Azure Container Apps ARM and YAML template specifications
Azure Container Apps deployments are powered by an Azure Resource Manager (ARM) template. Some Container Apps CLI commands also support using a YAML template to specify a resource.
This article includes examples of the ARM and YAML configurations for frequently used Container Apps resources. For a complete list of Container Apps resources see Azure Resource Manager templates for Container Apps. The code listed in this article is for example purposes only. For full schema and type information, see the JSON definitions for your required API version.
API versions
The latest management API versions for Azure Container Apps are:
2024-03-01
(stable)2024-10-02-preview
(preview)
To learn more about the differences between API versions, see Microsoft.App change log.
Updating API versions
To use a specific API version in ARM or Bicep, update the version referenced in your templates. To use the latest API version in Azure CLI or Azure PowerShell, update them to the latest version.
Update Azure CLI and the Azure Container Apps extension by running the following commands:
az upgrade
az extension add -n containerapp --upgrade
To update Azure PowerShell, see How to install Azure PowerShell.
To programmatically manage Azure Container Apps with the latest API version, use the latest versions of the management SDK:
Container Apps environment
The following tables describe commonly used properties available in the Container Apps environment resource. For a complete list of properties, see Azure Container Apps REST API reference.
Resource
A Container Apps environment resource includes the following properties:
Property | Description | Data type | Read only |
---|---|---|---|
daprAIInstrumentationKey |
The Application Insights instrumentation key used by Dapr. | string | No |
appLogsConfiguration |
The environment's logging configuration. | Object | No |
peerAuthentication |
How to enable mTLS encryption. | Object | No |
Examples
The following example ARM template snippet deploys a Container Apps environment.
Note
The commands to create container app environments don't support YAML configuration input.
{
"location": "East US",
"properties": {
"appLogsConfiguration": {
"logAnalyticsConfiguration": {
"customerId": "string",
"sharedKey": "string"
}
},
"zoneRedundant": true,
"vnetConfiguration": {
"infrastructureSubnetId": "/subscriptions/<subscription_id>/resourceGroups/RGName/providers/Microsoft.Network/virtualNetworks/VNetName/subnets/subnetName1"
},
"customDomainConfiguration": {
"dnsSuffix": "www.my-name.com",
"certificateValue": "Y2VydA==",
"certificatePassword": "1234"
},
"workloadProfiles": [
{
"name": "My-GP-01",
"workloadProfileType": "GeneralPurpose",
"minimumCount": 3,
"maximumCount": 12
},
{
"name": "My-MO-01",
"workloadProfileType": "MemoryOptimized",
"minimumCount": 3,
"maximumCount": 6
},
{
"name": "My-CO-01",
"workloadProfileType": "ComputeOptimized",
"minimumCount": 3,
"maximumCount": 6
},
{
"name": "My-consumption-01",
"workloadProfileType": "Consumption"
}
],
"infrastructureResourceGroup": "myInfrastructureRgName"
}
}
Container app
The following tables describe the commonly used properties in the container app resource. For a complete list of properties, see Azure Container Apps REST API reference.
Resource
A container app resource's properties
object includes the following properties:
Property | Description | Data type | Read only |
---|---|---|---|
provisioningState |
The state of a long running operation, for example when new container revision is created. Possible values include: provisioning, provisioned, failed. Check if app is up and running. | string | Yes |
environmentId |
The environment ID for your container app. This is a required property to create a container app. If you're using YAML, you can specify the environment ID using the --environment option in the Azure CLI instead. |
string | No |
latestRevisionName |
The name of the latest revision. | string | Yes |
latestRevisionFqdn |
The latest revision's URL. | string | Yes |
The environmentId
value takes the following form:
/subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.App/environmentId/<ENVIRONMENT_NAME>
In this example, you put your values in place of the placeholder tokens surrounded by <>
brackets.
properties.configuration
A resource's properties.configuration
object includes the following properties:
Property | Description | Data type |
---|---|---|
activeRevisionsMode |
Setting to single automatically deactivates old revisions, and only keeps the latest revision active. Setting to multiple allows you to maintain multiple revisions. |
string |
secrets |
Defines secret values in your container app. | object |
ingress |
Object that defines public accessibility configuration of a container app. | object |
registries |
Configuration object that references credentials for private container registries. Entries defined with secretref reference the secrets configuration object. |
object |
dapr |
Configuration object that defines the Dapr settings for the container app. | object |
Changes made to the configuration
section are application-scope changes, which doesn't trigger a new revision.
properties.template
A resource's properties.template
object includes the following properties:
Property | Description | Data type |
---|---|---|
revisionSuffix |
A friendly name for a revision. This value must be unique as the runtime rejects any conflicts with existing revision name suffix values. | string |
containers |
Configuration object that defines what container images are included in the container app. | object |
scale |
Configuration object that defines scale rules for the container app. | object |
Changes made to the template
section are revision-scope changes, which triggers a new revision.
Examples
For details on health probes, refer to Health probes in Azure Container Apps.
The following example ARM template snippet deploys a container app.
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/<subscription_id>/resourcegroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-user": {
}
},
"type": "UserAssigned"
},
"properties": {
"environmentId": "/subscriptions/<subscription_id>/resourceGroups/rg/providers/Microsoft.App/managedEnvironments/demokube",
"workloadProfileName": "My-GP-01",
"configuration": {
"ingress": {
"external": true,
"targetPort": 3000,
"customDomains": [
{
"name": "www.my-name.com",
"bindingType": "SniEnabled",
"certificateId": "/subscriptions/<subscription_id>/resourceGroups/rg/providers/Microsoft.App/managedEnvironments/demokube/certificates/my-certificate-for-my-name-dot-com"
},
{
"name": "www.my-other-name.com",
"bindingType": "SniEnabled",
"certificateId": "/subscriptions/<subscription_id>/resourceGroups/rg/providers/Microsoft.App/managedEnvironments/demokube/certificates/my-certificate-for-my-other-name-dot-com"
}
],
"traffic": [
{
"weight": 100,
"revisionName": "testcontainerApp0-ab1234",
"label": "production"
}
],
"ipSecurityRestrictions": [
{
"name": "Allow work IP A subnet",
"description": "Allowing all IP's within the subnet below to access containerapp",
"ipAddressRange": "192.168.1.1/32",
"action": "Allow"
},
{
"name": "Allow work IP B subnet",
"description": "Allowing all IP's within the subnet below to access containerapp",
"ipAddressRange": "192.168.1.1/8",
"action": "Allow"
}
],
"stickySessions": {
"affinity": "sticky"
},
"clientCertificateMode": "accept",
"corsPolicy": {
"allowedOrigins": [
"https://a.test.com",
"https://b.test.com"
],
"allowedMethods": [
"GET",
"POST"
],
"allowedHeaders": [
"HEADER1",
"HEADER2"
],
"exposeHeaders": [
"HEADER3",
"HEADER4"
],
"maxAge": 1234,
"allowCredentials": true
}
},
"dapr": {
"enabled": true,
"appPort": 3000,
"appProtocol": "http",
"httpReadBufferSize": 30,
"httpMaxRequestSize": 10,
"logLevel": "debug",
"enableApiLogging": true
},
"maxInactiveRevisions": 10,
"service": {
"type": "redis"
}
},
"template": {
"containers": [
{
"image": "repo/testcontainerApp0:v1",
"name": "testcontainerApp0",
"probes": [
{
"type": "Liveness",
"httpGet": {
"path": "/health",
"port": 8080,
"httpHeaders": [
{
"name": "Custom-Header",
"value": "Awesome"
}
]
},
"initialDelaySeconds": 3,
"periodSeconds": 3
}
],
"volumeMounts": [
{
"mountPath": "/myempty",
"volumeName": "myempty"
},
{
"mountPath": "/myfiles",
"volumeName": "azure-files-volume"
},
{
"mountPath": "/mysecrets",
"volumeName": "mysecrets"
}
],
"env": [
{
"name": "non-secret-env-var",
"value": "non-secret env var value"
},
{
"name": "secret-env-var",
"secretRef": "mysecret"
}
]
}
],
"initContainers": [
{
"image": "repo/testcontainerApp0:v4",
"name": "testinitcontainerApp0",
"resources": {
"cpu": 0.2,
"memory": "100Mi"
},
"command": [
"/bin/sh"
],
"args": [
"-c",
"while true; do echo hello; sleep 10;done"
],
"env": [
{
"name": "non-secret-env-var",
"value": "non-secret env var value"
},
{
"name": "secret-env-var",
"secretRef": "mysecret"
}
]
}
],
"scale": {
"minReplicas": 1,
"maxReplicas": 5,
"rules": [
{
"name": "httpscalingrule",
"custom": {
"type": "http",
"metadata": {
"concurrentRequests": "50"
}
}
}
]
},
"volumes": [
{
"name": "myempty",
"storageType": "EmptyDir"
},
{
"name": "azure-files-volume",
"storageType": "AzureFile",
"storageName": "myazurefiles"
},
{
"name": "mysecrets",
"storageType": "Secret",
"secrets": [
{
"secretRef": "mysecret",
"path": "mysecret.txt"
}
]
}
],
"serviceBinds": [
{
"serviceId": "/subscriptions/<subscription_id>/resourceGroups/rg/providers/Microsoft.App/containerApps/redisService",
"name": "redisService"
}
]
}
}
}
Container Apps job
The following tables describe the commonly used properties in the Container Apps job resource. For a complete list of properties, see Azure Container Apps REST API reference.
Resource
A Container Apps job resource's properties
object includes the following properties:
Property | Description | Data type | Read only |
---|---|---|---|
environmentId |
The environment ID for your Container Apps job. This property is required to create a Container Apps job. If you're using YAML, you can specify the environment ID using the --environment option in the Azure CLI instead. |
string | No |
The environmentId
value takes the following form:
/subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.App/environmentId/<ENVIRONMENT_NAME>
In this example, you put your values in place of the placeholder tokens surrounded by <>
brackets.
properties.configuration
A resource's properties.configuration
object includes the following properties:
Property | Description | Data type |
---|---|---|
triggerType |
The type of trigger for a Container Apps job. For specific configuration for each trigger type, see Jobs trigger types | string |
replicaTimeout |
The timeout in seconds for a Container Apps job. | integer |
replicaRetryLimit |
The number of times to retry a Container Apps job. | integer |
properties.template
A resource's properties.template
object includes the following properties:
Property | Description | Data type |
---|---|---|
containers |
Configuration object that defines what container images are included in the job. | object |
scale |
Configuration object that defines scale rules for the job. | object |
Examples
The following example ARM template snippet deploys a Container Apps job.
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/<subscription_id>/resourcegroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-user": {
}
},
"type": "UserAssigned"
},
"properties": {
"environmentId": "/subscriptions/<subscription_id>/resourceGroups/rg/providers/Microsoft.App/managedEnvironments/demokube",
"configuration": {
"replicaTimeout": 10,
"replicaRetryLimit": 10,
"manualTriggerConfig": {
"replicaCompletionCount": 1,
"parallelism": 4
},
"triggerType": "Manual"
},
"template": {
"containers": [
{
"image": "repo/testcontainerAppsJob0:v1",
"name": "testcontainerAppsJob0",
"probes": [
{
"type": "Liveness",
"httpGet": {
"path": "/health",
"port": 8080,
"httpHeaders": [
{
"name": "Custom-Header",
"value": "Awesome"
}
]
},
"initialDelaySeconds": 5,
"periodSeconds": 3
}
],
"volumeMounts": [
{
"mountPath": "/myempty",
"volumeName": "myempty"
},
{
"mountPath": "/myfiles",
"volumeName": "azure-files-volume"
},
{
"mountPath": "/mysecrets",
"volumeName": "mysecrets"
}
]
}
],
"initContainers": [
{
"image": "repo/testcontainerAppsJob0:v4",
"name": "testinitcontainerAppsJob0",
"resources": {
"cpu": 0.2,
"memory": "100Mi"
},
"command": [
"/bin/sh"
],
"args": [
"-c",
"while true; do echo hello; sleep 10;done"
]
}
],
"volumes": [
{
"name": "myempty",
"storageType": "EmptyDir"
},
{
"name": "azure-files-volume",
"storageType": "AzureFile",
"storageName": "myazurefiles"
},
{
"name": "mysecrets",
"storageType": "Secret",
"secrets": [
{
"secretRef": "mysecret",
"path": "mysecret.txt"
}
]
}
]
}
}
}