Prepare Azure Container Registry and managed identity for the applications
Before deploying your applications to the Azure Container Apps environment, you’ll need an Azure Container Registry instance that allows you to build and save your application container images. You’ll also need to allow your Container Apps environment to pull images from this new container registry.
To give your Container Apps environment secure access to the container registry, we’ll create a user managed identity and assign it the required privileges to use the images stored in your Azure Container Registry.
Step-by-step guidance
If you’ve already successfully run the
create-azure-resources.shscript discussed in the installation instructions, skip to step 2.
-
Create a container registry instance to build and save your container images.
Note: Skip this step if ./tools/create-azure-resources.sh runs succeed.
MYACR=acr$APPNAME$UNIQUEID az acr create \ -n $MYACR \ -g $RESOURCE_GROUP \ --sku Basic \ --admin-enabled true -
Create the identity that your container apps will use.
APPS_IDENTITY=uid-petclinic-$UNIQUEID az identity create --resource-group $RESOURCE_GROUP --name $APPS_IDENTITY --output json APPS_IDENTITY_ID=$(az identity show --resource-group $RESOURCE_GROUP --name $APPS_IDENTITY --query id --output tsv) APPS_IDENTITY_SP_ID=$(az identity show --resource-group $RESOURCE_GROUP --name $APPS_IDENTITY --query principalId --output tsv) -
Assign the user identity to your Azure Container Apps environment.
az containerapp env identity assign -g $RESOURCE_GROUP -n $ACA_ENVIRONMENT --user-assigned $APPS_IDENTITY_IDIn the Azure portal, go to your Container Apps environment, go to
Settings>Identity, and check the identity in theUser assignedtab. -
Grant the identity with the necessary privileges to pull images from your container registry.
ACR_ID=$(az acr show -n $MYACR -g $RESOURCE_GROUP --query id -o tsv) az role assignment create --assignee $APPS_IDENTITY_SP_ID --scope $ACR_ID --role acrpull