I've set up a container registry that contains an image. I have a container app that uses the image and I have it working, but only when "Admin user" is checked in the registry's access keys. If I disable that checkbox, the app no longer works and I get an exception stating "ImagePullFailure". I followed a stackoverflow answer that explained how to get around this using IAM, but it doesn't seem to be working. Below is a screenshot showing the role assigned:
I've also followed a MS article explaining the same thing, and I even tried user managed identities too, but it still won't work. Does anyone have any ideas for why this might not be working? It seems like it's bad practice to leave the admin setting on, so I'm trying to avoid it. Thanks.
I've set up a container registry that contains an image. I have a container app that uses the image and I have it working, but only when "Admin user" is checked in the registry's access keys. If I disable that checkbox, the app no longer works and I get an exception stating "ImagePullFailure". I followed a stackoverflow answer that explained how to get around this using IAM, but it doesn't seem to be working. Below is a screenshot showing the role assigned:
I've also followed a MS article explaining the same thing, and I even tried user managed identities too, but it still won't work. Does anyone have any ideas for why this might not be working? It seems like it's bad practice to leave the admin setting on, so I'm trying to avoid it. Thanks.
Share Improve this question asked Mar 31 at 15:59 Murphybro2Murphybro2 2,7111 gold badge26 silver badges41 bronze badges 1- Could you please confirm that the managed identity has been added to your container app? – Mallikarjuna Vardham Commented Apr 1 at 6:54
2 Answers
Reset to default 1Initially, I kept the Docker image in the Azure Container Registry. I then created a user-assigned managed identity and assigned the Acr Pull role in the Azure Container Registry by navigating to IAM, clicking 'Add Role Assignment', selecting the user-assigned managed identity, and saved.
I have not enabled the admin user under Access Keys in Azure Container Registry.
After that, I opened my existing container app, navigated to Settings, selected Identity, and added the user-managed identity that I created.
After that, I selected Containers for the container app under Application. In Properties, I set the Image Source to Azure Container Registry and selected Managed Identity. Then, I provided the image name, registry, and image tag
Admin user be checked, and then you can use azure container registry using docker login. I think this is mandatory when using simple docker login to pull image.
I have just test using Managed identity, and have the same role as yours, and works well.