Microsoft.App containerApps 2022-01-01-preview

Bicep resource definition

The containerApps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.App/containerApps@2022-01-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  properties: {
    configuration: {
      activeRevisionsMode: 'string'
      dapr: {
        appId: 'string'
        appPort: int
        appProtocol: 'string'
        enabled: bool
      }
      ingress: {
        allowInsecure: bool
        customDomains: [
          {
            bindingType: 'string'
            certificateId: 'string'
            name: 'string'
          }
        ]
        external: bool
        targetPort: int
        traffic: [
          {
            latestRevision: bool
            revisionName: 'string'
            weight: int
          }
        ]
        transport: 'string'
      }
      registries: [
        {
          passwordSecretRef: 'string'
          server: 'string'
          username: 'string'
        }
      ]
      secrets: [
        {
          name: 'string'
          value: 'string'
        }
      ]
    }
    managedEnvironmentId: 'string'
    template: {
      containers: [
        {
          args: [
            'string'
          ]
          command: [
            'string'
          ]
          env: [
            {
              name: 'string'
              secretRef: 'string'
              value: 'string'
            }
          ]
          image: 'string'
          name: 'string'
          probes: [
            {
              failureThreshold: int
              httpGet: {
                host: 'string'
                httpHeaders: [
                  {
                    name: 'string'
                    value: 'string'
                  }
                ]
                path: 'string'
                port: int
                scheme: 'string'
              }
              initialDelaySeconds: int
              periodSeconds: int
              successThreshold: int
              tcpSocket: {
                host: 'string'
                port: int
              }
              terminationGracePeriodSeconds: int
              timeoutSeconds: int
              type: 'string'
            }
          ]
          resources: {
            cpu: json('decimal-as-string')
            memory: 'string'
          }
          volumeMounts: [
            {
              mountPath: 'string'
              volumeName: 'string'
            }
          ]
        }
      ]
      revisionSuffix: 'string'
      scale: {
        maxReplicas: int
        minReplicas: int
        rules: [
          {
            azureQueue: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              queueLength: int
              queueName: 'string'
            }
            custom: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              metadata: {
                {customized property}: 'string'
              }
              type: 'string'
            }
            http: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              metadata: {
                {customized property}: 'string'
              }
            }
            name: 'string'
          }
        ]
      }
      volumes: [
        {
          name: 'string'
          storageName: 'string'
          storageType: 'string'
        }
      ]
    }
  }
}

Property values

containerApps

Name Description Value
name The resource name string (required)

Character limit: 2-32

Valid characters:
Lowercase letters, numbers, and hyphens..

Start with letter and end with alphanumeric.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
properties ContainerApp resource specific properties ContainerAppProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
managedEnvironmentId Resource ID of the Container App's environment. string
template Container App versioned application definition. Template

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active. If no value if provided, this is the default{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode{/item}{/list}
'Multiple'
'Single'
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http 'grpc'
'http'
enabled Boolean indicating if the Dapr side car is enabled bool

Ingress

Name Description Value
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
external Bool indicating if app exposes an external http endpoint bool
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol 'auto'
'http'
'http2'

CustomDomain

Name Description Value
bindingType Custom Domain binding type. 'Disabled'
'SniEnabled'
certificateId Resource Id of the Certificate to be bound to this hostname. string
name Hostname. string (required)

TrafficWeight

Name Description Value
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

RegistryCredentials

Name Description Value
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Secret

Name Description Value
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
volumes List of volume definitions for the Container App. Volume[]

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. 'Liveness'
'Readiness'
'Startup'

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. 'HTTP'
'HTTPS'

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 To specify a decimal value, use the json() function. int or json decimal
memory Required memory, e.g. "250Mb" string

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
volumeName This must match the Name of a Volume. string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

ScaleRuleAuth

Name Description Value
secretRef Name of the Container App secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value
{customized property} string

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value
{customized property} string

Volume

Name Description Value
name Volume name. string
storageName Name of storage resource. No need to provide for EmptyDir. string
storageType Storage type for the volume. If not provided, use EmptyDir. 'AzureFile'
'EmptyDir'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

ARM template resource definition

The containerApps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following JSON to your template.

{
  "type": "Microsoft.App/containerApps",
  "apiVersion": "2022-01-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {}
    }
  },
  "properties": {
    "configuration": {
      "activeRevisionsMode": "string",
      "dapr": {
        "appId": "string",
        "appPort": "int",
        "appProtocol": "string",
        "enabled": "bool"
      },
      "ingress": {
        "allowInsecure": "bool",
        "customDomains": [
          {
            "bindingType": "string",
            "certificateId": "string",
            "name": "string"
          }
        ],
        "external": "bool",
        "targetPort": "int",
        "traffic": [
          {
            "latestRevision": "bool",
            "revisionName": "string",
            "weight": "int"
          }
        ],
        "transport": "string"
      },
      "registries": [
        {
          "passwordSecretRef": "string",
          "server": "string",
          "username": "string"
        }
      ],
      "secrets": [
        {
          "name": "string",
          "value": "string"
        }
      ]
    },
    "managedEnvironmentId": "string",
    "template": {
      "containers": [
        {
          "args": [ "string" ],
          "command": [ "string" ],
          "env": [
            {
              "name": "string",
              "secretRef": "string",
              "value": "string"
            }
          ],
          "image": "string",
          "name": "string",
          "probes": [
            {
              "failureThreshold": "int",
              "httpGet": {
                "host": "string",
                "httpHeaders": [
                  {
                    "name": "string",
                    "value": "string"
                  }
                ],
                "path": "string",
                "port": "int",
                "scheme": "string"
              },
              "initialDelaySeconds": "int",
              "periodSeconds": "int",
              "successThreshold": "int",
              "tcpSocket": {
                "host": "string",
                "port": "int"
              },
              "terminationGracePeriodSeconds": "int",
              "timeoutSeconds": "int",
              "type": "string"
            }
          ],
          "resources": {
            "cpu": "[json('decimal-as-string')]",
            "memory": "string"
          },
          "volumeMounts": [
            {
              "mountPath": "string",
              "volumeName": "string"
            }
          ]
        }
      ],
      "revisionSuffix": "string",
      "scale": {
        "maxReplicas": "int",
        "minReplicas": "int",
        "rules": [
          {
            "azureQueue": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "queueLength": "int",
              "queueName": "string"
            },
            "custom": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "metadata": {
                "{customized property}": "string"
              },
              "type": "string"
            },
            "http": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "metadata": {
                "{customized property}": "string"
              }
            },
            "name": "string"
          }
        ]
      },
      "volumes": [
        {
          "name": "string",
          "storageName": "string",
          "storageType": "string"
        }
      ]
    }
  }
}

Property values

containerApps

Name Description Value
type The resource type 'Microsoft.App/containerApps'
apiVersion The resource api version '2022-01-01-preview'
name The resource name string (required)

Character limit: 2-32

Valid characters:
Lowercase letters, numbers, and hyphens..

Start with letter and end with alphanumeric.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
properties ContainerApp resource specific properties ContainerAppProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
managedEnvironmentId Resource ID of the Container App's environment. string
template Container App versioned application definition. Template

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active. If no value if provided, this is the default{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode{/item}{/list}
'Multiple'
'Single'
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http 'grpc'
'http'
enabled Boolean indicating if the Dapr side car is enabled bool

Ingress

Name Description Value
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
external Bool indicating if app exposes an external http endpoint bool
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol 'auto'
'http'
'http2'

CustomDomain

Name Description Value
bindingType Custom Domain binding type. 'Disabled'
'SniEnabled'
certificateId Resource Id of the Certificate to be bound to this hostname. string
name Hostname. string (required)

TrafficWeight

Name Description Value
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

RegistryCredentials

Name Description Value
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Secret

Name Description Value
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
volumes List of volume definitions for the Container App. Volume[]

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. 'Liveness'
'Readiness'
'Startup'

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. 'HTTP'
'HTTPS'

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 To specify a decimal value, use the json() function. int or json decimal
memory Required memory, e.g. "250Mb" string

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
volumeName This must match the Name of a Volume. string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

ScaleRuleAuth

Name Description Value
secretRef Name of the Container App secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value
{customized property} string

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value
{customized property} string

Volume

Name Description Value
name Volume name. string
storageName Name of storage resource. No need to provide for EmptyDir. string
storageType Storage type for the volume. If not provided, use EmptyDir. 'AzureFile'
'EmptyDir'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

Terraform (AzAPI provider) resource definition

The containerApps resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.App/containerApps@2022-01-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  identity {
    type = "string"
    identity_ids = []
  }
  body = jsonencode({
    properties = {
      configuration = {
        activeRevisionsMode = "string"
        dapr = {
          appId = "string"
          appPort = int
          appProtocol = "string"
          enabled = bool
        }
        ingress = {
          allowInsecure = bool
          customDomains = [
            {
              bindingType = "string"
              certificateId = "string"
              name = "string"
            }
          ]
          external = bool
          targetPort = int
          traffic = [
            {
              latestRevision = bool
              revisionName = "string"
              weight = int
            }
          ]
          transport = "string"
        }
        registries = [
          {
            passwordSecretRef = "string"
            server = "string"
            username = "string"
          }
        ]
        secrets = [
          {
            name = "string"
            value = "string"
          }
        ]
      }
      managedEnvironmentId = "string"
      template = {
        containers = [
          {
            args = [
              "string"
            ]
            command = [
              "string"
            ]
            env = [
              {
                name = "string"
                secretRef = "string"
                value = "string"
              }
            ]
            image = "string"
            name = "string"
            probes = [
              {
                failureThreshold = int
                httpGet = {
                  host = "string"
                  httpHeaders = [
                    {
                      name = "string"
                      value = "string"
                    }
                  ]
                  path = "string"
                  port = int
                  scheme = "string"
                }
                initialDelaySeconds = int
                periodSeconds = int
                successThreshold = int
                tcpSocket = {
                  host = "string"
                  port = int
                }
                terminationGracePeriodSeconds = int
                timeoutSeconds = int
                type = "string"
              }
            ]
            resources = {
              cpu = "decimal-as-string"
              memory = "string"
            }
            volumeMounts = [
              {
                mountPath = "string"
                volumeName = "string"
              }
            ]
          }
        ]
        revisionSuffix = "string"
        scale = {
          maxReplicas = int
          minReplicas = int
          rules = [
            {
              azureQueue = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                queueLength = int
                queueName = "string"
              }
              custom = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                metadata = {
                  {customized property} = "string"
                }
                type = "string"
              }
              http = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                metadata = {
                  {customized property} = "string"
                }
              }
              name = "string"
            }
          ]
        }
        volumes = [
          {
            name = "string"
            storageName = "string"
            storageType = "string"
          }
        ]
      }
    }
  })
}

Property values

containerApps

Name Description Value
type The resource type "Microsoft.App/containerApps@2022-01-01-preview"
name The resource name string (required)

Character limit: 2-32

Valid characters:
Lowercase letters, numbers, and hyphens..

Start with letter and end with alphanumeric.
location The geo-location where the resource lives string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
properties ContainerApp resource specific properties ContainerAppProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). "SystemAssigned"
"SystemAssigned,UserAssigned"
"UserAssigned" (required)
identity_ids The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. Array of user identity IDs.

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
managedEnvironmentId Resource ID of the Container App's environment. string
template Container App versioned application definition. Template

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active. If no value if provided, this is the default{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode{/item}{/list}
"Multiple"
"Single"
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http "grpc"
"http"
enabled Boolean indicating if the Dapr side car is enabled bool

Ingress

Name Description Value
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
external Bool indicating if app exposes an external http endpoint bool
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol "auto"
"http"
"http2"

CustomDomain

Name Description Value
bindingType Custom Domain binding type. "Disabled"
"SniEnabled"
certificateId Resource Id of the Certificate to be bound to this hostname. string
name Hostname. string (required)

TrafficWeight

Name Description Value
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

RegistryCredentials

Name Description Value
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Secret

Name Description Value
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
volumes List of volume definitions for the Container App. Volume[]

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. "Liveness"
"Readiness"
"Startup"

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. "HTTP"
"HTTPS"

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 Specify a decimal value as a string. int or json decimal
memory Required memory, e.g. "250Mb" string

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
volumeName This must match the Name of a Volume. string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

ScaleRuleAuth

Name Description Value
secretRef Name of the Container App secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value
{customized property} string

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value
{customized property} string

Volume

Name Description Value
name Volume name. string
storageName Name of storage resource. No need to provide for EmptyDir. string
storageType Storage type for the volume. If not provided, use EmptyDir. "AzureFile"
"EmptyDir"