Howdy. I've deployed this excellent ACA Landing Zone Accelerator as a POC with OpenTofu, and I'm considering what a proper GitHub Action-based deployment's RBAC story might look like.
If I want to have a repo that can automatically deploy to an instance of ACA in this Scenario, I believe that repo will need to have proper Azure RBAC (or ACR?) credentials to push an image to the Azure Container Registry we've created with this code.
What's the best approach to handle the RBAC story there? I'd prefer to use a User-assigned Managed Identity, or a System-assigned Managed Identity, rather than a naked Service Principal or ACR username and password. Is there a preferred approach here?
I'd like to keep the repo's GitHub Action code as simple as possible. I'd like to use https://github.com/Azure/container-apps-deploy-action to handle the deployment, but I've got some choices. Since the Landing Zone is meant to be opinionated... what's your opinion? :)
I hope my description of what I'm seeking makes sense. Please let me know if it doesn't. Thanks in advance! :)
Howdy. I've deployed this excellent ACA Landing Zone Accelerator as a POC with OpenTofu, and I'm considering what a proper GitHub Action-based deployment's RBAC story might look like.
If I want to have a repo that can automatically deploy to an instance of ACA in this Scenario, I believe that repo will need to have proper Azure RBAC (or ACR?) credentials to push an image to the Azure Container Registry we've created with this code.
What's the best approach to handle the RBAC story there? I'd prefer to use a User-assigned Managed Identity, or a System-assigned Managed Identity, rather than a naked Service Principal or ACR username and password. Is there a preferred approach here?
I'd like to keep the repo's GitHub Action code as simple as possible. I'd like to use https://github.com/Azure/container-apps-deploy-action to handle the deployment, but I've got some choices. Since the Landing Zone is meant to be opinionated... what's your opinion? :)
I hope my description of what I'm seeking makes sense. Please let me know if it doesn't. Thanks in advance! :)