Cannot deploy an Azure container app created via Terraform with VS2022
I created with Terrafrom the following Azure resources:
- A docker container registry
- A User-managed identity
- A log analytics workspace
- A Container app environment
- A container app
I also createad manually a second container app that is inside the same enviroment I created with terraform.
I can successfully publish my VS project to the container app I created manually. But it fails if I try to publish the VS project to the container app I created with terraform.
I try to give you more details.
Here the app I created with terraform:
resource "azurerm_container_app" "portal_api" {
name = "${var.env_prefix}-portal-ca-westeu"
container_app_environment_id = azurerm_container_app_environment.portal_cae.id
resource_group_name = azurerm_resource_group.rg_portal.name
revision_mode = "Single"
identity {
type = "UserAssigned"
identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
}
secret {
name = azurerm_container_registry.docker_cr.admin_username
value = azurerm_container_registry.docker_cr.admin_password
}
registry {
server = azurerm_container_registry.docker_cr.login_server
identity = azurerm_user_assigned_identity.docker_id.id
}
template {
min_replicas = 1
max_replicas = 1
container {
name = "${var.env_prefix}-portal-ci-westeu"
image = "xxxx.azurecr.io/yyyy:latest"
cpu = 0.5
memory = "1Gi"
}
}
ingress {
allow_insecure_connections = false
external_enabled = true
target_port = 80
traffic_weight {
percentage = 100
}
}
tags = {
Source = "${var.iac}"
}
lifecycle {
ignore_changes = [
template[0].container[0].image,
ingress.traffic_weight
]
}
}
The container app generated seems to be exctly the same of the container app I created manually. The secret was not necessary because of the managed identity. I added it for trying to resolve my problem.
Then I move to VS 2022. Here the publish profile of the container app I created manually:
Here the publish profile of the container app I created with Terraform:
I remember you that the container environment is the same:
Now I try to publish the project in the container app created via Terraform. I get this error:
The logs in output windows does not report anything interesting, anything different respect when I publish the project successfully in the other app.
Last thing that can be useful: From the message I understand that the problem is in the registry. But
- Both publish profile use the same registry, the one I created with terraform.
- In any case, the image is correctly published in the registry, even if I get the error. The real thing is that when I get the error the
image appin the app container does not change! - I can publish correctly the image to the registry:
Ah, last important thing: If I edit and deploy new revision from Azure portal, everything works correctly. The container app seems have no problem.
It's first time I using container app, and firt time I am creating the via terraform. So I hope I wrote everything.
Thank you
I've found the problem is the way The app container connect to the Registry.
I wanted to use a User-Assigned identity
identity {
type = "UserAssigned"
identity_ids = [ azurerm_user_assigned_identity.docker_id.id ]
}
registry {
server = azurerm_container_registry.docker_cr.login_server
identity = azurerm_user_assigned_identity.docker_id.id
}
But in some way, if I launch the publish from VS the container cannot connect to the registry.
I changed the code in this way:
secret {
name = azurerm_container_registry.docker_cr.admin_username
value = azurerm_container_registry.docker_cr.admin_password
}
registry {
server = azurerm_container_registry.docker_cr.login_server
username = azurerm_container_registry.docker_cr.admin_username
password_secret_name = azurerm_container_registry.docker_cr.admin_username
}