search

Azure-Samples / container-apps-store-api-microservice

Sample microservices solution using Azure Container Apps, Dapr, Cosmos DB, and Azure API Management
MIT License
340 stars 420 forks source link

Initial Deployment to ACA Fails Authentication to ACR #21

Closed mumby0168 closed 2 years ago

mumby0168 commented 2 years ago

This issue is for a: (mark with an x)

- [ x ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

  1. Create azure container registry in bicep
  2. Create KV
  3. Create container app environment
  4. Store password for ACR in KV
  5. Build and push docker image to private ACR
  6. Deploy azure container app with new image (via bicep)

Any log messages given by the failure

ERROR: ***"status":"Failed","error":***"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[***"code":"Conflict","message":"***\r\n  \"status\": \"Failed\",\r\n  \"error\": ***\r\n    \"code\": \"ResourceDeploymentFailure\",\r\n    \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n    \"details\": [\r\n      ***\r\n        \"code\": \"DeploymentFailed\",\r\n        \"message\": \"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\",\r\n        \"details\": [\r\n          ***\r\n            \"code\": \"BadRequest\",\r\n            \"message\": \"***\\r\\n  \\\"code\\\": \\\"WebhookInvalidParameterValue\\\",\\r\\n  \\\"message\\\": \\\"The following field(s) are either invalid or missing. Invalid value: \\\\\\\"cosmossdkidentitydemoacr.azurecr.io/books-api:7826629ba32ba4f08d1e7255dc24849fe9018bc6\\\\\\\": GET https:?scope=repository%3Abooks-api%3Apull&service=cosmossdkidentitydemoacr.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.: template.containers.books-api.image.\\\"\\r\\n***\"\r\n          ***\r\n        ]\r\n      ***\r\n    ]\r\n  ***\r\n***"***]***
[22](https://github.com/mumby0168/cosmos-repository-sdk-identity/runs/6627441780?check_suite_focus=true#step:5:23)
Error: Error: az cli script failed.

Expected/desired behavior

The image is pulled and the application deploys

OS and Version?

Via Github Actions linux.

Versions

Mention any other details that might be useful

I have all the bicep defined in this repository: https://github.com/mumby0168/cosmos-repository-sdk-identity/tree/deploy

The error is also present in this github actions run:

https://github.com/mumby0168/cosmos-repository-sdk-identity/actions/runs/2397180530

Is this the correct way to deploy to azure container apps? I did not want to use containerapp up as then my bicep is not repeatable.

kendallroden commented 2 years ago

We don't support KV references today. you can use MI to do an image pull or you can auth using username and password