1

I created with Terrafrom the following Azure resources:

  • A docker container registry
  • A User-managed identity
  • A log analytics workspace
  • A Container app environment
  • A container app

I also createad manually a second container app that is inside the same enviroment I created with terraform.

I can successfully publish my VS project to the container app I created manually. But it fails if I try to publish the VS project to the container app I created with terraform.

I try to give you more details.

Here the app I created with terraform:

resource "azurerm_container_app" "portal_api" {
  name                         = "${var.env_prefix}-portal-ca-westeu"
  container_app_environment_id = azurerm_container_app_environment.portal_cae.id
  resource_group_name          = azurerm_resource_group.rg_portal.name
  revision_mode                = "Single"

  identity {
    type         = "UserAssigned"
    identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
  }
  
  secret {
    name  = azurerm_container_registry.docker_cr.admin_username
    value = azurerm_container_registry.docker_cr.admin_password
  }
  
  registry {
    server   = azurerm_container_registry.docker_cr.login_server
    identity = azurerm_user_assigned_identity.docker_id.id
  }
  
  template {
    min_replicas = 1
    max_replicas = 1
    
    container {
      name   = "${var.env_prefix}-portal-ci-westeu"
      image  = "xxxx.azurecr.io/yyyy:latest"
      cpu    = 0.5
      memory = "1Gi"
    }
  }
  
  ingress {
    allow_insecure_connections = false
    external_enabled           = true
    target_port                = 80
    
    traffic_weight {
      percentage = 100
    }
  }
  
  tags = {
    Source = "${var.iac}"
  }
  
  lifecycle {
    ignore_changes = [ 
      template[0].container[0].image,
      ingress.traffic_weight
    ]
  }
}

The container app generated seems to be exctly the same of the container app I created manually. The secret was not necessary because of the managed identity. I added it for trying to resolve my problem.

Then I move to VS 2022. Here the publish profile of the container app I created manually:

enter image description here

Here the publish profile of the container app I created with Terraform:

enter image description here

I remember you that the container environment is the same:

enter image description here

Now I try to publish the project in the container app created via Terraform. I get this error:

enter image description here

The logs in output windows does not report anything interesting, anything different respect when I publish the project successfully in the other app.

Last thing that can be useful: From the message I understand that the problem is in the registry. But

  1. Both publish profile use the same registry, the one I created with terraform.
  2. In any case, the image is correctly published in the registry, even if I get the error. The real thing is that when I get the error the image app in the app container does not change!
  3. I can publish correctly the image to the registry:

enter image description here

enter image description here

Ah, last important thing: If I edit and deploy new revision from Azure portal, everything works correctly. The container app seems have no problem.

It's first time I using container app, and firt time I am creating the via terraform. So I hope I wrote everything.

Thank you

Simone
  • 2,304
  • 6
  • 30
  • 79
  • looks like you cant push to the container registry? which account are you using form VS ? – Thomas May 03 '23 at 23:15
  • Hi @Thomas thank you. I am using the credential of the owner of subscription. You are right, the problem look like that, but it is not that. 2 reasons: 1. If I try to publish only to Azure Container Registry, it success ( I mean this: https://learn.microsoft.com/en-us/visualstudio/containers/hosting-web-apps-in-docker?view=vs-2022#publish-your-container-to-azure-container-registry-1); 2. If I try to publish to app container, it correctly publish the new image to registry but then fail to update the app container with new image. – Simone May 04 '23 at 06:50
  • Also, the registry (and the app container environment) is the same for both app containers, the one I created manually and the one I created with terraform. – Simone May 04 '23 at 07:01
  • Hi @Thomas, do you know if exists some logs I can see from vs? – Simone May 05 '23 at 07:09

1 Answers1

0

I've found the problem is the way The app container connect to the Registry.

I wanted to use a User-Assigned identity

  identity {
    type         = "UserAssigned"
    identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
  }

  registry {
    server   = azurerm_container_registry.docker_cr.login_server
    identity = azurerm_user_assigned_identity.docker_id.id
  }

But in some way, if I launch the publish from VS the container cannot connect to the registry.

I changed the code in this way:

  secret {
    name  = azurerm_container_registry.docker_cr.admin_username
    value = azurerm_container_registry.docker_cr.admin_password
  }
    
  registry {
    server               = azurerm_container_registry.docker_cr.login_server
    username             = azurerm_container_registry.docker_cr.admin_username
    password_secret_name = azurerm_container_registry.docker_cr.admin_username
  }
Simone
  • 2,304
  • 6
  • 30
  • 79