Enable Internal Load Balancing Mode for Container App Environment using Azure Terraform AzApi Provider

Question

For an ACA Environment, How do I enable Internal balancer mode using AzApi Terraform provider. Here is current configuration:

resource "azapi_resource" "aca_env" {
  for_each = { for aca_env in var.aca_envs : aca_env.name => aca_env} 
  type      = "Microsoft.App/managedEnvironments@2022-11-01-preview"
  name      = each.value.name
  parent_id = azurerm_resource_group.rg.id
  location  = each.value.location
  
  body   = jsonencode({
    properties = {
      appLogsConfiguration = {
        destination               = "log-analytics"
        logAnalyticsConfiguration = {
          customerId = azurerm_log_analytics_workspace.law["${each.value.name}-law"].workspace_id
          sharedKey  = azurerm_log_analytics_workspace.law["${each.value.name}-law"].primary_shared_key
        }
      }
      vnetConfiguration = {
        "internal" = true
        "infrastructureSubnetId" = data.azurerm_subnet.subnets[each.value.subnet_id].id
      }
      workloadProfiles = [
        {
          name = "Consumption"
          workloadProfileType = "Consumption"
        }
      ]
    }
 })
}

I am aware of azurerm's azurerm_container_app_environment exposes attribute internal_load_balancer_enabled for this. But how to do this with AzAPI provider?

Answer 1

To create container app environment with internalLoadBalancer you can use "internal = true" if you are using Azure Terraform AzApi Provider.

I have created container app environment with internalLoadBalancer using Azure Terraform AzApi Provider.

terraform {
    required_providers {
    azapi = {
      source = "azure/azapi"
      }
    } 
    }
        provider "azapi" {}
        provider "azurerm" {
        features {}
    }

    resource "azurerm_virtual_network" "venkatnetwork" {
      name = "acceptanceTestVirtualNetwork1test"
      address_space = ["10.0.0.0/16"]
      location = "eastus"
      resource_group_name = "venkattests-resources"
    }
    
    resource "azurerm_subnet" "venkatsub" {
      name = "testsubnet1"
      resource_group_name = "venkattests-resources"
      virtual_network_name =azurerm_virtual_network.venkatnetwork.name
      address_prefixes = ["10.0.1.0/24"]
      delegation {
        name = "acctestdelegation"
        service_delegation {
          name = "Microsoft.App/environments"
          actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]
        }
      }
    }
    
    resource "azapi_resource" "aca_env" {
      type = "Microsoft.App/managedEnvironments@2022-11-01-preview"
      name = "my-aca-env-name"
      parent_id = "/subscriptions/xxxxxx-7f0905ec6833/resourceGroups/venkattests-resources"
      location = "eastus"
      body = jsonencode({
        properties = {
        vnetConfiguration = {
          "internal" = true
          "infrastructureSubnetId" = azurerm_subnet.venkatsub.id
        }
         workloadProfiles = [
        {
        name = "Consumption"
        workloadProfileType = "Consumption"
        }
      ]
    }
    })
    }

Terraform apply:

If you set internal = true in Vnet configuration section in your terraform code, The Internal environment are deployed with Virtual IP, The internal endpoint is an Azure internal load balancer and IP addresses are issued from the custom VNet's list of private IP addresses.

If I try to create a container app environment with a load balancer from the portal for testing, will the output be the same as a Terraform deployment.

I have selected Internal under virtual IP section.

Container app with Load Balancer(Virtual IP).