From 0242309096cbd3de21d7bdf82d866d191cadf8e8 Mon Sep 17 00:00:00 2001 From: antoniotarricone Date: Fri, 20 Dec 2024 16:25:19 +0100 Subject: [PATCH 1/3] Probes enabled. --- pom.xml | 4 + src/main/terraform/container_app.tf | 22 +-- src/main/terraform/container_app_arm.off | 189 +++++++++++++++++++++++ 3 files changed, 204 insertions(+), 11 deletions(-) create mode 100644 src/main/terraform/container_app_arm.off diff --git a/pom.xml b/pom.xml index 0c522c0..a01605f 100644 --- a/pom.xml +++ b/pom.xml @@ -141,6 +141,10 @@ io.quarkus quarkus-mongodb-panache + + io.quarkus + quarkus-smallrye-health + io.quarkus diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf index d773174..165f600 100644 --- a/src/main/terraform/container_app.tf +++ b/src/main/terraform/container_app.tf @@ -123,20 +123,20 @@ resource "azurerm_container_app" "auth" { max_replicas = var.mil_auth_max_replicas min_replicas = var.mil_auth_min_replicas - custom_scale_rule { - name = "office-hours" - custom_rule_type = "cron" - metadata = { - timezone = "Europe/Rome" - start = "0 8 * * 1-5" - end = "0 18 * * 1-5" - desiredReplicas = "1" - } - } + #custom_scale_rule { + # name = "office-hours" + # custom_rule_type = "cron" + # metadata = { + # timezone = "Europe/Rome" + # start = "0 8 * * 1-5" + # end = "0 18 * * 1-5" + # desiredReplicas = "1" + # } + #} http_scale_rule { name = "http-requests" - concurrent_requests = "25" + concurrent_requests = "20" } } diff --git a/src/main/terraform/container_app_arm.off b/src/main/terraform/container_app_arm.off new file mode 100644 index 0000000..97785ce --- /dev/null +++ b/src/main/terraform/container_app_arm.off @@ -0,0 +1,189 @@ +resource "azurerm_resource_group_template_deployment" "auth_arm" { + name = "${local.project}-auth-ca-arm" + resource_group_name = data.azurerm_container_app_environment.mil.resource_group_name + deployment_mode = "Incremental" + tags = local.tags + + template_content = <<-EOT + { + "$schema":"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion":"1.0.0.0", + "parameters":{}, + "variables":{}, + "resources":[ + { + "name":"${local.project}-auth-ca-arm", + "type":"Microsoft.App/containerApps", + "apiVersion": "2024-10-02-preview", + "location":"${var.location}", + "properties":{ + "managedEnvironmentId":"${data.azurerm_container_app_environment.mil.id}", + "environmentId":"${data.azurerm_container_app_environment.mil.id}", + "configuration":{ + "secrets":[ + { + "name":"cosmosdb-account-mil-primary-mongodb-connection-string", + "keyVaultUrl":"${data.azurerm_key_vault.general.vault_uri}secrets/${var.cosmosdb_account_primary_mongodb_connection_string_kv_secret}", + "identity":"${data.azurerm_user_assigned_identity.auth.id}" + }, + { + "name":"cosmosdb-account-mil-secondary-mongodb-connection-string", + "keyVaultUrl":"${data.azurerm_key_vault.general.vault_uri}secrets/${var.cosmosdb_account_secondary_mongodb_connection_string_kv_secret}", + "identity":"${data.azurerm_user_assigned_identity.auth.id}" + }, + { + "name":"identity-client-id", + "value":"${data.azurerm_user_assigned_identity.auth.client_id}" + }, + { + "name":"key-vault-auth-vault-uri", + "keyVaultUrl":"${data.azurerm_key_vault.general.vault_uri}secrets/${var.key_vault_auth_vault_uri_kv_secret}", + "identity":"${data.azurerm_user_assigned_identity.auth.id}" + }, + { + "name":"application-insigths-mil-connection-string", + "keyVaultUrl":"${data.azurerm_key_vault.general.vault_uri}secrets/${var.application_insigths_connection_string_kv_secret}", + "identity":"${data.azurerm_user_assigned_identity.auth.id}" + } + ], + "activeRevisionsMode":"Single", + "ingress":{ + "external":true, + "targetPort":8080, + "transport":"Http", + "traffic":[ + { + "weight":100, + "latestRevision":true + } + ] + }, + "maxInactiveRevisions":5 + }, + "template":{ + "containers":[ + { + "image":"${var.mil_auth_image}", + "imageType":"ContainerImage", + "name":"mil-auth", + "env":[ + { + "name":"TZ", + "value":"Europe/Rome" + }, + { + "name":"auth.quarkus-log-level", + "value":"${var.mil_auth_quarkus_log_level}" + }, + { + "name":"auth.quarkus-rest-client-logging-scope", + "value":"${var.mil_auth_quarkus_rest_client_logging_scope}" + }, + { + "name":"auth.app-log-level", + "value":"${var.mil_auth_app_log_level}" + }, + { + "name":"auth.cryptoperiod", + "value":"${var.mil_auth_cryptoperiod}" + }, + { + "name":"auth.keysize", + "value":"${var.mil_auth_keysize}" + }, + { + "name":"auth.access.duration", + "value":"${var.mil_auth_access_duration}" + }, + { + "name":"auth.refresh.duration", + "value":"${var.mil_auth_refresh_duration}" + }, + { + "name":"auth.keyvault.url", + "secretRef":"key-vault-auth-vault-uri" + }, + { + "name":"auth.base-url", + "value":"${var.mil_auth_base_url}" + }, + { + "name":"application-insights.connection-string", + "secretRef":"application-insigths-mil-connection-string" + }, + { + "name":"auth.json-log", + "value":"${var.mil_auth_json_log}" + }, + { + "name":"auth.keyvault.maxresults", + "value":"${var.mil_auth_keyvault_maxresults}" + }, + { + "name":"auth.keyvault.backoff.number-of-attempts", + "value":"${var.mil_auth_keyvault_backoff_num_of_attempts}" + }, + { + "name":"jwt-publickey-location", + "value":"http://127.0.0.1:8080/.well-known/jwks.json" + }, + { + "name":"mongodb.connect-timeout", + "value":"${var.mil_auth_mongodb_connect_timeout}" + }, + { + "name":"mongodb.read-timeout", + "value":"${var.mil_auth_mongodb_read_timeout}" + }, + { + "name":"mongodb.server-selection-timeout", + "value":"${var.mil_auth_mongodb_server_selection_timeout}" + }, + { + "name":"mongodb.connection-string-1", + "secretRef":"cosmosdb-account-mil-primary-mongodb-connection-string" + }, + { + "name":"mongodb.connection-string-2", + "secretRef":"cosmosdb-account-mil-secondary-mongodb-connection-string" + }, + { + "name":"IDENTITY_CLIENT_ID", + "secretRef":"identity-client-id" + } + ], + "resources":{ + "cpu":"${var.mil_auth_cpu}", + "memory":"${var.mil_auth_memory}" + } + } + ], + "scale":{ + "minReplicas":"${var.mil_auth_min_replicas}", + "maxReplicas":"${var.mil_auth_max_replicas}", + "cooldownPeriod":120, + "pollingInterval":5, + "rules":[ + { + "name":"http-requests", + "http":{ + "metadata":{ + "concurrentRequests":"25" + } + } + } + ] + } + } + }, + "identity":{ + "type":"UserAssigned", + "userAssignedIdentities":{ + "${data.azurerm_user_assigned_identity.auth.id}":{} + } + } + } + ] + } + EOT +} From 98945a99f45d304ed9ef926b5f6db0280befb251 Mon Sep 17 00:00:00 2001 From: antoniotarricone Date: Fri, 20 Dec 2024 16:28:54 +0100 Subject: [PATCH 2/3] New dependencies added. --- dep-sha256.json | 49 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/dep-sha256.json b/dep-sha256.json index 2bcf6f4..1e342dd 100644 --- a/dep-sha256.json +++ b/dep-sha256.json @@ -1162,6 +1162,48 @@ "version": "7.0.2.Final", "sha256": "SO7eXzXFpmsE8nMEoro11MFjF3Ioy6etL48v5v_kdlI=" }, + { + "id": "io.quarkus:quarkus-smallrye-health:jar:3.15.1", + "artifactId": "quarkus-smallrye-health", + "groupId": "io.quarkus", + "version": "3.15.1", + "sha256": "__MRtExHApt-PjtjX-cuP-IAPG0_-gV3Qqx8AVZY6uE=" + }, + { + "id": "io.smallrye:smallrye-health:jar:4.1.0", + "artifactId": "smallrye-health", + "groupId": "io.smallrye", + "version": "4.1.0", + "sha256": "ahk1ZRigIsSj9FziM8mAPSQ11dGg4jhSYrEvPm5SWVw=" + }, + { + "id": "org.eclipse.microprofile.health:microprofile-health-api:jar:4.0.1", + "artifactId": "microprofile-health-api", + "groupId": "org.eclipse.microprofile.health", + "version": "4.0.1", + "sha256": "uJyktsT3oEQlDTHAZz9rwiHkD9Zp_Fhx261eWgdpykc=" + }, + { + "id": "io.smallrye:smallrye-health-api:jar:4.1.0", + "artifactId": "smallrye-health-api", + "groupId": "io.smallrye", + "version": "4.1.0", + "sha256": "gPcWfuQvorD1h9MIow5QJLWq8UtlFnNQrxhSz5_64Jw=" + }, + { + "id": "jakarta.json:jakarta.json-api:jar:2.1.3", + "artifactId": "jakarta.json-api", + "groupId": "jakarta.json", + "version": "2.1.3", + "sha256": "vJNBQoBeodeU8UQFY5ZaOGGiqft0FOzT_kTyZQBzRBQ=" + }, + { + "id": "io.smallrye:smallrye-health-provided-checks:jar:4.1.0", + "artifactId": "smallrye-health-provided-checks", + "groupId": "io.smallrye", + "version": "4.1.0", + "sha256": "B-W5cMNWebjKBSV7VOSb3-uKLiIKTSdTYcOgrN0TgIk=" + }, { "id": "io.quarkus:quarkus-junit5:jar:3.15.1", "artifactId": "quarkus-junit5", @@ -2282,13 +2324,6 @@ "version": "2.6.0", "sha256": "NUwT9W-M8PG1xIq4K1a7II8iRUKIP9nVt2A83GcUeMY=" }, - { - "id": "jakarta.json:jakarta.json-api:jar:2.1.3", - "artifactId": "jakarta.json-api", - "groupId": "jakarta.json", - "version": "2.1.3", - "sha256": "vJNBQoBeodeU8UQFY5ZaOGGiqft0FOzT_kTyZQBzRBQ=" - }, { "id": "io.quarkus:quarkus-opentelemetry:jar:3.15.1", "artifactId": "quarkus-opentelemetry", From 27a636aa245f787d51ab03133c4c85ba9d4f98cb Mon Sep 17 00:00:00 2001 From: antoniotarricone Date: Fri, 20 Dec 2024 17:10:24 +0100 Subject: [PATCH 3/3] Probes enabled on container app also! --- src/main/terraform/container_app.tf | 33 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf index 165f600..f8b0b11 100644 --- a/src/main/terraform/container_app.tf +++ b/src/main/terraform/container_app.tf @@ -118,6 +118,39 @@ resource "azurerm_container_app" "auth" { name = "IDENTITY_CLIENT_ID" secret_name = "identity-client-id" } + + liveness_probe { + path = "/q/health/live" + port = 8080 + transport = HTTP + initial_delay = 0 + interval_seconds = 10 + failure_count_threshold = 3 + timeout = 1 + termination_grace_period_seconds = 120 + } + + readiness_probe { + path = "/q/health/ready" + port = 8080 + transport = HTTP + initial_delay = 0 + interval_seconds = 10 + failure_count_threshold = 3 + success_count_threshold = 3 + timeout = 1 + } + + startup_probe { + path = "/q/health/started" + port = 8080 + transport = HTTP + initial_delay = 0 + interval_seconds = 10 + failure_count_threshold = 3 + timeout = 1 + termination_grace_period_seconds = 120 + } } max_replicas = var.mil_auth_max_replicas