapi_resource" "function" { localMySqlEnabled = false loadBalancing = "LeastRequests" minTlsVersion = "1.2" - # minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" minimumElasticInstanceCount = 0 numberOfWorkers = 1 preWarmedInstanceCount = 0 From 7eaf1be01fd7d40bb25001b9e8b996b8c3efd46b Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:54:16 +0100 Subject: [PATCH 12/15] Disable condition again --- .github/workflows/_terraformEnvironmentTemplate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml index 354506e..ff62b0d 100644 --- a/.github/workflows/_terraformEnvironmentTemplate.yml +++ b/.github/workflows/_terraformEnvironmentTemplate.yml @@ -189,7 +189,7 @@ jobs: runs-on: self-hosted continue-on-error: false environment: ${{ inputs.environment }} - if: github.event_name == 'push' || github.event_name == 'release' + # if: github.event_name == 'push' || github.event_name == 'release' needs: [plan] env: From c8787bbe9ee356db8555462aafe6540a949765e8 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:55:48 +0100 Subject: [PATCH 13/15] Revert requirements update --- code/function/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/function/requirements.txt b/code/function/requirements.txt index e999c8e..f4a40cd 100644 --- a/code/function/requirements.txt +++ b/code/function/requirements.txt @@ -4,7 +4,7 @@ # azure-identity~=1.13.0 azure-functions~=1.17.0 -fastapi~=0.104.1 +fastapi~=0.106.0 pydantic-settings~=2.1.0 aiohttp~=3.9.1 opentelemetry-instrumentation-fastapi==0.43b0 From d688b3e047c7199b56a0abebcc19ada636c1e268 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 11:55:57 +0100 Subject: [PATCH 14/15] Update image reference --- config/PerfectThymeTech/vars.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars index 920fa7a..9be4ab5 100644 --- a/config/PerfectThymeTech/vars.tfvars +++ b/config/PerfectThymeTech/vars.tfvars @@ -6,7 +6,7 @@ tags = {} # Function variables function_container_registry_url = "https://ghcr.io" -function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:pr-91" +function_container_image = "ghcr.io/perfectthymetech/azurefunctionpython:main" function_sku = "P0v3" function_sku_cpus = 1 function_health_path = "/v1/health/heartbeat" From 61dd1e4ebb97213039caec7257f8120f4584bc92 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 27 Dec 2023 12:03:39 +0100 Subject: [PATCH 15/15] Enable conditional apply --- .github/workflows/_terraformEnvironmentTemplate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml index ff62b0d..354506e 100644 --- a/.github/workflows/_terraformEnvironmentTemplate.yml +++ b/.github/workflows/_terraformEnvironmentTemplate.yml @@ -189,7 +189,7 @@ jobs: runs-on: self-hosted continue-on-error: false environment: ${{ inputs.environment }} - # if: github.event_name == 'push' || github.event_name == 'release' + if: github.event_name == 'push' || github.event_name == 'release' needs: [plan] env: