1

I created with Terrafrom the following Azure resources:

  • A docker container registry
  • A User-managed identity
  • A log analytics workspace
  • A Container app environment
  • A container app

I also createad manually a second container app that is inside the same enviroment I created with terraform.

I can successfully publish my VS project to the container app I created manually. But it fails if I try to publish the VS project to the container app I created with terraform.

I try to give you more details.

Here the app I created with terraform:

resource "azurerm_container_app" "portal_api" {
  name                         = "${var.env_prefix}-portal-ca-westeu"
  container_app_environment_id = azurerm_container_app_environment.portal_cae.id
  resource_group_name          = azurerm_resource_group.rg_portal.name
  revision_mode                = "Single"

  identity {
    type         = "UserAssigned"
    identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
  }
  
  secret {
    name  = azurerm_container_registry.docker_cr.admin_username
    value = azurerm_container_registry.docker_cr.admin_password
  }
  
  registry {
    server   = azurerm_container_registry.docker_cr.login_server
    identity = azurerm_user_assigned_identity.docker_id.id
  }
  
  template {
    min_replicas = 1
    max_replicas = 1
    
    container {
      name   = "${var.env_prefix}-portal-ci-westeu"
      image  = "xxxx.azurecr.io/yyyy:latest"
      cpu    = 0.5
      memory = "1Gi"
    }
  }
  
  ingress {
    allow_insecure_connections = false
    external_enabled           = true
    target_port                = 80
    
    traffic_weight {
      percentage = 100
    }
  }
  
  tags = {
    Source = "${var.iac}"
  }
  
  lifecycle {
    ignore_changes = [ 
      template[0].container[0].image,
      ingress.traffic_weight
    ]
  }
}

The container app generated seems to be exctly the same of the container app I created manually. The secret was not necessary because of the managed identity. I added it for trying to resolve my problem.

Then I move to VS 2022. Here the publish profile of the container app I created manually:

enter image description here

Here the publish profile of the container app I created with Terraform:

enter image description here

I remember you that the container environment is the same:

enter image description here

Now I try to publish the project in the container app created via Terraform. I get this error:

enter image description here

The logs in output windows does not report anything interesting, anything different respect when I publish the project successfully in the other app.

Last thing that can be useful: From the message I understand that the problem is in the registry. But

  1. Both publish profile use the same registry, the one I created with terraform.
  2. In any case, the image is correctly published in the registry, even if I get the error. The real thing is that when I get the error the image app in the app container does not change!
  3. I can publish correctly the image to the registry:

enter image description here

enter image description here

Ah, last important thing: If I edit and deploy new revision from Azure portal, everything works correctly. The container app seems have no problem.

It's first time I using container app, and firt time I am creating the via terraform. So I hope I wrote everything.

Thank you

Improve this question
4
  • looks like you cant push to the container registry? which account are you using form VS ? Commented May 3, 2023 at 23:15
  • Hi @Thomas thank you. I am using the credential of the owner of subscription. You are right, the problem look like that, but it is not that. 2 reasons: 1. If I try to publish only to Azure Container Registry, it success ( I mean this: learn.microsoft.com/en-us/visualstudio/containers/…); 2. If I try to publish to app container, it correctly publish the new image to registry but then fail to update the app container with new image. Commented May 4, 2023 at 6:50
  • Also, the registry (and the app container environment) is the same for both app containers, the one I created manually and the one I created with terraform. Commented May 4, 2023 at 7:01
  • Hi @Thomas, do you know if exists some logs I can see from vs? Commented May 5, 2023 at 7:09

1 Answer 1

Reset to default
0

I've found the problem is the way The app container connect to the Registry.

I wanted to use a User-Assigned identity

  identity {
    type         = "UserAssigned"
    identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
  }

  registry {
    server   = azurerm_container_registry.docker_cr.login_server
    identity = azurerm_user_assigned_identity.docker_id.id
  }

But in some way, if I launch the publish from VS the container cannot connect to the registry.

I changed the code in this way:

  secret {
    name  = azurerm_container_registry.docker_cr.admin_username
    value = azurerm_container_registry.docker_cr.admin_password
  }
    
  registry {
    server               = azurerm_container_registry.docker_cr.login_server
    username             = azurerm_container_registry.docker_cr.admin_username
    password_secret_name = azurerm_container_registry.docker_cr.admin_username
  }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.