Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
i
icy-doctor-13719
12/29/2022, 7:08 PMIm creating an
AzureNative.ContainerRegistry.RegistryTemplateUNAUTHORIZED: authentication requiredservice principal running pulumi has
Acrpullm
many-telephone-49025
12/29/2022, 7:16 PMYou should create a managed identity with Pull rights
And add it to the ContainerApp
i
icy-doctor-13719
12/29/2022, 7:24 PMill try that out and report back - thanks!
Same deal:
Created Registry
Created User Assigned Identity
Assigned UserAssignedIdentity the acrpull role on registry
Assigned UserAssignedIdentity to ContainerApp
still erroring 😕
m
many-telephone-49025
12/29/2022, 7:52 PMSo the ContainerApp cant pull the image from the ACR? Just to understand
You can push Images to ACR
i
icy-doctor-13719
12/29/2022, 7:54 PMive got the image in ACR … trying to write pulumi to stand up a AzureNative.App.ContainerApp with the image in the configuration … but when Pulumi is spinning up the container app, that’s where the error is
m
many-telephone-49025
12/29/2022, 7:57 PMDo you pass the identity id to the Container App Private Registry field too?
i
icy-doctor-13719
12/29/2022, 7:58 PMaha, i didn’t even see that config - will try that now. thank you! 🙏
m
many-telephone-49025
12/29/2022, 7:59 PMOther then that the scope of the role assignment is the registry.id
But this are things you should verify via the Portal UI (guilty of using the UI sometimes 😅 )
i
icy-doctor-13719
12/29/2022, 8:01 PMthat’s usually my route … this type of resource is new for me though haha
m
many-telephone-49025
12/29/2022, 8:01 PMAnd Important: The Registry should not be build with Admin mode
So
AdminUserEnabledi
icy-doctor-13719
12/29/2022, 8:02 PMbrilliant
m
many-telephone-49025
12/29/2022, 8:03 PMotherwhise you could use the username / password and pass it to the https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#registrycredentials
i
icy-doctor-13719
12/29/2022, 8:04 PMgoing to try the user managed identity route and see how it goes
m
many-telephone-49025
12/29/2022, 8:04 PMYes, I prefer this too! Your Sec department will love you for this 😄
i
icy-doctor-13719
12/29/2022, 8:04 PMyea, passwords are the devil
I am security haha
m
many-telephone-49025
12/29/2022, 8:04 PM😄
I send you the wrong link above:
https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#registrycredentials
And here the property: identity