public FargateStack()
{
// Read back the default VPC and public subnets, which we will use.
var vpc = Output.Create(Ec2.GetVpc.InvokeAsync(new Ec2.GetVpcArgs {
Default = true
}));
var vpcId = vpc.Apply(vpc => vpc.Id);
var subnet = vpcId.Apply(id => Ec2.GetSubnetIds.InvokeAsync(new Ec2.GetSubnetIdsArgs {
VpcId = id
}));
var subnetIds = subnet.Apply(s => s.Ids);
// Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
var webSg = new Ec2.SecurityGroup("web-sg", new Ec2.SecurityGroupArgs
{
VpcId = vpcId,
Egress =
{
new Ec2.Inputs.SecurityGroupEgressArgs
{
Protocol = "-1",
FromPort = 0,
ToPort = 0,
CidrBlocks ={ "0.0.0.0/0" }
}
},
Ingress =
{
new Ec2.Inputs.SecurityGroupIngressArgs
{
Protocol = "tcp",
FromPort = 80,
ToPort = 80,
CidrBlocks ={ "0.0.0.0/0" }
}
}
});
// Create an ECS cluster to run a container-based service.
var cluster = new Ecs.Cluster("app-cluster");
// Create an IAM role that can be used by our service's task.
var taskExecRole = new Iam.Role("task-exec-role", new Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2008-10-17"",
""Statement"": [{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ecs-tasks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}]
}"
});
var taskExecAttach = new Iam.RolePolicyAttachment("task-exec-policy", new Iam.RolePolicyAttachmentArgs
{
Role = taskExecRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
});
// Create a load balancer to listen for HTTP traffic on port 80.
var webLb = new Elb.LoadBalancer("web-lb", new Elb.LoadBalancerArgs
{
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
});
var webTg = new Elb.TargetGroup("web-tg", new Elb.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = vpcId
});
var webListener = new Elb.Listener("web-listener", new Elb.ListenerArgs
{
LoadBalancerArn = webLb.Arn,
Port = 80,
DefaultActions =
{
new Elb.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = webTg.Arn,
}
}
});
// Create a private ECR registry and build and publish our app's container image to it.
var appRepo = new Ecr.Repository("app-repo");
var appRepoCredentials = appRepo.RegistryId.Apply(async rid =>
{
var credentials = await Ecr.GetCredentials.InvokeAsync(new Ecr.GetCredentialsArgs {
RegistryId = rid
});
var data = Convert.FromBase64String(credentials.AuthorizationToken);
return(Encoding.UTF8.GetString(data).Split(":").ToImmutableArray());
});
var image = new Docker.Image("app-img", new Docker.ImageArgs
{
Build = "../App",
ImageName = appRepo.RepositoryUrl,
Registry = new Docker.ImageRegistry
{
Server = appRepo.RepositoryUrl,
Username = appRepoCredentials.GetAt(0),
Password = appRepoCredentials.GetAt(1)
}
});
// Spin up a load balanced service running our container image.
var appTask = new Ecs.TaskDefinition("app-task", new Ecs.TaskDefinitionArgs
{
Family = "fargate-task-definition",
Cpu = "256",
Memory = "512",
NetworkMode = "awsvpc",
RequiresCompatibilities = { "FARGATE" },
ExecutionRoleArn = taskExecRole.Arn,
ContainerDefinitions = image.ImageName.Apply(imageName => @"[{
""name"": ""my-app"",
""image"": """ + imageName + @""",
""portMappings"": [{
""containerPort"": 80,
""hostPort"": 80,
""protocol"": ""tcp""
}]
}]")
});
var appSvc = new Ecs.Service("app-svc", new Ecs.ServiceArgs
{
Cluster = cluster.Arn,
DesiredCount = 3,
LaunchType = "FARGATE",
TaskDefinition = appTask.Arn,
NetworkConfiguration = new Ecs.Inputs.ServiceNetworkConfigurationArgs
{
AssignPublicIp = true,
Subnets = subnetIds,
SecurityGroups = { webSg.Id }
},
LoadBalancers =
{
new Ecs.Inputs.ServiceLoadBalancerArgs
{
TargetGroupArn = webTg.Arn,
ContainerName = "my-app",
ContainerPort = 80
}
}
}, new CustomResourceOptions {
DependsOn = { webListener }
});
// Export the resulting web address.
this.Url = Output.Format($"http://{webLb.DnsName}");
}
public MyStack()
{
const int RedisPort = 6379;
const string RedisHost = "redisdb";
var network = new Docker.Network("network");
var redisImage = new Docker.RemoteImage("RedisImage", new Docker.RemoteImageArgs {
Name = "redis:6.2",
KeepLocally = true
});
var redisContainer = new Docker.Container("RedisContainer", new Docker.ContainerArgs
{
Image = redisImage.Latest,
Ports = new InputList <Docker.Inputs.ContainerPortArgs> {
new Docker.Inputs.ContainerPortArgs
{
Internal = RedisPort,
External = RedisPort
}
},
NetworksAdvanced = new InputList <Docker.Inputs.ContainerNetworksAdvancedArgs> {
new Docker.Inputs.ContainerNetworksAdvancedArgs
{
Name = network.Name,
Aliases = new InputList <string> {
RedisHost
}
}
}
});
var appImage = new Docker.Image("AppImage", new Docker.ImageArgs
{
Build = new Docker.DockerBuild
{
Context = "../App"
},
ImageName = "app",
SkipPush = true
});
var appContainer = new Docker.Container("AppContainer", new Docker.ContainerArgs
{
Image = appImage.BaseImageName,
Ports = new InputList <Docker.Inputs.ContainerPortArgs> {
new Docker.Inputs.ContainerPortArgs
{
Internal = 80,
External = 8080
}
},
Envs = new InputList <string> {
$"REDIS_HOST={RedisHost}",
$"REDIS_PORT={RedisPort}"
},
NetworksAdvanced = new InputList <Docker.Inputs.ContainerNetworksAdvancedArgs> {
new Docker.Inputs.ContainerNetworksAdvancedArgs
{
Name = network.Name
}
}
}, new CustomResourceOptions
{
DependsOn = redisContainer
});
this.Url = Output.Create("http://localhost:8080/Cache");
}
public MyStack()
{
var resourceGroup = new Azure.Core.ResourceGroup("my-group");
var registry = new Registry("registry", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
AdminEnabled = true,
Sku = "Standard"
});
var dockerImage = new Pulumi.Docker.Image("node-app", new Pulumi.Docker.ImageArgs
{
ImageName = Output.Format($"{registry.LoginServer}/myapp"),
Build = "./app",
Registry = new Pulumi.Docker.ImageRegistry
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword
}
});
var group = new Group("aci", new GroupArgs
{
ResourceGroupName = resourceGroup.Name,
OsType = "Linux",
Containers =
{
new GroupContainersArgs
{
Cpu = 0.5,
Image = dockerImage.ImageName,
Memory = 1.5,
Name = "hello-world",
Ports =
{
new GroupContainersPortsArgs
{
Port = 80,
Protocol = "TCP"
}
}
}
},
ImageRegistryCredentials =
{
new GroupImageRegistryCredentialsArgs
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword
}
},
IpAddressType = "public",
DnsNameLabel = "my-unique-name"
}, new CustomResourceOptions {
DeleteBeforeReplace = true
});
this.Endpoint = Output.Format($"http://{group.Fqdn}");
}
private AppService AdminPortal(string prefix, InputMap <string> commonAppSettings, Pulumi.Azure.CosmosDB.Account messageStoreCosmosAccount)
{
var registry = new Pulumi.Azure.ContainerService.Registry($"{prefix}magicbusregistry", new RegistryArgs()
{
ResourceGroupName = _resourceGroup.Name,
Sku = "Basic",
AdminEnabled = true
});
var dockerImage = new Pulumi.Docker.Image("adminportal", new ImageArgs()
{
ImageName = Output.Format($"{registry.LoginServer}/adminportal:latest"),
Build = new DockerBuild()
{
Context = "../",
},
Registry = new ImageRegistry()
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword
}
});
var appServicePlan = new Plan("admin-portal-plan", new PlanArgs()
{
ResourceGroupName = _resourceGroup.Name,
Location = "australiasoutheast",
Kind = "linux",
Reserved = true,
Sku = new PlanSkuArgs()
{
Tier = "Basic",
Size = "B1",
Capacity = 1
}
});
var app = new AppService("magic-bus-admin-portal", new AppServiceArgs()
{
ResourceGroupName = _resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
Location = "australiasoutheast",
AppSettings = InputMap <string> .Merge(commonAppSettings, new InputMap <string>()
{
{ "WEBSITES_ENABLE_APP_SERVICE_STORAGE", "false" },
{ "DOCKER_REGISTRY_SERVER_URL", Output.Format($"https://{registry.LoginServer}") },
{ "DOCKER_REGISTRY_SERVER_USERNAME", registry.AdminUsername },
{ "DOCKER_REGISTRY_SERVER_PASSWORD", registry.AdminPassword },
{ "WEBSITES_PORT", "80,443" },
{ "CosmosDbEndpoint", messageStoreCosmosAccount.Endpoint },
{ "CosmosDbAuthKey", messageStoreCosmosAccount.PrimaryMasterKey }
}),
SiteConfig = new AppServiceSiteConfigArgs()
{
AlwaysOn = true,
LinuxFxVersion = Output.Format($"DOCKER|{dockerImage.ImageName}")
},
HttpsOnly = true
});
return(app);
}
static Task <int> Main() => Deployment.RunAsync(async() => {
// Conditionalize the auth mechanism.
var config = new Config();
var useServicePrincipalAuth = config.GetBoolean("useServicePrincipalAuth") ?? false;
// Create a private ACR registry.
var rg = new ResourceGroup("myrg");
var registry = new Registry("myregistry", new RegistryArgs
{
ResourceGroupName = rg.Name,
AdminEnabled = !useServicePrincipalAuth,
Sku = "basic"
});
// Get registry info (creds and endpoint) so we can build/publish to it.
var imageName = Output.Format($"{registry.LoginServer}/myapp");
Docker.ImageRegistry registryInfo;
if (useServicePrincipalAuth)
{
var sp = new AAD.ServicePrincipal("mysp", new AAD.ServicePrincipalArgs
{
ApplicationId = new AAD.Application("myspapp").ApplicationId,
});
var spPassword = new AAD.ServicePrincipalPassword("mysp-pass", new AAD.ServicePrincipalPasswordArgs
{
ServicePrincipalId = sp.Id,
Value = new RandomPassword("mypass",
new RandomPasswordArgs
{
Length = 32,
},
new CustomResourceOptions {
AdditionalSecretOutputs = { "result" }
}
).Result,
EndDateRelative = "8760h",
});
var spAuth = new Assignment("myauth", new AssignmentArgs
{
Scope = registry.Id,
RoleDefinitionName = "acrpush",
PrincipalId = sp.Id,
});
registryInfo = new Docker.ImageRegistry
{
Server = registry.LoginServer,
Username = sp.ApplicationId,
Password = spAuth.Id.Apply(_ => spPassword.Value),
};
}
else
{
registryInfo = new Docker.ImageRegistry
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword,
};
}
// Build and publish the app image.
var image = new Docker.Image("my-image", new Docker.ImageArgs
{
Build = new Docker.DockerBuild {
Context = "app"
},
ImageName = imageName,
Registry = registryInfo,
});
// Export the resulting base name in addition to the specific version pushed.
return(new Dictionary <string, object>
{
{ "baseImageName", image.BaseImageName },
{ "fullImageName", image.ImageName },
});
});
public MyStack()
{
// Create an Azure Resource Group
var applicationResourceGroup = new ResourceGroup("pulumi-appgateway-hosting-example", new ResourceGroupArgs()
{
Name = "pulumi-appgateway-hosting-example"
});
var registry = new Registry("global", new RegistryArgs
{
ResourceGroupName = applicationResourceGroup.Name,
AdminEnabled = true,
Sku = "Premium",
});
var dockerImage = new Pulumi.Docker.Image("my-app", new Pulumi.Docker.ImageArgs
{
ImageName = Output.Format($"{registry.LoginServer}/myapp:v1.0.0"),
Build = "./container",
Registry = new ImageRegistry
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword,
},
}, new ComponentResourceOptions {
Parent = registry
});
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs()
{
AddressSpaces = "10.0.0.0/16",
Subnets = new List <VirtualNetworkSubnetsArgs>()
{
},
ResourceGroupName = applicationResourceGroup.Name,
Name = $"vnet"
});
var appGatewaySubnet = new Subnet("gateway-subnet", new SubnetArgs()
{
Name = AzureGatewayNetworkName,
VirtualNetworkName = $"vnet",
AddressPrefix = "10.0.1.0/24",
ResourceGroupName = applicationResourceGroup.Name,
}, new CustomResourceOptions()
{
Parent = vnet
});
var applicationSubnet = new Subnet("application-subnet", new SubnetArgs()
{
Name = "applicationsubnet",
VirtualNetworkName = $"vnet",
AddressPrefix = "10.0.0.0/24",
ResourceGroupName = applicationResourceGroup.Name,
Delegations = new SubnetDelegationsArgs()
{
Name = "SubnetDelegation",
ServiceDelegation = new SubnetDelegationsServiceDelegationArgs()
{
Name = "Microsoft.ContainerInstance/containerGroups",
Actions = "Microsoft.Network/virtualNetworks/subnets/join/action"
}
}
}, new CustomResourceOptions()
{
Parent = vnet
});
var applicationNetworkProfile = new Profile("application-networking-profile", new ProfileArgs()
{
Name = "application-networking-profile",
ResourceGroupName = applicationResourceGroup.Name,
ContainerNetworkInterface = new ProfileContainerNetworkInterfaceArgs()
{
Name = "ContainerNetworkInterface",
IpConfigurations = new ProfileContainerNetworkInterfaceIpConfigurationsArgs()
{
Name = "IpConfigurations",
SubnetId = applicationSubnet.Id,
}
}
});
var aci = new Group($"aci", new GroupArgs()
{
Containers = new GroupContainersArgs()
{
Name = "aci",
Memory = 1.5,
Cpu = 0.5,
Image = dockerImage.ImageName,
Ports = new GroupContainersPortsArgs()
{
Port = 80,
Protocol = "TCP"
},
},
ImageRegistryCredentials = new GroupImageRegistryCredentialsArgs
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword,
},
OsType = "Linux",
ResourceGroupName = applicationResourceGroup.Name,
Name = "application",
IpAddressType = "Private",
NetworkProfileId = applicationNetworkProfile.Id,
});
var publicIp = new PublicIp("gateway-publicip", new PublicIpArgs()
{
Sku = "Standard",
ResourceGroupName = applicationResourceGroup.Name,
AllocationMethod = "Static",
DomainNameLabel = "application" + Guid.NewGuid().ToString()
});
var backendAddressPools = new ApplicationGatewayBackendAddressPoolsArgs()
{
Name = "applicationBackendPool",
IpAddresses = aci.IpAddress
};
var frontendPorts = new ApplicationGatewayFrontendPortsArgs()
{
Name = "applicationfrontendport",
Port = 80
};
var frontendIpConfigurations = new ApplicationGatewayFrontendIpConfigurationsArgs()
{
Name = "applicationFrontEndIpConfig",
PublicIpAddressId = publicIp.Id,
};
var backendHttpSettings = new ApplicationGatewayBackendHttpSettingsArgs()
{
Name = "sqBackendHttpSettings",
Port = 80,
Protocol = "Http",
CookieBasedAffinity = "Disabled",
RequestTimeout = 30,
};
var appgwHttpListener = new ApplicationGatewayHttpListenersArgs()
{
Name = "appgwhttplistener",
FrontendPortId = frontendPorts.Id,
FrontendPortName = frontendPorts.Name,
HostName = publicIp.Fqdn,
Protocol = "Http",
FrontendIpConfigurationId = frontendIpConfigurations.Id,
FrontendIpConfigurationName = frontendIpConfigurations.Name,
};
var requestRoutingRules = new ApplicationGatewayRequestRoutingRulesArgs()
{
Name = "RoutingRequestRules",
BackendAddressPoolId = backendAddressPools.Id,
BackendAddressPoolName = backendAddressPools.Name,
BackendHttpSettingsId = backendHttpSettings.Id,
BackendHttpSettingsName = backendHttpSettings.Name,
HttpListenerId = appgwHttpListener.Id,
HttpListenerName = appgwHttpListener.Name,
RuleType = "Basic",
};
new ApplicationGateway($"applicationgateway", new ApplicationGatewayArgs()
{
ResourceGroupName = applicationResourceGroup.Name,
Sku = new ApplicationGatewaySkuArgs()
{
Name = "Standard_v2",
Tier = "Standard_v2",
Capacity = 1
},
FrontendIpConfigurations = frontendIpConfigurations,
BackendAddressPools = backendAddressPools,
BackendHttpSettings = backendHttpSettings,
FrontendPorts = frontendPorts,
RequestRoutingRules = requestRoutingRules,
GatewayIpConfigurations = new ApplicationGatewayGatewayIpConfigurationsArgs()
{
Name = "gatewayconfig",
SubnetId = appGatewaySubnet.Id
},
HttpListeners = appgwHttpListener,
});
this.ApplicationUrl = publicIp.Fqdn;
}