https://pulumi.com logo
#general
Title
# general
b

billions-mechanic-26704

09/24/2021, 2:59 PM
Hello community. (* I put this message on python channel but perhaps here it can get more attention, so sorry for replicating.) I have an existing Azure container registry which I imported and I am uising it in my pulumi code. I need to pull a docker image hosted there in order to reference it into an azure app service. Right now, I am creating the azure app service plan and the web app service. Taking as reference this docker azure app service example, they are building the image there I am just wondering whether is possible to pull an existing image as long I got the existing container registry instance. Is that possible? In this case, the
docker.Image
resource they use is not useful since
build
parameter is required. I am seeing this
docker.RemoteImage
resource from docker pulumi api, but not sure how to indicate it that the image should be pulled from my container registry I got previously. The code for getting my container registry is:
Copy code
container_image = "wmlab"

# GETTING MY CONTAINER REGISTRY
rhdhv_container_registry = azure_native.containerregistry.Registry(
    "rhdhvContainerRegistry",
    admin_user_enabled=True,
    location="westeurope",
    network_rule_set=azure_native.containerregistry.NetworkRuleSetArgs(
        default_action="Allow",
    ),
    registry_name="rhdhvContainerRegistry",
    resource_group_name="genericRG1",
    sku=azure_native.containerregistry.SkuArgs(
        name="Premium",
    ),
    opts=pulumi.ResourceOptions(protect=True))

# OUTPUT THE CREDENTIALS TO GET THEM
acr_credentials = pulumi.Output.all("genericRG1", rhdhv_container_registry.name).apply(
    lambda args: azure_native.containerregistry.list_registry_credentials(
        resource_group_name=args[0],
        registry_name=args[1]
    )
)
admin_username = acr_credentials.username
admin_password = acr_credentials.passwords[0]["value"]
I am a bit confused about how to pull an image from the existing container registry I got. Or perhaps does it need to be build and pushed from the same project? I would say should be possible to get an existing one. I need this because the build process is taking place in another repository project
b

billowy-army-68599

09/24/2021, 3:15 PM
You’ll need to export the values and use a stack reference
Will send a link when I get back to my laptop, but that’s the easiest path
b

billions-mechanic-26704

09/24/2021, 3:18 PM
Export the values by using
containerregistry.Registry
or
docker.Image
? Thanks @billowy-army-68599
b

billowy-army-68599

09/24/2021, 3:19 PM
You’ll need the username and password for the registry you’ve created, the login credentials. Export those outputs
b

billions-mechanic-26704

09/24/2021, 3:38 PM
According to the way i got the credentials above I exported in this way:
Copy code
pulumi.export("acr_admin_username", admin_username)
pulumi.export("acr_admin_password", admin_password)
But then is not clear for me where can I use them to pull the image, I am not familiar with the stack reference concept/purpose, I mean being them to access outputs from one stack to another one, i am confused since I am working with one stack onlying Sorry I am new in this pulumi, I will read more.
b

billowy-army-68599

09/24/2021, 3:44 PM
You’re setting up the app service in a different project right? https://www.pulumi.com/docs/intro/concepts/stack/#stackreferences
b

billions-mechanic-26704

09/24/2021, 4:38 PM
No, in the same project/stack I am getting the existing ACR and creating the appservice. it is an existing acr that was created outside pulumi.
Should I create a project/stack just for retrieve the Azure container registry and in the other one create the app service?
b

billowy-army-68599

09/24/2021, 4:48 PM
oh sorry, that was my misunderstanding, give me a moment
b

billions-mechanic-26704

09/24/2021, 4:48 PM
no worries, 🙂
b

billowy-army-68599

09/24/2021, 4:49 PM
this is in typescript, but hopefully it should be easy to understand...you need to add some `appSettings`:
Copy code
const app = new web.WebApp("app", {
    resourceGroupName: resourceGroup.name,
    serverFarmId: plan.id,
    siteConfig: {
        appSettings: [
            {
                name: "DOCKER_REGISTRY_SERVER_URL",
                value: pulumi.interpolate`https://${registry.loginServer}`,
            },
            {
                name: "DOCKER_REGISTRY_SERVER_USERNAME",
                value: adminUsername,
            },
            {
                name: "DOCKER_REGISTRY_SERVER_PASSWORD",
                value: adminPassword,
            },
            {
                name: "WEBSITES_PORT",
                value: "80", // Our custom image exposes port 80. Adjust for your app as needed.
            },
        ],
        alwaysOn: true,
        linuxFxVersion: pulumi.interpolate`DOCKER|${image.imageName}`,
    },
    httpsOnly: true,
});
b

billions-mechanic-26704

09/24/2021, 4:56 PM
Yes, these are my appSettings
Copy code
app_service = web.WebApp(
    "appservice-wmlab",
    resource_group_name=resource_group.name,
    server_farm_id=app_service_plan.id,
    site_config=web.SiteConfigArgs(
        app_settings=[
            web.NameValuePairArgs(name="WEBSITES_ENABLE_APP_SERVICE_STORAGE", value="true"),
            web.NameValuePairArgs(
                name="DOCKER_REGISTRY_SERVER_URL",
                value=rhdhv_container_registry.login_server.apply(
                    lambda login_server: f"https://{login_server}"
                )
            ),
            web.NameValuePairArgs(name="DOCKER_REGISTRY_SERVER_USERNAME", value=admin_username),
            web.NameValuePairArgs(name="DOCKER_REGISTRY_SERVER_PASSWORD", value=admin_password),
            web.NameValuePairArgs(name="WEBSITES_PORT", value="88888"),
        ],
        always_on=True,

        # THE THING IS THAT THIS `wm_lab_image` -- IT CONTINUES ON CHAT.
        linux_fx_version=wm_lab_image.image_name.apply(lambda image_name: f"DOCKER|{image_name}"),

    ),
    https_only=True
)
The point where I am struggling, is that
wm_lab_image
is the image I need to pull from the acr. I thought the
docker.Image
resource here allows to pull it, but it is just to build and push, so pull is not included being
build
parameter mandatory. So this that I did is wrong:
Copy code
wm_lab_image=docker.Image(
    container_image,
    image_name=rhdhv_container_registry.login_server.apply(
        lambda login_server: f"{login_server}/{container_image}:2021-07-2-dev" # check dinamically the tag
    ),
    registry=docker.ImageRegistry(
        server=rhdhv_container_registry.login_server,
        username=admin_username,
        password=admin_password
    )
    # registry=acr_credentials
)
Then that is why I don’t know which resource to pull the image as long i got the acr.
In your typescript snippet, are you accessing to the image name and docker credentials that you probably exported before, are you accessing them with
pulumi.interpolate
?
If so there is a python equivalent?
b

billowy-army-68599

09/24/2021, 5:03 PM
in the python/ts example the image is built locally, I understand the problem now. you want to grab an image that exists in a repo programmatically, right?
not hard code the image name?
b

billions-mechanic-26704

09/24/2021, 5:04 PM
yes exactly
b

billowy-army-68599

09/24/2021, 5:04 PM
but you'll need to know the image name anyway, so you'll likely need to hard code something
✔️ 1
b

billions-mechanic-26704

09/24/2021, 9:17 PM
@billowy-army-68599 sorry for bothering you, I am using the
docker.get_registry_image
function to retrieve a docker image, and now I got a different error, which make it looks promising. • I am getting the configuration of the existing container registry:
Copy code
rhdhv_container_registry = azure_native.containerregistry.Registry(
    "rhdhvContainerRegistry",
    admin_user_enabled=True,
    location="westeurope",
    network_rule_set=azure_native.containerregistry.NetworkRuleSetArgs(
        default_action="Allow",
    ),
    registry_name="rhdhvContainerRegistry",
    resource_group_name="genericRG1",
    sku=azure_native.containerregistry.SkuArgs(
        name="Premium",
    ),
    opts=pulumi.ResourceOptions(protect=True))


# HERE I GOT THE CREDENTIALS
acr_credentials = pulumi.Output.all("genericRG1", rhdhv_container_registry.name).apply(
    lambda args: azure_native.containerregistry.list_registry_credentials(
        resource_group_name=args[0],
        registry_name=args[1]
    )
)
admin_username = acr_credentials.username
admin_password = acr_credentials.passwords[0]["value"]

# HERE THE CREDENTIALS ARE EXPORTED JUST TO SEE THEM TO
# REALIZED I AM TALKING TO THE CONTAINER REGISTRY
pulumi.export("acr_admin_username", admin_username)
pulumi.export("acr_admin_password", admin_password)
• Then I try to fetch the docker image with
docker.get_registry_image
function in this way:
Copy code
wm_lab_registry_image = docker.get_registry_image(name="<http://rhdhvcontainerregistry.azurecr.io/wmlab:2021-07-2-dev|rhdhvcontainerregistry.azurecr.io/wmlab:2021-07-2-dev>")
wm_lab_remote_image = docker.RemoteImage(
    "wmlabRemoteImage",
    name=wm_lab_registry_image.name,
    pull_triggers=[wm_lab_registry_image.sha256_digest]
)
• And the configuration for the appservice is this:
Copy code
app_service = web.WebApp(
    "appservice-wmlab",
    resource_group_name=resource_group.name,
    server_farm_id=app_service_plan.id,
    site_config=web.SiteConfigArgs(
        app_settings=[
            web.NameValuePairArgs(name="WEBSITES_ENABLE_APP_SERVICE_STORAGE", value="true"),
            web.NameValuePairArgs(
                name="DOCKER_REGISTRY_SERVER_URL",
                value=rhdhv_container_registry.login_server.apply(
                    lambda login_server: f"https://{login_server}"
                )
            ),
            web.NameValuePairArgs(name="DOCKER_REGISTRY_SERVER_USERNAME", value=admin_username),
            web.NameValuePairArgs(name="DOCKER_REGISTRY_SERVER_PASSWORD", value=admin_password),
            web.NameValuePairArgs(name="WEBSITES_PORT", value="88888"),
        ],
        always_on=True,
        linux_fx_version=wm_lab_remote_image.name
        # linux_fx_version=wm_lab_registry_image.name
    ),
    https_only=True
)
But then at the output I got an
401 Unauthorized
error precisely at
get_registry_image
Copy code
File "./__main__.py", line 187, in <module>
        wm_lab_registry_image = docker.get_registry_image(name="<http://rhdhvcontainerregistry.azurecr.io/wmlab:2021-07-2-dev|rhdhvcontainerregistry.azurecr.io/wmlab:2021-07-2-dev>")
      File "/Users/bgarcial/workspace/wmlab-infrastructure/venv/lib/python3.8/site-packages/pulumi_docker/get_registry_image.py", line 113, in get_registry_image
        __ret__ = pulumi.runtime.invoke('docker:index/getRegistryImage:getRegistryImage', __args__, opts=opts, typ=GetRegistryImageResult).value
      File "/Users/bgarcial/workspace/wmlab-infrastructure/venv/lib/python3.8/site-packages/pulumi/runtime/invoke.py", line 146, in invoke
        raise invoke_error
    Exception: invoke of docker:index/getRegistryImage:getRegistryImage failed: invocation of docker:index/getRegistryImage:getRegistryImage returned an error: invoking docker:index/getRegistryImage:getRegistryImage: 1 error occurred:
    	* Got error when attempting to fetch image version wmlab:2021-07-2-dev from registry: Got bad response from registry: 401 Unauthorized
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
In somehow, looks like the credentials or the loginserver URL is not achieving the request when fetching the image at
get_registry_image
, but I can confirm that the credentials are the correct ones, since I got them right at the export outputs such as is shown at the picture below
b

billowy-army-68599

09/24/2021, 9:20 PM
oh man, it looks like the get_registry_image command doesn't support credentials 😞 you'll probably have to hardcode the image you want to pull, I'm afraid
b

billions-mechanic-26704

09/24/2021, 10:01 PM
@billowy-army-68599 I got it, I put the complete path image at
linux_fx_version
app_settings parameter and it works. How recommendable is this “approach”?
Copy code
linux_fx_version="<http://mycontainerregistry.azurecr.io/imagename:tag|mycontainerregistry.azurecr.io/imagename:tag>",
b

billowy-army-68599

09/24/2021, 10:07 PM
Totally recommendable! You might want to make the tag a config option so you can update it outside the code?
b

billions-mechanic-26704

09/24/2021, 10:16 PM
like a value to be set via
pulumi config set
?
b

billowy-army-68599

09/24/2021, 10:17 PM
Yep
✔️ 1
b

billions-mechanic-26704

09/24/2021, 10:25 PM
Thanks for the help @billowy-army-68599
34 Views