Webapp:az webapp create - doesn't support using managed identity creds for ACR pulls
See original GitHub issue
az feedback
auto-generates most of the information requested below, as of CLI version 2.0.62
Describe the bug
az webapp create doesn’t have arguments to support using managed identity creds for ACR pulls (linux)
To Reproduce
n/a: there are not options to specify a managed identity for acr pulls docs are here (they don’t work): https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image#configure-app-service-to-deploy-the-image-from-the-registry
Expected behavior
az webapp create -UseMiCredsWithAcr [true/false] -UserMiCredsForAcr [user managed identity client id] (or something similar)
Environment summary
Additional context
3 situations: Not using Managed Identity Creds for ACR pulls, Using system MI creds for ACR pulls, Using user MI creds for ACR pulls
Not using Managed Identity Creds for ACR pulls) AcrUseManagedIdentityCreds:False; AcrUserManagedIdentityID:null
Using system MI creds for ACR pulls) AcrUseManagedIdentityCreds:True; AcrUserManagedIdentityID:null
Using user MI creds for ACR pulls) AcrUseManagedIdentityCreds:True; AcrUserManagedIdentityID:“{UserManagedIdentity.ClientId}” *the specific clientID of the Managed Identity the customer wished to be used
*In both cases (system or user MI), a customer use the Identity tab to add a Managed Identity for this to work *In both cases, a customer must grant this Identity ARCPull permissions to the Azure Container Repo
Issue Analytics
- State:
- Created 3 years ago
- Reactions:3
- Comments:8 (4 by maintainers)
Top GitHub Comments
We don’t support setting this up through create, but this can be done after the resource already exists, here is documentation:
Please make sure you test against Windows Containers on App Service as the backend support for pulling with MSI is also ready