Unable to use a image from ACR in azure container app.

Dhariwal, Jaanvi 15 Reputation points
2023-07-18T12:28:41.5+00:00

While using image from azure container registry in the container apps which we are deploying using modules approach in terraform, I am unable to use that image and this error pops up and I have also logged in through admin credentials in ACR then also this issue persists.

Screenshot 2023-07-18 175723

Error -->

RESPONSE 400: 400 Bad Request

│ ERROR CODE: InvalidParameterValueInContainerTemplate

│ --------------------------------------------------------------------------------

│ {

│ "error": {

│ "code": "InvalidParameterValueInContainerTemplate",

│ "message": "The following field(s) are either invalid or missing. Field 'template.containers.webapp.image' is invalid with details: 'Invalid value: "jdacrdj.azurecr.io/optinexusapp:1": GET https:?scope=repository%3Aoptinexusapp%3Apull&service=jdacrdj.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
398 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
275 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Karol Pieciukiewicz 5 Reputation points MVP
    2023-09-08T08:48:05.9066667+00:00

    I've found the solution to this issue. To do so, there must be set "User Assigned Identity", and configured repository access, see code below:

    resource "azurerm_container_app" "sampleapi" {
  name                         = "${local.prefix}-app"
  container_app_environment_id = azurerm_container_app_environment.app_env.id
  resource_group_name          = azurerm_resource_group.rg.name
  revision_mode                = "Single"

  identity {
    type = "SystemAssigned, UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.ca_identity.id ]
  }

  registry {
    identity = azurerm_user_assigned_identity.ca_identity.id
    server   = container_registry_host_name
  }

  ...
}

    container_registry_host_name - {yourACRname}.azurecr.io

    Need to set AcrPull for this User Assigned Identity

    resource "azurerm_role_assignment" "acrpull_mi" {
  scope                = module.container_registry.id
  role_definition_name = "AcrPull"
  principal_id         = azurerm_user_assigned_identity.ca_identity.principal_id
}

    Using this setup I can download image from my Azure Container Registry using User Assigned Identity. Cheers!

    1 person found this answer helpful.
    0 comments