Azure ContainerApps YAML registry identity

Question

I am trying to spin up an Azure ContainerApp service via a YAML configuration file. The problem is with the following block:

registries:
  - passwordSecretRef: null
    server: xxx.azurecr.io
    identity: "/subscriptions/xxx/resourcegroups/xxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymanagedidentity"
    username: null

The error message is the following:

(InvalidParameterValueInContainerTemplate) The following field(s) are either invalid or missing. Field 'configuration.Registries.xxx.azurecr.io.Identity' is invalid with details: 'Invalid value: "/subscriptions/xxx/resourcegroups/xxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymanagedidentity": Managed Identity does not exist';.

This user-assigned managed does exist and has the AcrPull permission on the acr scope. I can confirm it by running az identity show --name mymanagedidentity --resource-group xxx --query id --output tsv

Furthermore, it works perfectly if I create the containerapp via a cli command referencing this managed identity.

az containerapp create --registry-identity /subscriptions/xxx/resourcegroups/xxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mymanagedidentity --registry-server xxx.azurecr.io

I would appreciate any input on what might be the issue and how to resolve it!

score 0 · Answer 1 · answered Jul 06 '23 at 20:41

0

I needed to add the following block to the YAML configuration file in order for things to work:

answered Jul 06 '23 at 20:41

Abraham

185
1
10

Azure ContainerApps YAML registry identity

1 Answers1