This repo is part of three GitOps CI/CD demo repos:
This IaC repo contains Bicep files for deploying Azure Services (AKS, ACR and Managed Identity) and installing ArgoCD over AKS using GitHub Action.
It's important to understand the role of Managed Identity which enable us the option to Pull Images from the ACR without the need to store any passwords anywhere (read more here).
Once deployment completed, the outputs: resource-group, AKS names committed to a files under Global folder and ACR name committed to a file under dynamic folder under the related Helm chart folder in ArgoCD repo.
As part of the GitHub Actions, we are executing IaC code scanning using Checkov to make sure our IaC code compliance with our security standards.
- Fork this repo
- Establish a trust between GitHub.com and your Azure subscription by configuring OpenID connect, follow this article.
- Create a PAT in your GitHub account, follow this article (we will refer this value as ACTIONS_TOKEN).
- Generate a public SSH key to be used for AKS deployment (we will refer this value as PUBLIC_KEY).
- Add the following GitHub Action secrets: AZURE_CLIENT_ID, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID (the values should taken after following OpenID connect article), ACTIONS_TOKEN and PUBLIC_KEY.