Azure Container Registry
This page shows how to write Terraform and Azure Resource Manager for Container Registry and write them securely.
azurerm_container_registry (Terraform)
The Registry in Container can be configured in Terraform with the resource name azurerm_container_registry
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_container_registry" "my_registry" {
name = "containerRegistry1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Premium"
admin_enabled = false
resource "azurerm_container_registry" "my_registry" {
name = "containerRegistry1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Premium"
admin_enabled = false
resource "azurerm_container_registry" "registry" {
count = var.georeplication_locations == [] ? 1 : 0
name = var.name
resource_group_name = azurerm_resource_group.group.name
location = azurerm_resource_group.group.location
resource "azurerm_container_registry" "acr_dev_ablunch2_aztech_kc" {
name = "acrdevablunch2aztechkc"
resource_group_name = data.azurerm_resource_group.rg_dev_lunch2_aztech_kc.name
location = var.location
sku = "Standard"
admin_enabled = true
resource "azurerm_container_registry" "acr" {
name = "containerRregistryScalableMicroservice"
resource_group_name = azurerm_resource_group.scalable_microservice.name
location = azurerm_resource_group.scalable_microservice.location
sku = "standard"
}
resource "azurerm_container_registry" "acr" {
name = join("", [var.project_name, "acr"])
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Basic"
admin_enabled = true
resource "azurerm_container_registry" "acr" {
name = var.container_registry_name
resource_group_name = var.product_resource_group_name
location = var.location
sku = var.container_registry_sku
resource "azurerm_container_registry" "main" {
location = var.az_location
name = replace(local.delphai_name, "-", "")
resource_group_name = azurerm_resource_group.main.name
admin_enabled = true
sku = "Premium"
resource "azurerm_container_registry" "acr" {
name = local.acr_name
resource_group_name = azurerm_resource_group.spoke.name
location = azurerm_resource_group.spoke.location
sku = "Premium"
admin_enabled = false
resource "azurerm_container_registry" "acr" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
sku = var.sku
admin_enabled = var.admin_enabled
Parameters
-
admin_enabled
optional - bool -
admin_password
optional computed - string -
admin_username
optional computed - string -
georeplication_locations
optional - set of string -
id
optional computed - string -
location
required - string -
login_server
optional computed - string -
name
required - string -
network_rule_set
optional computed - list of object-
default_action
- string -
ip_rule
- set of object -
virtual_network
- set of object
-
-
public_network_access_enabled
optional - bool -
quarantine_policy_enabled
optional - bool -
resource_group_name
required - string -
retention_policy
optional computed - list of object -
sku
optional - string -
storage_account_id
optional - string -
tags
optional - map from string to string -
trust_policy
optional computed - list of object-
enabled
- bool
-
-
timeouts
single block
Explanation in Terraform Registry
Manages an Azure Container Registry.
Note: All arguments including the access key will be stored in the raw state as plain-text. Read more about sensitive data in state.
Tips: Best Practices for The Other Azure Container Resources
In addition to the azurerm_kubernetes_cluster, Azure Container has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_kubernetes_cluster
Ensure to enable logging for AKS
It is better to enable AKS logging to Azure Monitoring. This provides useful information regarding access and usage.
Microsoft.ContainerRegistry/registries (Azure Resource Manager)
The registries in Microsoft.ContainerRegistry can be configured in Azure Resource Manager with the resource name Microsoft.ContainerRegistry/registries
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
Parameters
apiVersion
required - stringidentity
optionalprincipalId
optional - stringThe principal ID of resource identity.
tenantId
optional - stringThe tenant ID of resource.
type
optional - stringThe identity type.
userAssignedIdentities
optional - undefinedThe list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
location
required - stringThe location of the resource. This cannot be changed after the resource is created.
name
required - stringThe name of the container registry.
properties
requiredadminUserEnabled
optional - booleanThe value that indicates whether the admin user is enabled.
dataEndpointEnabled
optional - booleanEnable a single data endpoint per region for serving data.
encryption
optionalkeyVaultProperties
optionalidentity
optional - stringThe client id of the identity which will be used to access key vault.
keyIdentifier
optional - stringKey vault uri to access the encryption key.
status
optional - stringIndicates whether or not the encryption is enabled for container registry.
networkRuleBypassOptions
optional - stringWhether to allow trusted Azure services to access a network restricted registry.
networkRuleSet
optionaldefaultAction
required - stringThe default action of allow or deny when no other rules match.
ipRules
optional arrayaction
optional - stringThe action of IP ACL rule.
value
required - stringSpecifies the IP or IP range in CIDR format. Only IPV4 address is allowed.
policies
optionalexportPolicy
optionalstatus
optional - stringThe value that indicates whether the policy is enabled or not.
quarantinePolicy
optionalstatus
optional - stringThe value that indicates whether the policy is enabled or not.
retentionPolicy
optionaldays
optional - integerThe number of days to retain an untagged manifest after which it gets purged.
status
optional - stringThe value that indicates whether the policy is enabled or not.
trustPolicy
optionalstatus
optional - stringThe value that indicates whether the policy is enabled or not.
type
optional - stringThe type of trust policy.
publicNetworkAccess
optional - stringWhether or not public network access is allowed for the container registry.
zoneRedundancy
optional - stringWhether or not zone redundancy is enabled for this container registry.
sku
requiredname
required - stringThe SKU name of the container registry. Required for registry creation.
tags
optional - stringThe tags of the resource.
type
required - string
Frequently asked questions
What is Azure Container Registry?
Azure Container Registry is a resource for Container of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Container Registry?
For Terraform, the gilyas/infracost, infracost/infracost and DanielMabbett/terraform-azurerm-container-registry source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the scautomation/Azure-Inventory-Workbook, rb-cloud-guru/Azure_Dashboard and VJchand-star/Azure source code examples are useful. See the Azure Resource Manager Example section for further details.