Skip to main content
Last updated on
Version: 1.0.0

Configuration Reference (00_config.sh)

This document explains the variables in 00_config.sh.
Goal: make the deployment repeatable and reduce “mystery config” as the file grows.

Important: Secrets are NOT deployed by these scripts (they are deployed by pipeline).
Do NOT hardcode secrets into 00_config.sh. Use environment variables or your pipeline secret store.

1) Required Inputs (set by you)

Subscription & Resource Group

  • AZ_SUBSCRIPTION_ID — subscription to deploy into
  • RG — resource group for EQ-PROD
  • LOC — default region for most resources (southeastasia)

Product resource names (provided by you)

  • ACR_NAME — ACR: eqvnacr
  • KV_NAME — Key Vault: eqvnkv
  • STORAGE_NAME — Storage: eqvnstorage

Mongo (DocumentDB / mongoClusters)

  • MONGO_LOCeastasia (override)
  • MONGO_VCORE_NAME — e.g. eq-prod-mongo
  • MONGO_VCORE_TIER — e.g. M30
  • MONGO_VCORE_SERVER_VERSION7.0
  • MONGO_VCORE_STORAGE_GB — e.g. 32
  • MONGO_VCORE_SHARD_COUNT — e.g. 1
  • MONGO_PUBLIC_NETWORK_ACCESSDisabled
  • MONGO_HA_TARGET_MODE — default Disabled (schema-required even when you “don’t want HA”)

Runtime required env var (do not commit):

  • MONGO_VCORE_ADMIN_PW — admin password (must satisfy complexity)

2) Networking (VNet/Subnets/DNS)

VNet

  • VNET_NAME
  • VNET_CIDR

Subnets (typical)

  • SUBNET_APPGW — Application Gateway subnet
  • SUBNET_ACA_INFRA — Container Apps environment infrastructure subnet
  • SUBNET_APPS — internal app subnet (if used)
  • SUBNET_CACHE — Redis / cache private endpoints
  • SUBNET_DB — Mongo private endpoint

Private DNS zones used

  • Redis Classic: privatelink.redis.cache.windows.net
  • Redis Enterprise: privatelink.redis.azure.net
  • Mongo vCore: privatelink.mongocluster.cosmos.azure.com
    (We intentionally do NOT create privatelink.mongo.cosmos.azure.com.)

3) Container Apps

ACA Environment

  • ACA_ENV_NAME
  • ACA_WORKLOAD_PROFILE / plan sizing if present

Apps list & ingress

  • All apps are deployed with internal ingress (AppGW is the front door).

Secrets:

  • ACA secrets are deployed by pipeline, not these scripts.

4) Application Gateway

  • AppGW is the only public entry point.
  • URL path maps route to internal ACA FQDNs.
  • AppGW is created using --no-wait, so you must confirm provisioningState is Succeeded before running the next AppGW scripts.

5) Redis options (choose one)

Option A — Azure Cache for Redis (Classic)

Script: 08a_azure_cache_for_redis.sh

Option B — Redis Enterprise (EQ-QA style)

Script: 08b_redis_enterprise.sh
SKU should match EQ-QA (example: Balanced_B0).

6) How to safely change config

  1. Change one section at a time.
  2. Re-run only the relevant script(s).
  3. If a resource already exists, scripts should ideally be idempotent — if something is not, capture the error and we will patch that script.

7) Quick sanity checks

# subscription
az account show --query id -o tsv

# name uniqueness
az acr show -n "$ACR_NAME" -g "$RG" -o table
az storage account show -n "$STORAGE_NAME" -g "$RG" -o table

# mongo supported API versions
az provider show -n Microsoft.DocumentDB --query "resourceTypes[?resourceType=='mongoClusters'].apiVersions" -o jsonc

Log Analytics

  • LAW_NAME — Log Analytics Workspace name used by ACA Environment.
    Recommended pattern: eq-<env>-aca-logs (e.g. eq-prod-aca-logs, eq-qa-aca-logs)

Environment naming model

This repo is environment-agnostic. You set:

  • BRANCH (e.g. EQ, P2P, ACME) — code branch / major release / customer variant
  • ENV (e.g. DEV, QA, STAGE, PROD) — environment stage

Derived standard prefix:

  • PREFIX_LC = <branch>-<env> (lowercase)
  • Most per-environment resource names start with PREFIX_LC.

Global/shared resources:

  • ACR_NAME and STORAGE_NAME are global and must be explicitly provided.

🔖 Meaning of BRANCH and ENV

  • BRANCH → product line / customer variant / major release stream
  • ENV → deployment lifecycle stage (DEV / QA / STAGE / PROD)

Detailed explanation is available in OVERVIEW.md.

Naming convention quick rules

  • Per-environment resources are derived from: <branch>-<env> (lowercase) a.k.a. PREFIX_LC.
    • Examples: eq-prod-aca-env, eq-prod-appgw, eq-prod-backend-api
  • Global resources must be explicitly provided (not derived):
    • ACR_NAME
    • STORAGE_NAME
  • User-editable sizing/cost knobs:
    • Mongo: MONGO_VCORE_TIER, storage, shards, HA target
    • Redis: classic SKU/size or Redis Enterprise SKU/DB settings

🏷️ Naming Convention

This project enforces a consistent naming model so that environments remain predictable, searchable, and safe to automate.

🔑 Core rule

All environment-scoped resources are derived from:

<branch>-<env>

Where:

  • BRANCH = Product line / major release / customer variant
    Examples: EQ, P2P, ACME

  • ENV = Environment stage
    Examples: DEV, QA, STAGE, PROD

Example:

BRANCH=EQ
ENV=PROD
→ Prefix = eq-prod

✅ Derived automatically (not user-editable)

These resources are generated automatically from the prefix:

Resource TypeExample
Resource Groupeq-prod-resgroup
ACA Environmenteq-prod-aca-env
Virtual Networkeq-prod-vnet
Subnetseq-prod-snet-app, eq-prod-snet-db, ...
Container Appseq-prod-backend-api, eq-prod-syncservice, ...
Application Gatewayeq-prod-appgw
Log Analyticseq-prod-aca-logs
Private EndpointsDerived from resource name

This guarantees consistency and prevents accidental drift.

✍️ User-editable (global or sizing-sensitive)

Some resources must remain user-defined because they must be globally unique or represent cost decisions:

CategoryExamples
Global NamesACR_NAME, STORAGE_NAME
Network RangesVNET_CIDR, SUBNET_*_CIDR
Mongo SizingMONGO_VCORE_TIER, storage size
Redis SizingRedis SKU, capacity
CertificatesDomain, PFX path, password

These are intentionally exposed in 00_config.sh.

🎯 Why this matters

✔ Predictable automation
✔ Easier troubleshooting
✔ Safer multi-environment deployments
✔ Supports future CI/CD and multi-tenant expansion

Last updated on