Azure app service not pulling latest image from docker registry

Kevys
February 11, 2023
240 views
0 votes
2 Answers

I have a pipeline that publishes to my private Azure container registry but if I push a new image tagged with latest, my Azure app service does not pull the newly tagged latest image. I have Continuous deployment turned on via the DOCKER_ENABLE_CI app setting.

Additionally, I’m using a managed identity to authenticate with the ACR. I feel like the CD portion was working when I was using credentials to pull the image but after switching to managed identity it appears to have stopped. In order to get the new image I have to restart the app service which is not idea and makes this CD option useless…

Tags: azure

Answers

Chosen as BEST ANSWER
- Kevys
- March 10, 2023 at 6:22 pm
- 0 votes
0
Because I am an owner of the subscription I have permissions that allow the webhook to get created automatically if I manually set it up in the 'Deployment center' tab. But since my service principal is pretty locked down it doesn't have that same permissions thus the webhook can't get created. Instead I gave my SP explicit access to contribute to that ACR to create the webhook and in my Terraform code I can create the webhook. Credit goes to someone on Github who posted a way to create the service url.

My solution:
```
resource "azurerm_container_registry_webhook" "webhook" {
  count = var.environment != "s" ? 1 : 0

  # No dashes allowed in the name
  name                = "${replace(lower(azurerm_linux_web_app.main[0].name), "/\W|_|\s/", "")}webhook"
  resource_group_name = var.acr_resource_group
  location            = var.location
  registry_name       = var.acr_name

  service_uri = "https://${azurerm_linux_web_app.main[0].site_credential[0].name}:${azurerm_linux_web_app.main[0].site_credential[0].password}@${lower(azurerm_linux_web_app.main[0].name)}.scm.azurewebsites.net/docker/hook"
  status      = "enabled"
  scope       = "asdf/asdf:latest"
  actions     = ["push"]
  custom_headers = {
    "Content-Type" = "application/json"
  }
}
```

(Edit)

- MotiMalka
- February 12, 2023 at 11:01 pm
- 0 votes
0
When you enable Continuous deployment, App Service adds a webhook to your ACR to notify the web apps. The webhook causes your App Service app to restart and run the docker pull to get the updated image.

So, please go to your ACR, and under webhook, please check if there are running webhooks or not, if not you can create a webhook manually and see if the WebApp get the latest image in the following deployment.
source

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.