Terraform-provider-azurerm: Azure app service using Azure Container Registry image is being considered as Private

Created on 12 Aug 2019  ·  5Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

  • Terraform v0.11.8
  • provider.azurerm v1.32.1

Affected Resource(s)

  • azurerm_app_service and azurerm_container_registry

Terraform Configuration Files

resource "azurerm_app_service_plan" "appserviceplan" {
  name                = "${azurerm_resource_group.group.name}-plan"
  location            = "${azurerm_resource_group.group.location}"
  resource_group_name = "${azurerm_resource_group.group.name}"

  # Define Linux as Host OS
  kind = "Linux"

  # Choose size
  sku {
    tier = "Standard"
    size = "S1"
  }

  properties {
    reserved = true # Mandatory for Linux plans
  }
}

# Create an Azure Web App for Containers in that App Service Plan
resource "azurerm_app_service" "acrapp" {
  name                = "${azurerm_resource_group.group.name}-acrapp"
  location            = "${azurerm_resource_group.group.location}"
  resource_group_name = "${azurerm_resource_group.group.name}"
  app_service_plan_id = "${azurerm_app_service_plan.appserviceplan.id}"

  app_settings {
    WEBSITES_ENABLE_APP_SERVICE_STORAGE = false

    # Settings for private Container Registires  
    **DOCKER_REGISTRY_SERVER_URL      = ""
    DOCKER_REGISTRY_SERVER_USERNAME = ""
    DOCKER_REGISTRY_SERVER_PASSWORD = ""**
  }

  # Configure Docker Image to load on start
  site_config {
    linux_fx_version = "DOCKER|appsvcsample/static-site:latest"
    always_on        = "true"
  }

  identity {
    type = "SystemAssigned"
  }
}

Debug Output

I was expecting to see that the image is being pulled from ACR, even though it's pulling image from ACR, the container settings -> single container shows the image is being pulled from Private Registry. We are trying to add webhooks to this deployment and expecting it to pull the image from Azure Container Registry as the source instead of Private Registry.
Screen Shot 2019-08-12 at 12 19 55 PM

Expected Behavior

I'm expecting my terraform script to pull the image from ACR source, not to consider it as Private Registry!

Actual Behavior

Even though my image is being pulled from ACR, its considering it as Private Registry.

Steps to Reproduce

  1. terraform apply

References

  • #0000
question servicapp-service
Source
picture siddthota
👍3

Most helpful comment

I've had a similar problem in the past. In your azurerm_app_service resource, try ensuring that you're using https:// at the beginning of your DOCKER_REGISTRY_SERVER_URL.

picture ryanps1 on 18 Sep 2019
😄1 👍1

All 5 comments

I ran into a similar / same issue once but i thought it was because of the fact that my ACR was in a different subscription than the app service. Then in the portal i wasn't able to select the ACR but i had to use the private one. Not sure if it really is a TF but more an Azure problem.

Question: is your ACR in the same or in a different subscription?

If App Service and ACR are in the same subscription then pls configure the app service image via portal by choosing it from the ACR and then try to export the ARM template of the app service and see if there are any differences you might have forgotten.

r0bnet picture r0bnet on 15 Aug 2019
😕1 👍1

My ACR and APP Service are in same subscription. I tried doing that manually, copied ARM and tried to convert that into a TF script, ARM is using 

ARM -  "linuxFxVersion": "DOCKER|appsvcsample.azurecr.io/myapp:latest",

TF - "site_config {
    linux_fx_version = "DOCKER|appsvcsample.azurecr.io/myapp:latest" 
}

The ARM with linuxFXVersion property appears, if you try to pull the image from ACR. I assumed the same thing should happen with TF as well, but it's pulling the image from Private repo. I compared the manual config ARM vs TF config ARM and both looked same. Not sure what's the resolution for this!

siddthota picture siddthota on 12 Sep 2019

I've had a similar problem in the past. In your azurerm_app_service resource, try ensuring that you're using https:// at the beginning of your DOCKER_REGISTRY_SERVER_URL.

ryanps1 picture ryanps1 on 18 Sep 2019
😄1 👍1

Awesome.... Thanks for the tip. It worked with https:// :)

Closing the issue

siddthota picture siddthota on 2 Oct 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 29 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tombuildsstuff picture tombuildsstuff  ·  89Comments
hashibot picture hashibot  ·  43Comments
srusru picture srusru  ·  44Comments
mjyeaney picture mjyeaney  ·  34Comments
sukhmeet picture sukhmeet  ·  31Comments