[ ] bug report -> please search issues before submitting
[ ] documentation issue or request
[ ] regression (a behavior that used to work and stopped in a new release)
Issue description
This might be an issue or it might be a feature request.
I have a client who is adopting Azure Container Apps and using Consumption Workload Profiles to run their custom applications. The business decision is to package and push the applications to an internal Proget container registry which is secured with an SSL Certificate from the internal Enterprise PKI.
When attempting to deploy a Container App into one of our environments we get an error similar to the below as the Container App Environment doesn't trust the PKI issued certificate.
Get "<IMAGE URL REDACTED>": tls: failed to verify certificate: x509: certificate signed by unknown authority';.
Which I accept is expected behaviour.
My question is, is it possible to add a Root/Intermediate CA cert bundle to the ACA/CAE so that it trusts these internal PKI issued certificates when pulling the container image?
Steps to reproduce
Using "az containerapp create"
az containerapp create \ --name <APP NAME> \ --resource-group <RG NAME> \ --environment <CAE NAME> \ --workload-profile-name Consumption \ --container-name <CONTAINER NAME> \ --image <IMAGE URL:TAG> \ --cpu 0.25 \ --memory 0.5Gi \ --revisions-mode single
This issue is a: (mark with an x)
Issue description
This might be an issue or it might be a feature request.
I have a client who is adopting Azure Container Apps and using Consumption Workload Profiles to run their custom applications. The business decision is to package and push the applications to an internal Proget container registry which is secured with an SSL Certificate from the internal Enterprise PKI.
When attempting to deploy a Container App into one of our environments we get an error similar to the below as the Container App Environment doesn't trust the PKI issued certificate.
Get "<IMAGE URL REDACTED>": tls: failed to verify certificate: x509: certificate signed by unknown authority';.
Which I accept is expected behaviour.
My question is, is it possible to add a Root/Intermediate CA cert bundle to the ACA/CAE so that it trusts these internal PKI issued certificates when pulling the container image?
Steps to reproduce
az containerapp create \ --name <APP NAME> \ --resource-group <RG NAME> \ --environment <CAE NAME> \ --workload-profile-name Consumption \ --container-name <CONTAINER NAME> \ --image <IMAGE URL:TAG> \ --cpu 0.25 \ --memory 0.5Gi \ --revisions-mode single