The function apps are allocated a subnet in the deployment's vnet, and that vnet is associated with the two storage accounts which the functions communicate with (the host storage account which operates the function, and the image output account). The storage accounts are otherwise restricted from public access. Additionally, access keys were disabled on the storage accounts so the Function App was transitioned to use Managed Identity for accessing hte underlying storage, including during the "remote build".
Two upgrades support this transition: from a Consumption to a Premium App Service Plan and to a more recent version of the Linux Function App.
Builds off of existing PRs:
Supersedes #227
Supersedes #226
Description
The function apps are allocated a subnet in the deployment's vnet, and that vnet is associated with the two storage accounts which the functions communicate with (the host storage account which operates the function, and the image output account). The storage accounts are otherwise restricted from public access. Additionally, access keys were disabled on the storage accounts so the Function App was transitioned to use Managed Identity for accessing hte underlying storage, including during the "remote build".
Two upgrades support this transition: from a Consumption to a Premium App Service Plan and to a more recent version of the Linux Function App.
Builds off of existing PRs: Supersedes #227 Supersedes #226