Im creating an `AzureNative ContainerRegistry Registry` and Pulumi Community #azure

Im creating an `AzureNative.ContainerRegistry.Regi...

icy-doctor-13719

12/29/2022, 7:08 PM

Im creating an

AzureNative.ContainerRegistry.Registry

and publishing a container image in there. When I try and reference the image on the

Template

object via`AzureNative.App.ContainerApp` , it’s failing with the error:

Copy code

UNAUTHORIZED: authentication required

Is there a way to provide Pulumi with the credentials for the registry? Maybe Im missing something in the docs

icy-doctor-13719

12/29/2022, 7:09 PM

service principal running pulumi has

Acrpull

role on the container registry

many-telephone-49025

12/29/2022, 7:16 PM

You should create a managed identity with Pull rights

many-telephone-49025

12/29/2022, 7:17 PM

And add it to the ContainerApp

icy-doctor-13719

12/29/2022, 7:24 PM

ill try that out and report back - thanks!

icy-doctor-13719

12/29/2022, 7:50 PM

Same deal: Created Registry Created User Assigned Identity Assigned UserAssignedIdentity the acrpull role on registry Assigned UserAssignedIdentity to ContainerApp still erroring 😕

many-telephone-49025

12/29/2022, 7:52 PM

So the ContainerApp cant pull the image from the ACR? Just to understand

many-telephone-49025

12/29/2022, 7:53 PM

You can push Images to ACR

icy-doctor-13719

12/29/2022, 7:54 PM

ive got the image in ACR … trying to write pulumi to stand up a AzureNative.App.ContainerApp with the image in the configuration … but when Pulumi is spinning up the container app, that’s where the error is

many-telephone-49025

12/29/2022, 7:57 PM

Do you pass the identity id to the Container App Private Registry field too?

icy-doctor-13719

12/29/2022, 7:58 PM

aha, i didn’t even see that config - will try that now. thank you! 🙏

many-telephone-49025

12/29/2022, 7:59 PM

https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#identity_nodejs

many-telephone-49025

12/29/2022, 8:00 PM

Other then that the scope of the role assignment is the registry.id

many-telephone-49025

12/29/2022, 8:01 PM

But this are things you should verify via the Portal UI (guilty of using the UI sometimes 😅 )

icy-doctor-13719

12/29/2022, 8:01 PM

that’s usually my route … this type of resource is new for me though haha

many-telephone-49025

12/29/2022, 8:01 PM

And Important: The Registry should not be build with Admin mode

many-telephone-49025

12/29/2022, 8:02 PM

AdminUserEnabled

should be false

icy-doctor-13719

12/29/2022, 8:02 PM

brilliant

many-telephone-49025

12/29/2022, 8:03 PM

otherwhise you could use the username / password and pass it to the https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#registrycredentials

icy-doctor-13719

12/29/2022, 8:04 PM

going to try the user managed identity route and see how it goes

many-telephone-49025

12/29/2022, 8:04 PM

Yes, I prefer this too! Your Sec department will love you for this 😄

icy-doctor-13719

12/29/2022, 8:04 PM

yea, passwords are the devil

icy-doctor-13719

12/29/2022, 8:04 PM

I am security haha

many-telephone-49025

12/29/2022, 8:04 PM

😄

many-telephone-49025

12/29/2022, 8:06 PM

I send you the wrong link above: https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#registrycredentials And here the property: identity

2 Views

Open in Slack

Previous Next