Container Apps Pull Image using an Azure Service Principal

2 minute read | By Keegan D'Souza

This post will go over how to use a service principal to pull an image to your Container App.

Overview

In most cases pulling using system or user managed identity is the recommended to authenicate with your ACR.

We suggest you follow the authenication method listed in the documentation below.

This blog details the scenario where you are required to use a service princial by your organization.

Please follow the instructions from the below documentation.

Create a service principal
Please take notes of the following values, before proceeding to the next steps.

Azure Container Registry HostName

Example: myazcrname.azurecr.io

Service Prinical App ID

Example: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Service Prinical Secret

Example: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Image Name and Tag

Example: myimagename:latest

Naviate to your container app, if you do not have an existing container app please go ahead and follow the below documentation in order to create one.

Quickstart: Deploy your first container app using the Azure portal
Naviate to the Revisions and Replica section, under the Application Drop Down menu.
Select the Create a new revision option.
Click on the container image that needs to be updated.
Select the Docker Hub or other registries radio button. Then select private.
In the Registry login server click Add new.

In the Login server field enter your Azure Container Registry Host Name. 🔗

In the Registry user name enter your Application ID of the service princial.🔗

In the Registry password, enter your Service Principal Secret.🔗

Hit the Add button.
In the Image and tag field enter your image name and tag of the image you would like to pull from the contianer registry.🔗
Make sure to hit Save, to change the container settings. Then hit Create when you are ready to create the revision.