[英]Access azure container registry (ACR) by role assignment for azure app service in Terraform
I have a azure app service that is provisioned by Terraform.我有一个由 Terraform 提供的 azure 应用服务。 The app service fires up the docker image from Azure ACR there fore it need to access the ACR.应用服务从 Azure ACR 启动 docker 映像,因此它需要访问 ACR。 I'm currently using the password and login name method in my Terraform configuration.我目前在 Terraform 配置中使用密码和登录名方法。 How can I make the azure app service to access the ACR by service principle role assignment in Terraform?如何通过 Terraform 中的服务主体角色分配使 azure 应用服务访问 ACR?
resource "azurerm_app_service" "tf_app_service" {
name = var.application_name
location = azurerm_resource_group.tf_resource_group.location
resource_group_name = azurerm_resource_group.tf_resource_group.name
app_service_plan_id = azurerm_app_service_plan.tf_service_plan.id
site_config {
always_on = true
linux_fx_version = "DOCKER|${var.acr_name}.azurecr.io/${var.img_repo_name}:${var.tag}"
}
// How to use role assignment?
app_settings = {
DOCKER_REGISTRY_SERVER_URL = // need to avoid docker URL
WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
DOCKER_REGISTRY_SERVER_USERNAME = // need to avoid user name
DOCKER_REGISTRY_SERVER_PASSWORD = // need to avoid PW
}
identity {
type = "SystemAssigned"
}
tags = {
environment = var.environment
DeployedBy = "terraform"
}
}
The steps to use a Service Principle to access ACR are lined out here . 此处列出了使用服务原则访问 ACR 的步骤。
So to do the same in Terraform, you need to first create a new service principle .所以要在 Terraform 中做同样的事情,你需要首先创建一个新的服务原则。 Then assign a password to it.然后为其分配密码。 Afterwards you should be able to use those two to fill the app settings of your app service.之后您应该可以使用这两个来填充您的应用服务的应用设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.