I am using this container app resource to create an Azure Container App using an image from an Azure Container Registry that I deployed.
The resource is declared as follows:
variable "bet-api-target-port" {
description = "Port for the bet-api service"
type = number
}
resource "azurerm_container_app" "bet_api" {
name = "bet-api"
container_app_environment_id = data.azurerm_container_app_environment.app_env.id
resource_group_name = data.azurerm_resource_group.main_group.name
revision_mode = "Single"
secret {
name = "registry-password"
value = data.azurerm_container_registry.main_registry.admin_password
}
secret {
name = lower(data.azurerm_key_vault_secret.odds_api_key.name)
key_vault_secret_id = data.azurerm_key_vault_secret.odds_api_key.id
identity = "System"
}
secret {
name = lower(data.azurerm_key_vault_secret.cosmos_db_connection_string.name)
key_vault_secret_id = data.azurerm_key_vault_secret.cosmos_db_connection_string.id
identity = "System"
}
secret {
name = lower(data.azurerm_key_vault_secret.cosmos_db_database.name)
key_vault_secret_id = data.azurerm_key_vault_secret.cosmos_db_database.id
identity = "System"
}
registry {
server = data.azurerm_container_registry.main_registry.login_server
username = data.azurerm_container_registry.main_registry.admin_username
password_secret_name = "registry-password"
}
template {
min_replicas = 1
max_replicas = 5
# Total CPU and memory for all containers defined in a Container App must add up to one of the following CPU - Memory combinations: [cpu: 0.25, memory: 0.5Gi]; [cpu: 0.5, memory: 1.0Gi]; [cpu: 0.75, memory: 1.5Gi]; [cpu: 1.0, memory: 2.0Gi]; [cpu: 1.25, memory: 2.5Gi]; [cpu: 1.5, memory: 3.0Gi]; [cpu: 1.75, memory: 3.5Gi]; [cpu: 2.0, memory: 4.0Gi]
container {
image = "${data.azurerm_container_registry.main_registry.login_server}/fantanba/bet_api:latest"
memory = "2Gi"
cpu = 1
name = "bet-api-image"
env {
name = "ODDS_API_KEY"
secret_name = lower(data.azurerm_key_vault_secret.odds_api_key.name)
}
env {
name = "COSMOSDB_CONNECTION_STRING"
secret_name = lower(data.azurerm_key_vault_secret.cosmos_db_connection_string.name)
}
env {
name = "COSMOSDB_DATABASE"
secret_name = lower(data.azurerm_key_vault_secret.cosmos_db_database.name)
}
}
}
ingress {
external_enabled = true
target_port = var.bet-api-target-port
transport = "http"
traffic_weight {
percentage = 100
}
}
}
Some secrets in the resource declaration use information from a separate key vault data source that is declared in another tf script but can be ignored for the purpose of this issue.
The issue that I am having is related to the usage of a personal azure container registry specified using the registry block, I am using password authentication due to some restrictions imposed on my azure account.
When I try to deploy this resource the run goes one for 10 minutes exactly then the following error is shown:
{"id":"/subscriptions/xxxxxxxxx/providers/Microsoft.App/locations/westeurope/containerappOperationStatuses/xxxxxxxx","name":"xxxxxxx","status":"Failed","error":{"code":"ContainerAppOperationError","message":"Failed to provision revision for container app 'bet-api'. Error details: Operation expired."},"startTime":"2024-07-12T18:28:08.0466874"}
When I try to deploy an example container app with hello world image it does not fail like this.
Sadly I do not have any additional informations about the issue, I can only confirm that:
- all the data used by the secrets is being retrieved correctly (such as the registry password) because I checked the values in seperate runs.
- the Container App resource is actually created as I can see from Azure Portal but it does not have any container
- creating the same container app (with the same settings and the same image and registry) is successful when using Azure Portal
Does anyone know what could be the issue?