This message was deleted.
# azure
s
This message was deleted.
i
service principal running pulumi has
Acrpull
role on the container registry
m
You could create a user assigned identity with Pull rights
And add it to the ContainerApp
i
ill try that out and report back - thanks!
🙌 1
Same deal: Created Registry Created User Assigned Identity Assigned UserAssignedIdentity the acrpull role on registry Assigned UserAssignedIdentity to ContainerApp still erroring 😕
m
So the ContainerApp cant pull the image from the ACR? Just to understand
You can push Images to ACR
i
ive got the image in ACR … trying to write pulumi to stand up a AzureNative.App.ContainerApp with the image in the configuration … but when Pulumi is spinning up the container app, that’s where the error is
m
Do you pass the identity id to the Container App Private Registry field too?
i
aha, i didn’t even see that config - will try that now. thank you! 🙏
Other then that the scope of the role assignment is the registry.id
But this are things you should verify via the Portal UI (guilty of using the UI sometimes 😅 )
i
that’s usually my route … this type of resource is new for me though haha
m
And Important: The Registry should not be build with Admin mode
So
AdminUserEnabled
should be false
💪 1
i
brilliant
m
otherwhise you could use the username / password and pass it to the https://www.pulumi.com/registry/packages/azure-native/api-docs/app/containerapp/#registrycredentials
i
going to try the user managed identity route and see how it goes
👍 1
m
But:
😅 1
Yes, I prefer this too! Your Sec department will love you for this 😄
i
yea, passwords are the devil
I am security haha
m
😄