Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container Groups - network_profile_id is deprecated. Managed Identity Support for Container Registry #1954

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Container Groups - network_profile_id is deprecated. Managed Identity Support for Container Registry #1954

wants to merge 1 commit into from

Conversation

Romiko
Copy link

@Romiko Romiko commented Mar 27, 2024
edited
Loading

  • network_profile_id is deprecated by Azure. For users who want to continue to manage existing azurerm_container_group that rely on network_profile_id, please stay on provider versions prior to v3.16.0 (2 Years old). Otherwise, use subnet_ids instead.

  • Azure Container Registry support for Managed Identity

Issue-id

PR Checklist

Description

network_profile_id is deprecated by Azure. For users who want to continue to manage existing azurerm_container_group that rely on network_profile_id, please stay on provider versions prior to v3.16.0. Otherwise, use subnet_ids instead.

More Info - AzureRM SubnetIds

Azure Container Registry supports Managed Identity

Does this introduce a breaking change

  • YES
  • NO

Uses need to upgrade AzureRM version later than v3.16.0. Its been 2 years since this was deprecated. Its valid for users to upgrade the AzureRM provider.

Testing

I have deployed these changes in my production environment using Rover and CAF Super Module / Landing Zone

`
container_groups = {
rover_level0 = {
name = "ci-rover-level0-001"
region = "region1"
resource_group_key = "rg1"
ip_address_type = "Private"
network = {
subnets = {
subnet1 = {
vnet_key = "devops_region1"
subnet_key = "release_agent_level0"
}
}
}

os_type        = "Linux"
restart_policy = "Always" // Possible values are 'Always'(default) 'Never' 'OnFailure'

containers = {
  rover = {
    name   = "aztfmod-rover"
    image  = "rangerrom.azurecr.io/rover-agent:1.5.6-2309.0507-azdo"
    cpu    = "1"
    memory = "1"

    ports = {
      22 = {
        port     = 22
        protocol = "TCP"
      }
    }

    environment_variables = {
      ARM_USE_MSI               = true
      AGENT_KEYVAULT_SECRET     = "azdo-pat-agent" #secret name for the pat
      VSTS_AGENT_INPUT_AGENT    = "rover-agent"    #non random agent name
      VSTS_AGENT_INPUT_POOL     = "caf-level0"
      VSTS_AGENT_INPUT_URL      = "https://rangerrom.visualstudio.com/"
      VSTS_AGENT_INPUT_AUTH     = "pat"
      VSTS_AGENT_INPUT_RUN_ARGS = "--once"
    }

    environment_variables_from_resources = {
      AGENT_KEYVAULT_NAME = {
        output_key    = "keyvaults"
        resource_key  = "level0"
        attribute_key = "name"
      }
      MSI_ID = {
        output_key    = "managed_identities"
        resource_key  = "level0"
        attribute_key = "id"
      }
    }
  }

} //containers


identity = {
  type = "UserAssigned"

  remote = {
    launchpad = {
      managed_identity_keys = [
        "level0",
      ]
    }
  }
}

image_registry_credentials = {
  acr1 = { # To be able to pull container from private repo
    user_assigned_identity_key = "level0"
    server                     = "rangerrom.azurecr.io"
  }
}

}
}
`

Running Terraform apply with plan /home/vscode/.terraform.cache/Test/rover_jobs/20240326231818809384800/tfstates/level0/tfstate/level0_azure_devops_agents.tfplan Terraform apply (azurerm) with version v1.5.6 module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Destroying... [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents/providers/Microsoft.ContainerInstance/containerGroups/ci-rover-level0-test-001] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Destruction complete after 3s module.caf.module.resource_groups["integration"].azurerm_resource_group.rg: Modifying... [id=/subscriptions/XYZ/resourceGroups/rg-integration-devops-agents] module.caf.module.resource_groups["rg1"].azurerm_resource_group.rg: Modifying... [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents] module.caf.module.resource_groups["integration"].azurerm_resource_group.rg: Modifications complete after 3s [id=/subscriptions/XYZ/resourceGroups/rg-integration-devops-agents] module.caf.module.resource_groups["rg1"].azurerm_resource_group.rg: Modifications complete after 4s [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Creating... module.caf.module.container_groups["rover_level1"].azurerm_container_group.acg: Modifying... [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents/providers/Microsoft.ContainerInstance/containerGroups/ci-rover-level1-test-001] module.caf.module.container_groups["rover_level1"].azurerm_container_group.acg: Modifications complete after 3s [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents/providers/Microsoft.ContainerInstance/containerGroups/ci-rover-level1-test-001] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [10s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [20s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [30s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [40s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [50s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m0s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m10s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m20s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m30s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m40s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [1m50s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [2m0s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Still creating... [2m10s elapsed] module.caf.module.container_groups["rover_level0"].azurerm_container_group.acg: Creation complete after 2m12s [id=/subscriptions/XYZ/resourceGroups/rg-devops-agents/providers/Microsoft.ContainerInstance/containerGroups/ci-rover-level0-test-001]

@arnaudlh arnaudlh self-requested a review April 23, 2024 03:18
@arnaudlh arnaudlh added enhancement New feature or request container_groups labels Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arnaudlh arnaudlh Awaiting requested review from arnaudlh

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
container_groups enhancement New feature or request
Projects
2404
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Romiko @arnaudlh @rvddd