diff --git a/alz/azuredevops/main.tf b/alz/azuredevops/main.tf index 4881972..30cde01 100644 --- a/alz/azuredevops/main.tf +++ b/alz/azuredevops/main.tf @@ -49,6 +49,7 @@ module "azure" { virtual_network_subnet_address_prefix_container_instances = var.virtual_network_subnet_address_prefix_container_instances virtual_network_subnet_address_prefix_private_endpoints = var.virtual_network_subnet_address_prefix_private_endpoints storage_account_replication_type = var.storage_account_replication_type + container_registry_zone_redundancy_enabled = coalesce(var.container_registry_zone_redundancy_enabled, var.agent_container_zone_support) public_ip_name = local.resource_names.public_ip nat_gateway_name = local.resource_names.nat_gateway use_self_hosted_agents = var.use_self_hosted_agents diff --git a/alz/azuredevops/variables.tf b/alz/azuredevops/variables.tf index c773121..c20ab06 100644 --- a/alz/azuredevops/variables.tf +++ b/alz/azuredevops/variables.tf @@ -394,11 +394,24 @@ variable "agent_container_zone_support" { **(Optional, default: `true`)** Enable availability zone support for Azure DevOps agent container instances. When enabled, containers are distributed across availability zones for higher availability and resilience. + Some regions do not support availability zones, in which case this should be set to false. EOT type = bool default = true } +variable "container_registry_zone_redundancy_enabled" { + description = <<-EOT + **(Optional, default: `null`)** Enable zone redundancy for the Azure Container Registry. + + When enabled, the container registry is replicated across availability zones for higher availability. + Some regions do not support zone redundancy, in which case this should be set to false. + Defaults to the value of `agent_container_zone_support` if not set. + EOT + type = bool + default = null +} + variable "built_in_configuration_file_names" { description = <<-EOT **(Optional, default: `["config.yaml", "config-hub-and-spoke-vnet.yaml", "config-virtual-wan.yaml"]`)** diff --git a/alz/github/main.tf b/alz/github/main.tf index 2249a74..278125c 100644 --- a/alz/github/main.tf +++ b/alz/github/main.tf @@ -50,6 +50,7 @@ module "azure" { virtual_network_subnet_address_prefix_container_instances = var.virtual_network_subnet_address_prefix_container_instances virtual_network_subnet_address_prefix_private_endpoints = var.virtual_network_subnet_address_prefix_private_endpoints storage_account_replication_type = var.storage_account_replication_type + container_registry_zone_redundancy_enabled = coalesce(var.container_registry_zone_redundancy_enabled, var.runner_container_zone_support) public_ip_name = local.resource_names.public_ip nat_gateway_name = local.resource_names.nat_gateway use_self_hosted_agents = var.use_self_hosted_runners diff --git a/alz/github/variables.tf b/alz/github/variables.tf index ef90d39..cbb1d92 100644 --- a/alz/github/variables.tf +++ b/alz/github/variables.tf @@ -499,11 +499,24 @@ variable "runner_container_zone_support" { **(Optional, default: `true`)** Enable availability zone support for GitHub runner container instances. When enabled, containers are distributed across availability zones for higher availability and resilience. + Some regions do not support availability zones, in which case this should be set to false. EOT type = bool default = true } +variable "container_registry_zone_redundancy_enabled" { + description = <<-EOT + **(Optional, default: `null`)** Enable zone redundancy for the Azure Container Registry. + + When enabled, the container registry is replicated across availability zones for higher availability. + Some regions do not support zone redundancy, in which case this should be set to false. + Defaults to the value of `runner_container_zone_support` if not set. + EOT + type = bool + default = null +} + variable "runner_name_environment_variable" { description = <<-EOT **(Optional, default: `"GH_RUNNER_NAME"`)** The runner name environment variable supplied to the container. diff --git a/modules/azure/container_registry.tf b/modules/azure/container_registry.tf index 5b1c40c..2b2ce94 100644 --- a/modules/azure/container_registry.tf +++ b/modules/azure/container_registry.tf @@ -5,7 +5,7 @@ resource "azurerm_container_registry" "alz" { location = var.azure_location sku = var.use_private_networking ? "Premium" : "Basic" public_network_access_enabled = !var.use_private_networking - zone_redundancy_enabled = var.use_private_networking + zone_redundancy_enabled = var.use_private_networking && var.container_registry_zone_redundancy_enabled network_rule_bypass_option = var.use_private_networking ? "AzureServices" : "None" } diff --git a/modules/azure/variables.tf b/modules/azure/variables.tf index c44c84d..dfbfc77 100644 --- a/modules/azure/variables.tf +++ b/modules/azure/variables.tf @@ -528,6 +528,18 @@ variable "container_registry_image_name" { default = "" } +variable "container_registry_zone_redundancy_enabled" { + description = <<-EOT + **(Optional, default: `true`)** Enable zone redundancy for the Azure Container Registry. + + When enabled, the container registry is replicated across availability zones for higher availability. + Some regions do not support zone redundancy, in which case this should be set to false. + Zone redundancy requires Premium SKU, which is only used when private networking is enabled. + EOT + type = bool + default = true +} + variable "container_registry_image_tag" { description = <<-EOT **(Optional, default: `"{{.Run.ID}}"`)** Tag pattern for the container image.