Menu
Deployed an Azure App service for Containers with a custom image (from Centos 7 base image). Based on the following documentation There is an environment variable that should be set by Azure and used for creating the REST API request to obtain an access token:
However, when checking inside the container, this variable is not set:
[root@f22dfd74be31 ~]# echo $IDENTITY_ENDPOINT
(empty result here)
I've also tried to invoke az cli, which fails as well:
[root@f22dfd74be31 ~]# az login -i
AzureConnectionError: Failed to connect to MSI. Please make sure MSI is configured correctly
and check the network connection.
Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with
url: /metadata/identity/oauth2/token?resource=https%3
A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by
NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f9e0c4
c72e8>: Failed to establish a new connection: [Errno 110] Connection timed out',))
I've successfully used managed identity with both Virtual machines and App Service (code deployment not containers), is it supported with App Service for containers, with custom containers?
947
asked Oct 14 '25 13:10
When working with App service for containers the "platform" environment variables, including managed identity and app settings are only available when the container is initialized. In order to make these variables accessible from the container, the following line must be incorporated in the container startup script (called from Dockerfile ENTRYPOINT):
eval $(printenv | sed -n "s/^\([^=]\+\)=\(.*\)$/export \1=\2/p" | sed 's/"/\\\"/g' | sed '/=/s//="/' | sed 's/$/"/' >> /etc/profile)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With