[ACA] [375448] Add Bicep scale rules.

v-jaswel · v-jaswel · commit 358d0fda6f51 · 2025-05-19T11:56:58.000-07:00
diff --git a/articles/container-apps/code/container-apps-azure-service-bus-rule-0.bicep b/articles/container-apps/code/container-apps-azure-service-bus-rule-0.bicep
@@ -0,0 +1,15 @@
+...
+rules: [
+  {
+    name: 'azure-servicebus-queue-rule'
+    custom: {
+      type: 'azure-servicebus'
+      metadata: {
+        queueName: 'my-queue'
+        namespace: 'service-bus-namespace'
+        messageCount: '5'
+      }
+    }
+  }
+]
+...
diff --git a/articles/container-apps/code/container-apps-azure-service-bus-rule-1.bicep b/articles/container-apps/code/container-apps-azure-service-bus-rule-1.bicep
@@ -0,0 +1,41 @@
+resource symbolicname 'Microsoft.App/containerApps@2025-02-02-preview' = {
+  ...
+  properties: {
+    ...
+    configuration: {
+      ...
+      secrets: [
+        {
+          name: 'connection-string-secret'
+          value: '<SERVICE_BUS_CONNECTION_STRING>'
+        }
+      ]
+    }
+    template: {
+      ...
+      scale: {
+        maxReplicas: 0
+        minReplicas: 5
+        rules: [
+          {
+            name: 'azure-servicebus-queue-rule'
+            custom: {
+              type: 'azure-servicebus'
+              metadata: {
+                queueName: 'my-queue'
+                namespace: 'service-bus-namespace'
+                messageCount: '5'
+              }
+              auth: [
+                {
+                  secretRef: 'connection-string-secret'
+                  triggerParameter: 'connection'
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/articles/container-apps/scale-app.md b/articles/container-apps/scale-app.md
@@ -6,9 +6,9 @@ author: craigshoemaker
 ms.service: azure-container-apps
 ms.custom: devx-track-azurecli
 ms.topic: conceptual
-ms.date: 04/17/2025
+ms.date: 05/19/2025
 ms.author: cshoe
-zone_pivot_groups: arm-azure-cli-portal
+zone_pivot_groups: arm-azure-cli-portal-bicep
 ---
 
 # Set scaling rules in Azure Container Apps
@@ -71,6 +71,45 @@ In the following example, the revision scales out up to five replicas and can sc
 
 ### Example
 
+::: zone pivot="container-apps-bicep"
+
+The `http` section defines an HTTP scale rule.
+
+| Scale property | Description | Default value | Min value | Max value |
+|---|---|---|---|---|
+| `concurrentRequests`| When the number of HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the `maxReplicas` amount. | 10 | 1 | n/a |
+
+```bicep
+resource symbolicname 'Microsoft.App/containerApps@2025-02-02-preview' = {
+  ...
+  properties: {
+    ...
+    template: {
+      ...
+      scale: {
+        maxReplicas: 0
+        minReplicas: 5
+        rules: [
+          {
+            name: 'http-rule'
+            http: {
+              metadata: {
+                concurrentRequests: '100'
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
+> [!NOTE]
+> Set the `properties.configuration.activeRevisionsMode` property of the container app to `single`, when using non-HTTP event scale rules.
+
+::: zone-end
+
 ::: zone pivot="azure-resource-manager"
 
 The `http` section defines an HTTP scale rule.
@@ -166,13 +205,49 @@ In the following example, the container app revision scales out up to five repli
 
 ### Example
 
+::: zone pivot="container-apps-bicep"
+
+The `tcp` section defines an TCP scale rule.
+
+| Scale property | Description | Default value | Min value | Max value |
+|---|---|---|---|---|
+| `concurrentConnections`| When the number of concurrent TCP connections exceeds this value, then another replica is added. Replicas continue to be added up to the `maxReplicas` amount as the number of concurrent connections increases. | 10 | 1 | n/a |
+
+```bicep
+resource symbolicname 'Microsoft.App/containerApps@2025-02-02-preview' = {
+  ...
+  properties: {
+    ...
+    template: {
+      ...
+      scale: {
+        maxReplicas: 0
+        minReplicas: 5
+        rules: [
+          {
+            name: 'tcp-rule'
+            http: {
+              metadata: {
+                concurrentConnections: '100'
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
+::: zone-end
+
 ::: zone pivot="azure-resource-manager"
 
 The `tcp` section defines a TCP scale rule.
 
 | Scale property | Description | Default value | Min value | Max value |
 |---|---|---|---|---|
-| `concurrentConnections`| When the number of concurrent TCP connections exceeds this value, then another replica is added. Replicas continue to be added up to the `maxReplicas` amount as the number of concurrent connections increase. | 10 | 1 | n/a |
+| `concurrentConnections`| When the number of concurrent TCP connections exceeds this value, then another replica is added. Replicas continue to be added up to the `maxReplicas` amount as the number of concurrent connections increases. | 10 | 1 | n/a |
 
 ```json
 {
@@ -231,7 +306,7 @@ az containerapp create \
 
 ::: zone pivot="azure-portal"
 
-Not supported in the Azure portal. Use the [Azure CLI](scale-app.md?pivots=azure-cli#tcp) or [Azure Resource Manager](scale-app.md?&pivots=azure-resource-manager#tcp) to configure a TCP scale rule.
+Not supported in the Azure portal. Use the [Azure CLI](scale-app.md?pivots=azure-cli#tcp), [Azure Resource Manager](scale-app.md?&pivots=azure-resource-manager#tcp), or [Bicep](scale-app.md?&pivots=container-apps-bicep#tcp) to configure a TCP scale rule.
 
 ::: zone-end
 
@@ -254,6 +329,134 @@ This example shows how to convert an [Azure Service Bus scaler](https://keda.sh/
 
 For authentication, KEDA scaler authentication parameters take [Container Apps secrets](manage-secrets.md) or [managed identity](managed-identity.md#scale-rules).
 
+::: zone pivot="container-apps-bicep"
+
+The following procedure shows you how to convert a KEDA scaler to a Container App scale rule. This snippet is an excerpt of a Bicep template to show you where each section fits in context of the overall template.
+
+```bicep
+resource symbolicname 'Microsoft.App/containerApps@2025-02-02-preview' = {
+  ...
+  properties: {
+    ...
+    configuration: {
+      ...
+      secrets: [
+        {
+          name: '<NAME>'
+          value: '<VALUE>'
+        }
+      ]
+    }
+    template: {
+      ...
+      scale: {
+        maxReplicas: 0
+        minReplicas: 5
+        rules: [
+          {
+            name: '<RULE_NAME>'
+            custom: {
+              metadata: {
+                ...
+              }
+              auth: [
+                {
+                  secretRef: '<NAME>'
+                  triggerParameter: '<PARAMETER>'
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
+Refer to this excerpt for context on how the below examples fit in the Bicep template.
+
+First, you define the type and metadata of the scale rule.
+
+1. From the KEDA scaler specification, find the `type` value.
+
+    :::code language="json" source="./code/keda-azure-service-bus-trigger.json" highlight="2":::
+
+1. In the Bicep template, enter the scaler `type` value into the `custom.type` property of the scale rule.
+
+    :::code language="bicep" source="./code/container-apps-azure-service-bus-rule-0.bicep" highlight="6":::
+
+1. From the KEDA scaler specification, find the `metadata` values.
+
+    :::code language="json" source="./code/keda-azure-service-bus-trigger.json" highlight="4,5,6":::
+
+1. In the Bicep template, add all metadata values to the `custom.metadata` section of the scale rule.
+
+    :::code language="json" source="./code/container-apps-azure-service-bus-rule-0.json" highlight="8,9,10":::
+
+### Authentication
+
+Container Apps scale rules support secrets-based authentication. Scale rules for Azure resources, including Azure Queue Storage, Azure Service Bus, and Azure Event Hubs, also support managed identity. Where possible, use managed identity authentication to avoid storing secrets within the app.
+
+#### Use secrets
+
+To use secrets for authentication, you need to create a secret in the container app's `secrets` array. The secret value is used in the `auth` array of the scale rule.
+
+KEDA scalers can use secrets in a [TriggerAuthentication](https://keda.sh/docs/latest/concepts/authentication/) that is referenced by the `authenticationRef` property. You can map the TriggerAuthentication object to the Container Apps scale rule.
+
+1. Find the `TriggerAuthentication` object referenced by the KEDA `ScaledObject` specification.
+
+1. In the `TriggerAuthentication` object, find each `secretTargetRef` and its associated secret.
+
+    :::code language="yml" source="./code/keda-azure-service-bus-auth.json" highlight="8,16,17,18":::
+
+1. In the Bicep template, for each secret:
+
+    1. Add a [secret](./manage-secrets.md) to the container app's `secrets` array containing the secret name and value.
+
+    1. Add an entry to the `auth` array of the scale rule.
+
+        1. Set the value of the `triggerParameter` property to the value of the `secretTargetRef`'s `parameter` property.
+
+        1. Set the value of the `secretRef` property to the name of the `secretTargetRef`'s `key` property.
+
+    :::code language="json" source="./code/container-apps-azure-service-bus-rule-1.json" highlight="8-11,30-33":::
+
+    Some scalers support metadata with the `FromEnv` suffix to reference a value in an environment variable. Container Apps looks at the first container listed in the ARM template for the environment variable.
+
+    Refer to the [considerations section](#considerations) for more security related information.
+
+#### Using managed identity
+
+Container Apps scale rules can use managed identity to authenticate with Azure services. The following Bicep template passes in system-based managed identity to authenticate for an Azure Queue scaler.
+
+```bicep
+scale: {
+  minReplicas: 0
+  maxReplicas: 4
+  rules: [
+    {
+      name: 'azure-queue'
+      custom: {
+        type: 'azure-queue'
+        metadata: {
+          accountName: '<ACCOUNT_NAME>'
+          queueName: '<QUEUE_NAME>'
+          queueLength: '1'
+        },
+        identity: 'system'
+      }
+    }
+  ]
+}
+```
+
+Replace the `<PLACEHOLDERS`> with your values.
+
+To learn more about using managed identity with scale rules, see [Managed identity](managed-identity.md#scale-rules).
+
+::: zone-end
+
 ::: zone pivot="azure-resource-manager"
 
 The following procedure shows you how to convert a KEDA scaler to a Container App scale rule. This snippet is an excerpt of an ARM template to show you where each section fits in context of the overall template.
@@ -308,15 +511,15 @@ First, you define the type and metadata of the scale rule.
 
 1. From the KEDA scaler specification, find the `type` value.
 
-    :::code language="yml" source="./code/keda-azure-service-bus-trigger.json" highlight="2":::
+    :::code language="json" source="./code/keda-azure-service-bus-trigger.json" highlight="2":::
 
 1. In the ARM template, enter the scaler `type` value into the `custom.type` property of the scale rule.
 
     :::code language="json" source="./code/container-apps-azure-service-bus-rule-0.json" highlight="6":::
 
 1. From the KEDA scaler specification, find the `metadata` values.
 
-    :::code language="yml" source="./code/keda-azure-service-bus-trigger.json" highlight="4,5,6":::
+    :::code language="json" source="./code/keda-azure-service-bus-trigger.json" highlight="4,5,6":::
 
 1. In the ARM template, add all metadata values to the `custom.metadata` section of the scale rule.
 
@@ -358,7 +561,7 @@ KEDA scalers can use secrets in a [TriggerAuthentication](https://keda.sh/docs/l
 
 Container Apps scale rules can use managed identity to authenticate with Azure services. The following ARM template passes in system-based managed identity to authenticate for an Azure Queue scaler.
 
-```
+```json
 "scale": {
   "minReplicas": 0,
   "maxReplicas": 4,
@@ -368,8 +571,8 @@ Container Apps scale rules can use managed identity to authenticate with Azure s
       "custom": {
         "type": "azure-queue",
         "metadata": {
-          "accountName": "apptest123",
-          "queueName": "queue1",
+          "accountName": "<ACCOUNT_NAME>",
+          "queueName": "<QUEUE_NAME>",
           "queueLength": "1"
         },
         "identity": "system"
@@ -379,6 +582,8 @@ Container Apps scale rules can use managed identity to authenticate with Azure s
 }
 ```
 
+Replace the `<PLACEHOLDERS`> with your values.
+
 To learn more about using managed identity with scale rules, see [Managed identity](managed-identity.md#scale-rules).
 
 ::: zone-end
@@ -443,7 +648,7 @@ az containerapp create \
   --scale-rule-identity <USER_ASSIGNED_IDENTITY_ID>
 ```
 
-Replace placeholders with your values.
+Replace the `<PLACEHOLDERS`> with your values.
 
 ::: zone-end
 
diff --git a/articles/zone-pivot-groups.yml b/articles/zone-pivot-groups.yml
@@ -1196,6 +1196,19 @@ groups:
     title: Azure portal
   - id: azure-resource-manager
     title: ARM template
+# Owner: cshoe
+- id: arm-azure-cli-portal-bicep
+  title: Interaction type
+  prompt: Select how you want to interact with Azure
+  pivots:
+  - id: azure-cli
+    title: Azure CLI
+  - id: azure-portal
+    title: Azure portal
+  - id: azure-resource-manager
+    title: ARM template
+  - id: container-apps-bicep
+    title: Bicep
 # Owner: ruslany
 - id: azure-cli-bicep
   title: Interaction type
