Develop Reference

Azure devops Pipelines: Cannot find Docker Image when Pushing to Azure Registry, 'tag ***/appname'

We build our docker image with a custom .sh file. Then we would like to push it to our azure registry. We have the following step in our azure pipeline:
- task: Docker#2
inputs:
containerRegistry: 'someazureregistry'
repository: 'appname'
command: 'push'
tags: 'latest'
The build is successfull, and as can be seen below it is registered in docker as appname:latest , however for some reason azure does not find it, and asks for an image with the tag ***/appname.
/usr/bin/docker images
/usr/bin/docker push ***/appname:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
appname latest f1e11b4fc19c Less than a second ago 680MB
ubuntu 20.04 a0ce5a295b63 7 days ago 72.8MB
...
The push refers to repository [***/appname]
An image does not exist locally with the tag: ***/appname
##[error]An image does not exist locally with the tag: ***/appname
We have tried different combinations of tags. What is azure expecting here?

It looks like you are building the Docker image separately. Please note that the container image needs to be tag locally for the private container registry before it can be pushed. As Shayki Abramczyk mentioned you need to build the image with containerRegistry.
To resolve this issue you must Tag the image using the "docker tag" command with the specific private container registry.
For example:
docker tag image youoregistryhost:port/xxx/image-name:latest
Besides, you can build and push the Docker image together in Azure DevOps pipeline. The following YAML file for your reference:
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: 'testacr'
imageRepository: 'appname'
containerRegistry: 'xxx.azurecr.io'
dockerfilePath: '$(Build.SourcesDirectory)/app/Dockerfile'
tag: 'latest'
system.debug : true
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
Of course you can also build and push the image separately in Azure DevOps pipeline like this:
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build an image for container registry
inputs:
containerRegistry: '$(dockerRegistryServiceConnection)'
repository: '$(imageRepository)'
command: 'build'
Dockerfile: '$(dockerfilePath)'
tags: 'latest'
- task: Docker#2
displayName: Push an image to container registry
inputs:
containerRegistry: '$(dockerRegistryServiceConnection)'
repository: '$(imageRepository)'
command: 'push'
tags: 'latest'

Container Instance with openVPN does not run correctly

I am trying to run a Azure Container Instance with openVPN inside to connect to an external site. I have now managed to make a setup where I use docker-compose to handle the setup.
The container works when I run it locally (with openvpn establishing a vpn connection), and the Azure DevOps pipeline also builds and push to Azure Container Registry.
BUT when I try to run a Container Instance on the image nothing happens, and if I try to run my script interactively I get an error stating basically that there is no connection.
Does anyone have an idea of how to solve this?
My azure-pipelines.yml look like this:
# Docker
# Build and push an image to Azure Container Registry
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- main
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: '*****************************'
imageRepository: 'getstatus'
containerRegistry: 'composeproject.azurecr.io'
dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile'
tag: '$(Build.BuildId)'
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- task: DockerCompose#0
inputs:
containerregistrytype: 'Azure Container Registry'
azureSubscription: 'Composeproject'
azureContainerRegistry: '{"loginServer":"composeprojectsrc.azurecr.io", "id" : "/subscriptions/*********************/resourceGroups/RG-ComposeprojectCloud/providers/Microsoft.ContainerRegistry/registries/composeprojectscr"}'
dockerComposeFile: '**/docker-compose.yml'
action: 'Run a Docker Compose command'
dockerComposeCommand: 'up -d'
In my docker file I run the following command which should make the openVPN connection:
CMD openvpn --config config/fremsyn.ovpn --daemon --auth-user-pass config/login.txt --askpass config/password.conf \
&& ["python3" , "src/cli/getStatus.py"]
And the docker-compose.yml like this:
version: "3.3"
services:
getstatus:
image: composeproject.azurecr.io/getstatus:v1
restart: always
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
- /etc/timezone:/etc/timezone:ro

How to run already deployed to azure app service container?

I use azure pipeline to build and deploy my docker container (ASP.Net core 3.1).
All steps finish successfully, I can see my container on Azure registry and App service portal pages. But seems like the instance is not running on App Service because I can see only "Starting page" which suggests me to deploy code and my swagger page returns 404.
So the question is: How to run already deployed by pipeline image?
My azure pipeline yml file:
# Docker
# Build a Docker image
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- master
resources:
- repo: self
variables:
tag: '$(Build.BuildId)'
stages:
- stage: Build
displayName: Build image
jobs:
- job: Build
displayName: Build
pool:
vmImage: ubuntu-latest
steps:
# run tests
- task: DotNetCoreCLI#2
displayName: Run tests
inputs:
command: test
projects: '**/*Tests/*.csproj'
arguments: '--configuration $(buildConfiguration)'
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: 'ProjectName'
dockerfile: '$(Build.SourcesDirectory)/ProjectName/API/Dockerfile'
buildContext: '$(Build.SourcesDirectory)/ProjectName/'
containerRegistry: AzureContainerRegistryConnection
tags: |
$(tag)
# Deploy stage to your App Service
- stage: Deploy
displayName: Deploy to App Service
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: ubuntu-latest
steps:
- task: AzureWebAppContainer#1
displayName: Deploy to App Service
inputs:
azureSubscription: 'my_free_subscription(my-subscription-id)'
appName: 'app-service'
containers: 'projectnamecontainerregistry.azurecr.io/RepositoryName:$(tag)'
UPD
I dunno mb it's a trouble with app service settings in terraform
resource "azurerm_app_service_plan" "app_service_plab" {
name = "app-service-plan"
location = azurerm_resource_group.store_group.location
resource_group_name = azurerm_resource_group.store_group.name
kind = "Linux"
sku {
tier = "FREE"
size = "S1"
}
}
resource "azurerm_app_service" "app_service" {
name = "app-service"
location = azurerm_resource_group.store_group.location
resource_group_name = azurerm_resource_group.store_group.name
app_service_plan_id = azurerm_app_service_plan.app_service_plab.id
}
UPD2
Started to use new deployment task AzureRmWebAppDeployment#4 and it does do something I can even see logs on app service machine now.
- stage: Deploy
displayName: Deploy to App Service
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: ubuntu-latest
steps:
- task: AzureRmWebAppDeployment#4
inputs:
ConnectionType: 'AzureRM'
azureSubscription: 'free_subscription(id)'
appType: 'webAppContainer'
WebAppName: 'app-service'
DockerNamespace: 'containerregistry.azurecr.io'
DockerRepository: 'myRepository'
DockerImageTag: $(tag)
StartupCommand: 'az acr login --password $(REGISTRY_PASSWORD_UNSECRET) --username $(REGISTRY_USERNAME_UNSECRET) --name (MyRegistry)containerregistry.azurecr.io && docker run'
appSettings: |
-CONNECTION_STRING $(CONNECTION_STRING_UNSECRET)
But seems like az acr login doesn't work :(
Now I'm getting such error
2020-09-19T19:29:08.498Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2020-09-19T19:34:00.826Z INFO - Pulling image from Docker hub: MyContainercontainerregistry.azurecr.io/MyRepo:85
2020-09-19T19:34:01.151Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://MyContainercontainerregistry.azurecr.io/v2/MyRepo/manifests/85: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}

Use docker run cmd.
Add the task Docker->delete the field cmd content and add the cmd run

Azure Devops kubectl task deployed image is with status ErrImagePull/ImagePullBackOff

I have created a deployment pipeline using Azure Devops through which I am building and pushing an image to Azure Container Registry.
In the next step I am deploying from ACR to an AKS cluster which I have created and attached to ACR using the following command:
az aks create -n HealthCareAKSCluster -g AKSCICDRG --generate-ssh-keys --attach-acr HealthCareAKSCICDACR
Following is my yaml code:
# Docker
# Build and push an image to Azure Container Registry
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- master
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: 'XXXXXXXXXX'
imageRepository: 'patientservice'
containerRegistry: 'healthcareakscicdacr.azurecr.io'
dockerfilePath: './PatientService/Dockerfile'
tag: '$(Build.BuildId)'
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- stage: Deploy
displayName: Deploy
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: $(vmImageName)
steps:
- task: Kubernetes#1
displayName: Deploy an image to AKS
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: 'XXXXXXX'
azureResourceGroup: 'AKSCICDRG'
kubernetesCluster: 'HealthCareAKSCluster'
command: 'apply'
arguments: '-f patientservice.yaml'
secretType: 'dockerRegistry'
containerRegistryType: 'Azure Container Registry'
The image is getting pushed to ACR successfully and Build step is running fine.
Even deploy step is running fine but when I do 'kubectl get pods' in my AKS cluster I am getting the pod status as ImagePullBackOff or ErrImagePull.
When I did 'kubectl describe pod' I am getting the following message:
Failed to pull image "patientservice": rpc error: code = Unknown desc
= Error response from daemon: pull access denied for patientservice, repository does not exist or may require 'docker login': denied:
requested access to the resource is denied
Please help as to how can I deploy a proper image.

The issue was in patientservice.yaml file. I overlooked it. Previously image had only the name of the service.I added the following to the image in patientservice.yaml:
image: healthcareakscicdacr.azurecr.io/patientservice:latest
The deployment worked fine.

Azure DevOps Service Connection does not work with custom job

In Azure Devops I am able to create an ACR Service Connection and use the Docker#2 task to login, build and push an image - as part of the first job of my pipeline.
In the second job of my pipeline I want to use the image I built in the first job and run some stuff inside it. However even though I supply the service connection name(the same as first job) my pipeline keeps failing with 'docker login': denied: requested access to the resource is denied.
How can I make this work with using the Service Connection that works just fine for the 1st job?
- job: BuildDockerImage
pool:
vmImage: 'ubuntu-16.04'
steps:
- task: Docker#2
displayName: Build /push image
inputs:
command: buildAndPush
repository: XYZ
dockerfile: Dockerfile
containerRegistry: ABC
tags: |
$(Build.SourceVersion)
- job: TestCode
dependsOn: BuildDockerImage
condition: succeeded()
timeoutInMinutes: 200
pool:
vmImage: 'ubuntu-16.04'
container:
image: ABC/XYZ:$(Build.SourceVersion)

For this issue , it could be the lack of endpoint parameter.
Containers can be hosted on registries other than Docker Hub. To host an image on Azure Container Registry or another private container registry, add a service connection to the private registry. Then you can reference it in a container spec:
container:
image: myprivate/registry:xxx
endpoint: private_dockerhub_connection
Here is a document you can refer to .