DTOSS-11646: Add a startup probe and PR fixes

Also update the terradocs on the container app module  and update the README.md for how to deploy probes from root module

Author: mrlockstar

infrastructure/modules/container-app/README.md

@@ -122,3 +122,26 @@ module "container-app" {
   replica_restart_alert_threshold = 1 (already defaults to this)
 }
 ```
+
+## Container Probes
+
+To enable container probs:
+- Set `probe_path = "/healthcheck"`.
+- Ensure `ALLOWED_HOSTS`includes `127.0.0.1` and `localhost` so the probe running inside the container can access the health endpoint.
+
+Example:
+```hcl
+module "container-app" {
+  ...
+  probe_path = "/healthcheck"
+  ...
+  environment_variables = merge(
+    local.common_env,
+    {
+      ALLOWED_HOSTS = "${var.app_short_name}-web-${var.environment}.${var.default_domain},localhost,127.0.0.1"
+    }
+    ...
+  )
+  ...
+}
+```

infrastructure/modules/container-app/main.tf

@@ -104,17 +104,29 @@ resource "azurerm_container_app" "main" {
         }
       }
 
+      dynamic "startup_probe" {
+        for_each = local.probe_enabled ? [1] : []
+
+        content {
+          transport               = "HTTP"
+          path                    = var.probe_path
+          port                    = var.port
+          interval_seconds        = 5
+          timeout                 = 2
+          failure_count_threshold = 30
+        }
+      }
+
       dynamic "liveness_probe" {
         for_each = local.probe_enabled ? [1] : []
 
         content {
           transport               = "HTTP"
           path                    = var.probe_path
-          port                    = local.effective_liveness_port
-          initial_delay           = 45
-          interval_seconds        = 10
+          port                    = var.port
+          interval_seconds        = 5
           timeout                 = 2
-          failure_count_threshold = 4
+          failure_count_threshold = 2
         }
       }
     }

infrastructure/modules/container-app/tfdocs.md

@@ -210,6 +210,14 @@ Type: `number`
 
 Default: `8080`
 
+### <a name="input_probe_path"></a> [probe\_path](#input\_probe\_path)
+
+Description: Path for the HTTP health probe. If null, HTTP health probe is disabled. Note /healthcheck is the normal convention.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_replica_restart_alert_threshold"></a> [replica\_restart\_alert\_threshold](#input\_replica\_restart\_alert\_threshold)
 
 Description: The replica restart alert threshold, default will be 1.

infrastructure/modules/container-app/variables.tf

@@ -93,12 +93,6 @@ variable "exposed_port" {
   default     = null
 }
 
-variable "liveness_probe_port" {
-  description = "Port for the liveness probe to check. Default is var.port."
-  type        = number
-  default     = null
-}
-
 variable "memory" {
   description = "Memory allocated to the app (GiB). Also dictates the CPU allocation: CPU(%)=MEMORY(Gi)/2. Maximum: 4Gi"
   default     = "0.5"
@@ -197,7 +191,7 @@ variable "replica_restart_alert_threshold" {
 }
 
 variable "probe_path" {
-  description = "Path for the liveness probe. If null, liveness probe is disabled."
+  description = "Path for the HTTP health probe. If null, HTTP health probe is disabled. Note /healthcheck is the normal convention."
   type        = string
   default     = null
 }
@@ -214,7 +208,6 @@ locals {
     PT6H  = "PT5M"
     PT12H = "PT5M"
   }
-  alert_frequency         = local.alert_frequency_map[var.alert_window_size]
-  probe_enabled           = var.probe_path != null
-  effective_liveness_port = var.liveness_probe_port != null ? var.liveness_probe_port : var.port
+  alert_frequency = local.alert_frequency_map[var.alert_window_size]
+  probe_enabled   = var.probe_path != null && var.is_web_app
 }

infrastructure/modules/sql-server/tfdocs.md

@@ -132,6 +132,30 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
+### <a name="input_action_group_id"></a> [action\_group\_id](#input\_action\_group\_id)
+
+Description: ID of the action group to notify.
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_alert_cpu_threshold"></a> [alert\_cpu\_threshold](#input\_alert\_cpu\_threshold)
+
+Description: If alerting is enabled this will control what the cpu threshold will be, default will be 90.
+
+Type: `number`
+
+Default: `90`
+
+### <a name="input_alert_window_size"></a> [alert\_window\_size](#input\_alert\_window\_size)
+
+Description: The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly.
+
+Type: `string`
+
+Default: `"PT5M"`
+
 ### <a name="input_auditing_policy_retention_in_days"></a> [auditing\_policy\_retention\_in\_days](#input\_auditing\_policy\_retention\_in\_days)
 
 Description: number of days for audit log policies
@@ -164,6 +188,14 @@ Type: `string`
 
 Default: `"baseline"`
 
+### <a name="input_enable_alerting"></a> [enable\_alerting](#input\_enable\_alerting)
+
+Description: Whether monitoring and alerting is enabled for the Azure SQL Server.
+
+Type: `bool`
+
+Default: `false`
+
 ### <a name="input_firewall_rules"></a> [firewall\_rules](#input\_firewall\_rules)
 
 Description: If the FW rule enabling Azure Services Passthrough should be deployed.
@@ -345,6 +377,7 @@ Description: The ID of the SQL Server.
 
 The following resources are used by this module:
 
+- [azurerm_monitor_metric_alert.cpu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) (resource)
 - [azurerm_mssql_database.defaultdb](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database) (resource)
 - [azurerm_mssql_database_extended_auditing_policy.database_auditing_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database_extended_auditing_policy) (resource)
 - [azurerm_mssql_firewall_rule.firewall_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule) (resource)

infrastructure/modules/storage/tfdocs.md

@@ -81,6 +81,14 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
+### <a name="input_access_tier"></a> [access\_tier](#input\_access\_tier)
+
+Description: Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts. Valid options are Hot, Cool, Cold and Premium.
+
+Type: `string`
+
+Default: `"Hot"`
+
 ### <a name="input_account_replication_type"></a> [account\_replication\_type](#input\_account\_replication\_type)
 
 Description: The type of replication to use for this Storage Account. Can be either LRS, GRS, RAGRS or ZRS.
@@ -97,14 +105,6 @@ Type: `string`
 
 Default: `"Standard"`
 
-### <a name="input_access_tier"></a> [access\_tier](#input\_access\_tier)
-
-Description: Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts. Valid options are Hot, Cool, Cold and Premium. Defaults to Hot.
-
-Type: `string`
-
-Default: `"Hot"`
-
 ### <a name="input_action_group_id"></a> [action\_group\_id](#input\_action\_group\_id)
 
 Description: ID of the action group to notify.