I am currently trying to deploy a Python Function App with Terraform. I am deploying the app with a Docker container that is kept in an ACR instance in the same resource group. Below is the module code:
resource "azurerm_storage_account" "this" {
account_replication_type = "LRS"
account_tier = "Standard"
location = var.resource_group_region
name = "str${replace(var.name, "-", "")}"
resource_group_name = var.resource_group_name
}
resource "azurerm_storage_share" "function_share" {
name = "functionshare"
quota = 50
storage_account_name = azurerm_storage_account.this.name
}
resource "azurerm_service_plan" "this" {
name = "azasp-${var.name}"
location = var.resource_group_region
resource_group_name = var.resource_group_name
maximum_elastic_worker_count = var.max_elastic_worker_count
sku_name = var.sku_name
worker_count = var.worker_count
os_type = "Linux"
tags = var.tags
}
resource "azurerm_application_insights" "this" {
name = "apins-${var.name}"
resource_group_name = var.resource_group_name
location = var.resource_group_region
application_type = "web"
workspace_id = var.law_instance_id
daily_data_cap_in_gb = var.daily_data_cap
daily_data_cap_notifications_disabled = var.disable_daily_data_cap_notification
retention_in_days = var.retention_period
sampling_percentage = var.sampling_percentage
tags = var.tags
}
resource "azurerm_role_assignment" "msi_blob" {
principal_id = var.managed_identities[0].principal_ids[0]
scope = azurerm_storage_account.this.id
role_definition_name = "Storage Blob Data Owner"
}
resource "azurerm_linux_function_app" "this" {
name = "azfun-${var.name}"
location = var.resource_group_region
resource_group_name = var.resource_group_name
virtual_network_subnet_id = var.virtual_network_subnet_id
public_network_access_enabled = var.enable_public_network_access
service_plan_id = azurerm_service_plan.this.id
storage_account_name = azurerm_storage_account.this.name
storage_uses_managed_identity = true
app_settings = merge(var.app_settings, {
AzureWebJobsStorage = azurerm_storage_account.this.primary_connection_string
WEBSITE_CONTENTSHARE = azurerm_storage_share.function_share.name
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING = azurerm_storage_account.this.primary_connection_string
})
dynamic "identity" {
for_each = toset(var.managed_identities)
content {
type = "UserAssigned"
identity_ids = toset(identity.value["ids"])
}
}
site_config {
application_insights_connection_string = azurerm_application_insights.this.connection_string
application_insights_key = azurerm_application_insights.this.instrumentation_key
container_registry_use_managed_identity = true
application_stack {
python_version = var.python_version
dynamic "docker" {
for_each = var.docker_config != null ? [var.docker_config] : []
content {
image_name = docker.value.image_name
image_tag = docker.value.image_tag
registry_url = docker.value.registry_url
}
}
}
app_service_logs {
retention_period_days = 90
}
}
tags = var.tags
}
And the module consumption:
module "function-app" {
source = "[email protected]:v3/myorg/myproj/myrepo//modules/function-app"
name = "${var.workload_name}-${var.region}-${var.environment}"
resource_group_region = module.resource-group.location
resource_group_name = module.resource-group.name
enable_public_network_access = var.allow_public_network_access
# App Service Plan
sku_name = "EP3"
max_elastic_worker_count = 15
# Function App
app_settings = {
ServiceBusConnection = module.service-bus-namespace.endpoint
ServiceBusConnection__fullyQualifiedNamespace = "${module.service-bus-namespace.name}.servicebus.windows.net"
BLOB_CONNECTION_STRING = module.blob-storage-account.primary_blob_connection_string
BLOB_CONTAINER_NAME = "myblob"
SUMMARY_BLOB_CONTAINER_NAME = "myblob2"
AZURE_FORM_RECOGNIZER_ENDPOINT = module.document-intelligence.endpoint
AZURE_FORM_RECOGNIZER_KEY = module.document-intelligence.primary_access_key
COSMOS_ENDPOINT = module.azure-cosmos-db-account.endpoint
COSMOS_KEY = module.azure-cosmos-db-account.primary_key
COSMOSDatabaseName = module.azure-cosmos-db-database.name
COSMOSContainerName = module.azure-cosmos-db-container.name
AzureWebJobsFeatureFlags = "EnableWorkerIndexing"
}
docker_config = {
image_name = "myimage"
image_tag = "v1"
registry_url = module.container-registry.login_server
}
container_registry_user_managed_identity = true
managed_identities = [
{
type = "UserAssigned"
ids = [module.managed-identity.id]
principal_ids = [module.managed-identity.principal_id]
}
]
# Application Insights
law_instance_id = module.log-analytics-workspace.id
retention_period = 90
tags = var.tags
}
This deploys out fine, no Terraform errors when running plan or apply. Looking at the function app in the portal I see this:
Clicking on the error details just gives this:
Any idea what’s causing this? My running theory is that it’s something to do with the app settings not being created correctly. Previously the AzureWebJobsStorage and WEBSITE_CONTENTSHARE settings weren’t being created and I had to add those in, which solved a few errors but not the ServiceUnavailable issue. Thanks!