Skip to content

Commit

Permalink
azure - container host aci template (cloud-custodian#4632)
Browse files Browse the repository at this point in the history
  • Loading branch information
@axis7818 @stefangordon
axis7818 authored and stefangordon committed Aug 21, 2019
1 parent 1c9234e commit 2f9bade
Show file tree
Hide file tree
Showing 2 changed files with 141 additions and 4 deletions.
30 changes: 26 additions & 4 deletions docs/source/azure/configuration/containerhosting.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,30 @@ the policy will be ignored.
Deployment Options
##################

Helm Chart
----------
Azure Container Instance
------------------------

The ARM template to deploy the Azure Container Host is provided for deploying an ACI instance
against a single subscription using a `user assigned identity <https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview>`_
for authentication.

Here is an example deployment of the ARM template using the azure cli:

.. code-block:: bash
az group deployment create \
--resource-group my-resource-group \
--template-file tools/ops/azure/container-host/aci/aci-template.json \
--parameters \
aci_name=cloud-custodian \
user_assigned_identity_name=my-uai \
azure_subscription_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
azure_event_queue_name=custodian-aci-queue \
azure_container_storage=https://myStorageAccount.blob.core.windows.net/aci-policies \
azure_event_queue_resource_id=/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group/providers/Microsoft.Storage/storageAccounts/myStorageAccount
Kubernetes (Helm Chart)
-----------------------

A helm chart is provided that will deploy a set of cloud custodian containers against a set of
subscriptions to be monitored. For information on how to customize the values, reference
Expand Down Expand Up @@ -80,7 +102,7 @@ To deploy the chart:
Helm Chart Deployment Script
----------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Additionally, a utility script for deploying the helm chart against either a single subscription
or all subscriptions in a management group is provided. When deploying for a management group,
Expand Down Expand Up @@ -131,7 +153,7 @@ all of the containers will share the same policy storage and storage account for
--help Show this message and exit.
Examples
^^^^^^^^
________

Deploy against a single subscription:

Expand Down
115 changes: 115 additions & 0 deletions tools/ops/azure/container-host/aci/aci-template.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"aci_name": {
"defaultValue": "[concat('custodian-', parameters('azure_subscription_id'))]",
"type": "string"
},
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "string"
},
"image_repository": {
"defaultValue": "cloudcustodian/c7n",
"type": "string"
},
"image_tag": {
"defaultValue": "latest",
"type": "string"
},
"restart_policy": {
"type": "string",
"allowedValues": [
"Always",
"OnFailure",
"Never"
],
"defaultValue": "Always"
},
"user_assigned_identity_name": {
"type": "string"
},
"azure_event_queue_name": {
"type": "string",
"defaultValue": "[concat('custodian-', parameters('azure_subscription_id'))]"
},
"azure_subscription_id": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]"
},
"azure_container_storage": {
"type": "string"
},
"azure_event_queue_resource_id": {
"type": "string"
}
},
"variables": {
"user_assigned_identity_resource_id": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('user_assigned_identity_name'))]"
},
"resources": [
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-10-01",
"name": "[parameters('aci_name')]",
"location": "[parameters('location')]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[variables('user_assigned_identity_resource_id')]": {}
}
},
"properties": {
"containers": [
{
"name": "[parameters('aci_name')]",
"properties": {
"image": "[concat(parameters('image_repository'), ':', parameters('image_tag'))]",
"command": [
"/usr/local/bin/python3",
"-m",
"c7n_azure.container_host.host"
],
"ports": [],
"environmentVariables": [
{
"name": "AZURE_USE_MSI",
"value": "1"
},
{
"name": "AZURE_CLIENT_ID",
"value": "[reference(variables('user_assigned_identity_resource_id'), '2018-11-30').clientId]"
},
{
"name": "AZURE_EVENT_QUEUE_NAME",
"value": "[parameters('azure_event_queue_name')]"
},
{
"name": "AZURE_SUBSCRIPTION_ID",
"value": "[parameters('azure_subscription_id')]"
},
{
"name": "AZURE_CONTAINER_STORAGE",
"value": "[parameters('azure_container_storage')]"
},
{
"name": "AZURE_EVENT_QUEUE_RESOURCE_ID",
"value": "[parameters('azure_event_queue_resource_id')]"
}
],
"resources": {
"requests": {
"memoryInGB": 1.5,
"cpu": 1
}
}
}
}
],
"restartPolicy": "[parameters('restart_policy')]",
"osType": "Linux"
}
}
]
}

0 comments on commit 2f9bade

Please sign in to comment.