abatishchev
commented
4 years ago Most people, including myself still use Powershell based deploys because of the tasks that come with Azure Devops to deploy SF packages to an Azure hosted SF cluster. So I am wondering is ARM based deployed of SF applications and services the recommended way now and do we need to change our CI/CD pipeline?
The choice is yours but the advantage of deploying using ARM is that your ADO agent doendt need to poses cluster client certificate. Instead it used an AAD application with the Contributor permissions on a subscription/resource group you deploy to.
Here's the doc for that.
Hello,
We tried to use the managed identity support in SF which is currently in public preview. One thing that got my attention was the way how the SF package that contains and describes the applicationtype, application and services is deployed. In the docs and in the azure samples the deploy is always done via an ARM deploy.
Most people, including myself still use Powershell based deploys because of the tasks that come with Azure Devops to deploy SF packages to an Azure hosted SF cluster. So I am wondering is ARM based deployed of SF applications and services the recommended way now and do we need to change our CI/CD pipeline? Based on Azure Updates it is: "This is the recommended method of deploying Service Fabric applications to an Azure based Service Fabric cluster." But I don't see this reflected in the Service Fabric docs, or in the docs specific to CI/CD setup. This way of working is never mentioned.
Second question, will managed identities only be allowed/supported via ARM based SF applications and services deployments (even when out of preview)? I found this ticket on the Azure Docs repo where someone who deploys SF packages via Azure CLI and seems to hit the same problem. The support engineer who responds to this says: "In this case the scenario is that this feature is only available by deploying or changing the application through ARM. This is due to the current architecture of managed identities and the need to meet security concerns."
We want to use managed identities on SF, we use them all the time on our other Azure resources but I don't want to change our whole workflow, if it will be possible via Powershell, Azure cli, SFctl once out of public preview. I miss some guidance, samples and notes in the docs about this topic. So if someone from the SF team or in the community has a clear view on this please let us know and maybe try to inform the team responsible for the docs about about this so they can emphasize this in the docs.