How to push a docker image to Azure container registry using terraform?

Question

I am a beginner in Terraform/Azure and I want to deploy a docker image in ACR using terraform but was unable to find internet solutions. So, if anybody knows how to deploy a docker image to an azure container registry using Terraform, please share. Tell me whether this is possible or not.

Answer 1

fixed it

provider "docker" {
      host = "unix:///var/run/docker.sock"
      registry_auth {
              address  = "https://acrtest.azurecr.io"
              username = "acrtest"
              password = "4hyrd/hf+ACRApCucP"
     }
    }
resource "docker_registry_image" "helloworld" {
          provider      = docker
          name          = docker_image.image.name
          keep_remotely = true
}
    
resource "docker_image" "image" {
         provider = docker
         name     = "acrtest.azurecr.io/helloworld:latest"
         build {
          context    = "https://github.com/AcordTest/repo.git#branch"
          dockerfile = "dockerDirinGithub/dockerfile"
        }
 }

Answer 2

Just figured this out with the docker_registry_image resource. I do not like using a null resource, since it requires a dependency to local system packages. Furthermore, I made it so that you can both deploy with local authentication as well as authentication with credentials stored as secret in a Github repository for example.

main.tf

terraform {
  required_version = ">= 1.1.7"

  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = ">= 2.16.0"
    }
  }

  backend "azurerm" {}
}

provider "docker" {
  // Used when deploying locally
  dynamic "registry_auth" {
    for_each = var.docker_config_file_path == "" ? [] : [1]
    content {
      address     = var.docker_registry_url
      config_file = pathexpand(var.docker_config_file_path)
    }
  }

  // Used when deploying from a build pipeline
  dynamic "registry_auth" {
    for_each = (var.docker_registry_username == "" || var.docker_registry_password == "") ? [] : [1]
    content {
      address  = var.docker_registry_url
      username = var.docker_registry_username
      password = var.docker_registry_password
    }
  }
}

resource "docker_registry_image" "image" {
  name          = "${var.docker_image_name}:${var.docker_image_tag}"
  keep_remotely = var.keep_remotely

  build {
    context    = var.docker_file_path
    build_args = var.build_args
  }
}

variables.tf

variable "docker_registry_url" {
  description = "Address of ACR container registry."
  type        = string
}

variable "docker_registry_username" {
  description = "Username for authenticating with the container registry. Required if docker_config_file_path is not set."
  type        = string
  default     = ""
}

variable "docker_registry_password" {
  description = "Password for authenticating with the container registry. Required if docker_config_file_path is not set."
  type        = string
  default     = ""
  sensitive   = true
}

variable "docker_config_file_path" {
  description = "Path to config.json containing docker configuration."
  type        = string
  default     = ""
}

variable "docker_image_name" {
  description = "Name of docker image to build."
  type        = string
}

variable "docker_image_tag" {
  description = "Tag to use for the docker image."
  type        = string
  default     = "latest"
}

variable "source_path" {
  description = "Path to folder containing application code"
  type        = string
  default     = null
}

variable "docker_file_path" {
  description = "Path to Dockerfile in source package"
  type        = string
}

variable "build_args" {
  description = "A map of Docker build arguments."
  type        = map(string)
  default     = {}
}

variable "keep_remotely" {
  description = "Whether to keep Docker image in the remote registry on destroy operation."
  type        = bool
  default     = false
}

Answer 3

You may use Terraform resource null_resource and execute your own logic in Terraform.

Example:

resource "azurerm_resource_group" "rg" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_container_registry" "acr" {
  name                     = "containerRegistry1"
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = azurerm_resource_group.rg.location
  sku                      = "Premium"
  admin_enabled            = true
  georeplication_locations = ["East US", "West Europe"]
}

resource "azurerm_azuread_application" "acr-app" {
  name = "acr-app"
}

resource "azurerm_azuread_service_principal" "acr-sp" {
  application_id = "${azurerm_azuread_application.acr-app.application_id}"
}

resource "azurerm_azuread_service_principal_password" "acr-sp-pass" {
  service_principal_id = "${azurerm_azuread_service_principal.acr-sp.id}"
  value                = "Password12"
  end_date             = "2022-01-01T01:02:03Z"
}

resource "azurerm_role_assignment" "acr-assignment" {
  scope                = "${azurerm_container_registry.acr.id}"
  role_definition_name = "Contributor"
  principal_id         = "${azurerm_azuread_service_principal_password.acr-sp-pass.service_principal_id}"
}

   resource "null_resource" "docker_push" {
      provisioner "local-exec" {
      command = <<-EOT
        docker login ${azurerm_container_registry.acr.login_server} 
        docker push ${azurerm_container_registry.acr.login_server}
      EOT
      }
    }