Description
Describe the solution you'd like.
The ability to use a pull based approach to deploying workloads into a container app environment. An example of pull based deployment method is GitOps.
In other words, to have a "client" running in the environment, which periodically monitors a git repository and automatically pulls and applies any changes made to a specific branch in that repo (for instance when a PR is merged into the main branch).
The Git repository will be the single source of truth, and will contain the descriptions of the desired state of the running application(s), and there is an automated process to make the environment match the described state in the repository.
In the case of Kubernetes, the client would apply any changes to a yaml-manifest (or helm chart). For a container app environment, a bicep file or ARM Template (or a collection of those) should be applied instead.
Some requirements:
- The time interval between synchronizations towards the repo should be configurable.
- It should also be possible to trigger a synchronization with an event.
- The client that runs in the environment needs to have permission to apply changes, which means that it needs to have an identity in Azure AD.
- Should support both open and closed git repositories.
- Git credentials should be stored in a secure manner (e.g. keyvault).
Example Scenario: Easily deploy to private environment.
When an environment is fully private, it becomes a challenge to deploy using tools like Github actions and Azure DevOps, since connectivity to the control plane is needed. This can be solved by opening up for (huge) ip ranges of the hosted agents used by Azure DevOps or Github, but this is rarely an acceptable solution. Another alternative is to use self hosted agents, in a VNET with access to the control plane, but this introduces operational cost and cost of ownership, as well as adding complexity.
A cleaner solution is to use a pull based deployment, from inside the container app environment. This removes the need to whitelist ip addresses, and/or the need to host virtual machines for self hosted agents.
Flux and ArgoCD are examples of GitOps tools, which are used for GitOps in Kubernetes.
Describe alternatives you've considered.
The other alternative already exists, with CD pipelines. Compared to a typical CD pipeline, this method has the advantage that it operates in an "inside out" manner.
Additional context.
Gitops is quickly becoming a popular solution for deploying applications and infrastructure to Kubernetes. There is reason to believe that this method of deployment will be requested for container apps as well.