Lack of documentation regarding the use of Azure Container Instances by the toolkit #1395
-
|
@flanakin I've been trying to find something in the documentation about how and when Azure Container Instances are used by the toolkit, in anticipation of questions from our Cyber team. The deployment template page contains references to As far as I can tell the toolkit uses a Container Instance to execute the deployment scripts that are loaded onto ' Azure Container Instances are NOT an approved resource type in our production environment (although not denied by Azure Policy), so if the toolkit is going to deploy something like that then I need to know about it and how it work such that I can provide the right assurances for an exemption from Cyber. Can someone please point me to a page in the documentation, or update the documentation to include some detailed information on the use of Container Instances by the toolkit? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
|
Azure deployment scripts use Azure Container Instance. We don't use it directly. I'm not sure how this will impact you. Fwiw, I think this is mostly an issue when private endpoints are used. That's when we need a separate storage account at least. @MSBrett, do you have any other insights on this? |
Beta Was this translation helpful? Give feedback.
-
|
@philipstreet - We don't use ACI directly. Deployment scripts use ACI under the hood. Here are the docs for bicep deployment scripts:
ADLS doesn't support the file endpoint which is required when running deployment scripts behind private endpoints so we have to create some backing storage in that scenario rather than being able to use the blob endpoint like we can when public. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @MSBrett and @flanakin. OK, so the ACIs are only used during the Toolkit install/upgrade. Thanks for the links. Hopefully they will address any concerns from our Cyber team. 🤞 |
Beta Was this translation helpful? Give feedback.
-
|
@philipstreet Any news? I'm curious how things turned out! |
Beta Was this translation helpful? Give feedback.
-
|
@flanakin after reviewing with Cyber team we're going to deploy a Hub in public mode in our Sandbox env. Do you have a timeframe for the next release? |
Beta Was this translation helpful? Give feedback.
-
|
Working on it right now... Let's say by Monday to pad it... 🤞 |
Beta Was this translation helpful? Give feedback.
@philipstreet - We don't use ACI directly. Deployment scripts use ACI under the hood. Here are the docs for bicep deployment scripts:
ADLS doesn't support the file endpoint which is required when running deployment scripts behind private endpoints so we have to create some backing storage in that scenario rather than being able to use the blob endpoint like we can when public.