[QUERY] Connecting to ACR using Managed Identity to create ACI

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.

MIT License

5.25k stars 4.58k forks source link

[QUERY] Connecting to ACR using Managed Identity to create ACI #45492

Closed shankarvrp closed 1 week ago

shankarvrp commented 1 month ago

Library name and version

Azure.ResourceManager.ContainerInstance 1.2.1

Query/Question

Hi All,

I am using the samples to create ACI, while all samples appear to cover the public images to use in ACR, I don't see a way to connect to ACR using Managed Identity. Is there a way to achieve this when creating ACI instance programmatically today or is coming in the near term? Thanks much

On another note, also tried using Microsoft.Azure.Management.ContainerInstance.Fluent, there is the WithPrivateImageRegistry option that takes username and password but that also doesn't support managed identity.

Environment

No response

jsquire commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

HarveyLink commented 2 weeks ago

Please following this document to understand the limitations and prerequisites. https://learn.microsoft.com/en-us/azure/container-instances/using-azure-container-registry-mi As the doc suggest, we could assgin the identity both in identity property and imageRegistryCredentials property part, which would make the code look like:

var containerGroup = new ContainerGroupData(
  location: "westus",
  containers: containers,
  osType: ContainerInstanceOperatingSystemType.Linux)
{
    Identity = new ManagedServiceIdentity(ManagedServiceIdentityType.UserAssigned)
    {
        UserAssignedIdentities =
        {
            { new ResourceIdentifier("uid"), new UserAssignedIdentity() }
        }
    },
    ImageRegistryCredentials =
    {
        new ContainerGroupImageRegistryCredential("myacr.azurecr.io")
        {
            Identity = "uid"
        }
    },

.... }

github-actions[bot] commented 2 weeks ago

Hi @shankarvrp. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

github-actions[bot] commented 1 week ago

Hi @shankarvrp, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.