How to authenticate when scaling Azure Container App to 0

Ken Bonny 20 Reputation points
2023-05-22T10:53:32.66+00:00

I'm currently working on scaling down a container app to 0 using a Bicep file in Azure. I have made progress with setting up the scaling parameters such as min/max replicas and configuring the messagecount in the rules.custom.metadata. However, I'm facing some uncertainty regarding the authentication part, which seems crucial for the process to work correctly.

I have a key vault in place, but I'm struggling to find the correct syntax for the authentication section. I've been referring to the documentation at link to documentation which emphasizes the importance of authentication. Additionally, the documentation at link to documentation suggests working with the connection string, which I have set in the metadata. However, I'm uncertain if that is the correct approach.

I would greatly appreciate any assistance or guidance from the community members who have experience with scaling Azure container apps using Bicep files. Specifically, I would appreciate any insights into the correct syntax for the authentication section. I can access the service bus connection string from earlier configuration.

Thank you in advance for your valuable input and assistance!

Image

Azure Service Bus
Azure Service Bus
An Azure service that provides cloud messaging as a service and hybrid integration.
579 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
325 questions
0 comments
Accepted answer
  1. Ryan Hill 26,866 Reputation points Microsoft Employee
    2023-05-25T01:04:27.69+00:00

    Hi @Ken Bonny

    I'm glad that you were able to resolve your issue. Thank you for posting your solution so that others experiencing a similar issue can easily reference this.

    Since the Microsoft Q&A community has a policy that the question author cannot accept their own answer, they can only accept answers by others, I'll repost your solution in case you'd like to Accept the answer.

    To summarize your issue, you are attempting to use a bicep template that can be used to scale your Container App to 0. Your primary ask was how to properly configure the authentication piece of the template.

    The template you're using is custom. The resolve was an architect who authored the template was able to extend the template to reference the key vault secret references.

    I realize you are leveraging a custom template but for others, if you're leveraging Microsoft.ContainerApp/containerApps resource type with minReplicas property set to 0, an example bicep could look like the following:

    param containerAppName string
param containerImageLocation string
param environmentName string
param resourceGroupName string
param location string
param secrets object
param scaleRuleAuth object

resource containerApp 'Microsoft.ContainerApp/containerApps@2021-06-01-preview' = {
  name: containerAppName
  location: location
  properties: {
    containers: [
      {
        name: containerAppName
        properties: {
          imageRegistryCredentials: []
          image: containerImageLocation
          command: []
          environmentVariables: []
          ports: []
          resources: {
            requests: {
              cpu: '0.1'
              memoryInGB: 0.5
            }
            limits: {
              cpu: '0.5'
              memoryInGB: 1
            }
          }
          volumeMounts: []
        }
      }
    ]
    osType: 'Linux'
    environment: environmentName
    minReplicas: 0
    maxReplicas: 5
    scaleRules: [
      {
        name: 'azure-http-rule'
        type: 'http'
        http: {
          concurrency: 100
        }
      }
    ]
    secrets: secrets
    authentication: scaleRuleAuth
  }
}

output containerAppUrl string = containerApp.properties.url

    where examples of secrets and scaleRuleAuth could look like

    param secrets object = {
  mySecret1: {
    value: 'mySecretValue1'
  }
  mySecret2: {
    value: 'mySecretValue2'
  }
}

param scaleRuleAuth object = {
  myAuth1: {
    type: 'AzureServiceBus'
    connectionString: 'myConnectionString1'
    secretTargetRef: 'mySecret1'
  }
  myAuth2: {
    type: 'AzureServiceBus'
    connectionString: 'myConnectionString2'
    secretTargetRef: 'mySecret2'
  }
}

    The secrets object will reference the properties of the scaleRuleAuth object via the secretTargetRef property which retrieves the connection string of the Service Bus resource.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ken Bonny 20 Reputation points
    2023-05-23T12:22:15.84+00:00

    After speaking with our architect, this is a custom template. This is now extended with a part that can accept keyvault secrets. So my problem should be solved.

    Since this is a custom template, I doubt there is anything you can do to triage this.

    0 comments