If my understanding is correct, the load balancer is used for distributing requests to multiple instances of a Container App. My Container Apps Environment is only running Container Apps Jobs, and those jobs are only triggered by a cron and therefore have no ingress. In this scenario is a load balancer needed? And is there a way to prevent its deployment?
If my understanding is correct, the load balancer is used for distributing requests to multiple instances of a Container App. My Container Apps Environment is only running Container Apps Jobs, and those jobs are only triggered by a cron and therefore have no ingress. In this scenario is a load balancer needed? And is there a way to prevent its deployment?
when Container Apps Environment is deployed inside a vnet, additional supporting resource are created to support vnet like a load balancer in MC_ resource group.
if Container Apps Environment does not use vnet, then you should not see the additional load balancer.
Azure container app, how remove load balancer
create an Azure Container Apps Environment without a Load Balancer using terraform
I understand the requirement and your observation is correct the azure load balancer is to diversify the traffic amount for multiple instances of container app when ingress enabled.
I tried a configuration that matches the requirement for create a container app env without load balancer.
demo configuration:
resource "azurerm_virtual_network" "vnet" {
name = "cae-vnet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "container_apps_subnet" {
name = "cae-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.0.0/23"]
}
resource "azurerm_subnet" "database_subnet" {
name = "db-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
delegation {
name = "flexibleserverdelegation"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
}
}
}
resource "azurerm_private_dns_zone" "postgres_dns" {
name = "privatelink.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "postgres_dns_link" {
name = "postgres-dns-link"
resource_group_name = azurerm_resource_group.rg.name
private_dns_zone_name = azurerm_private_dns_zone.postgres_dns.name
virtual_network_id = azurerm_virtual_network.vnet.id
}
resource "azurerm_container_app_environment" "cae" {
name = "container-apps-env"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
infrastructure_subnet_id = azurerm_subnet.container_apps_subnet.id
internal_load_balancer_enabled = false # Prevents LB creation
}
resource "azurerm_container_registry" "acr" {
name = "vhhsbacr"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
admin_enabled = true
}
resource "azurerm_user_assigned_identity" "container_app_identity" {
name = "container-app-identity"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
depends_on = [azurerm_container_registry.acr, azurerm_user_assigned_identity.container_app_identity]
}
resource "azurerm_role_assignment" "acr_pull" {
scope = azurerm_container_registry.acr.id
role_definition_name = "AcrPull"
principal_id = azurerm_user_assigned_identity.container_app_identity.principal_id
}
resource "azurerm_container_app_job" "job" {
name = "data-processing-job"
container_app_environment_id = azurerm_container_app_environment.cae.id
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
replica_timeout_in_seconds = 180
replica_retry_limit = 2
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.container_app_identity.id]
}
template {
container {
name = "job-container"
image = "${azurerm_container_registry.acr.login_server}/my-job-image:latest"
cpu = 0.5
memory = "1Gi"
}
}
schedule_trigger_config {
cron_expression = "0 2 * * *"
}
depends_on = [
azurerm_container_app_environment.cae,
azurerm_role_assignment.acr_pull
]
}
resource "azurerm_postgresql_flexible_server" "db" {
name = "cae-postgres-db"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
administrator_login = "adminuser"
administrator_password = "SuperSecurePassword123!"
sku_name = "B_Standard_B1ms"
version = "12"
storage_mb = 32768
backup_retention_days = 7
geo_redundant_backup_enabled = false
public_network_access_enabled = false
zone = "1"
delegated_subnet_id = azurerm_subnet.database_subnet.id
private_dns_zone_id = azurerm_private_dns_zone.postgres_dns.id
depends_on = [
azurerm_subnet.database_subnet,
azurerm_private_dns_zone_virtual_network_link.postgres_dns_link
]
}
Deployement:
Refer:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app_job
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server