Azure Container Apps – Creating using Terraform [part 1]

Azure Container Apps – Creating using Terraform, which used to be challenging. Why? Because a lot of tasks required the usage of the notoriously difficult-to-use AzApi, we recently began to be able to develop Azure Container Apps utilizing only resources from the AzureRM provider. This is wonderful news!

All sources are included in this article and are available for download. Enjoy!

Let’s begin with the developed architecture:

Container Apps hosted in a virtual network, created using Terraform

Azure Container Apps – Creating using Terraform

What will be created by this script?

  • Azure Container App Environment – This component is integrated with a Virtual Network
  • Container App.
  • Ingress – routes traffic from the internet to the Container App, used only when the App environment is integrated with vnet.
  • Azure Virtual Network.
  • Azure Container Registry – Also imported will be the test image from Microsoft’s open ACR.
  • Azure Log Analytics workspace.
  • User Managed Identity – In Azure Container App used for Container Registry authentication, we must use User Managed Identity, as currently no option for Managed Identity

Use an image from ACR in the Azure Container App

The steps below must be followed in order to use an image from the Azure Container Registry:

  • Create a user-managed identity.
  • Assigning AcrPull permission to the User Managed Identity (UMI)
  • Add UMI to the Container App in the identity part.
  • Configure the registry part to use UMI.

Now let us see the Terraform script, for the above steps:

User Managed Identity (UMI) creation:

Configuring the Container App to use UMI while authorizing the connection to the ACR:

The InvalidParameterValueInContainerTemplate problem indicates that your configuration registry authentication is insufficient. Copy the working script from my example!

Sample image – import from public Microsft Azure Container Registry into private ACR

In Terraform, we must utilize a local-exec provisioner to import an image from another Container Registry. It implies that the code from this stage will run on the computer that is now executing the Terraform script. To make this script work, you must log in to Azure using your console. Input command:

az login

Terraform script form image import from Microsoft’s public Azure Container Registry into the just created private Azure Container Registry:

Container App Is it working?

To run the newly deployed Azure Container App, navigate to the Container App resource and copy the Application Url from the overview page, as shown in the image below:

If you copy and paste this URL into a new tab, you should see:

I sincerely hope you enjoyed it, and if so, I’d appreciate a Like or Comment on my LinkedIn profile.

Here you can find all the articles from the series.

Leave a Reply

Your email address will not be published. Required fields are marked *