Microsoft.App containerApps 2023-05-02-preview

Bicep resource definition

The containerApps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.App/containerApps@2023-05-02-preview' = {
  extendedLocation: {
    name: 'string'
    type: 'string'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  managedBy: 'string'
  name: 'string'
  properties: {
    configuration: {
      activeRevisionsMode: 'string'
      dapr: {
        appId: 'string'
        appPort: int
        appProtocol: 'string'
        enableApiLogging: bool
        enabled: bool
        httpMaxRequestSize: int
        httpReadBufferSize: int
        logLevel: 'string'
      }
      ingress: {
        additionalPortMappings: [
          {
            exposedPort: int
            external: bool
            targetPort: int
          }
        ]
        allowInsecure: bool
        clientCertificateMode: 'string'
        corsPolicy: {
          allowCredentials: bool
          allowedHeaders: [
            'string'
          ]
          allowedMethods: [
            'string'
          ]
          allowedOrigins: [
            'string'
          ]
          exposeHeaders: [
            'string'
          ]
          maxAge: int
        }
        customDomains: [
          {
            bindingType: 'string'
            certificateId: 'string'
            name: 'string'
          }
        ]
        exposedPort: int
        external: bool
        ipSecurityRestrictions: [
          {
            action: 'string'
            description: 'string'
            ipAddressRange: 'string'
            name: 'string'
          }
        ]
        stickySessions: {
          affinity: 'string'
        }
        targetPort: int
        traffic: [
          {
            label: 'string'
            latestRevision: bool
            revisionName: 'string'
            weight: int
          }
        ]
        transport: 'string'
      }
      maxInactiveRevisions: int
      registries: [
        {
          identity: 'string'
          passwordSecretRef: 'string'
          server: 'string'
          username: 'string'
        }
      ]
      secrets: [
        {
          identity: 'string'
          keyVaultUrl: 'string'
          name: 'string'
          value: 'string'
        }
      ]
      service: {
        type: 'string'
      }
    }
    environmentId: 'string'
    managedEnvironmentId: 'string'
    template: {
      containers: [
        {
          args: [
            'string'
          ]
          command: [
            'string'
          ]
          env: [
            {
              name: 'string'
              secretRef: 'string'
              value: 'string'
            }
          ]
          image: 'string'
          name: 'string'
          probes: [
            {
              failureThreshold: int
              httpGet: {
                host: 'string'
                httpHeaders: [
                  {
                    name: 'string'
                    value: 'string'
                  }
                ]
                path: 'string'
                port: int
                scheme: 'string'
              }
              initialDelaySeconds: int
              periodSeconds: int
              successThreshold: int
              tcpSocket: {
                host: 'string'
                port: int
              }
              terminationGracePeriodSeconds: int
              timeoutSeconds: int
              type: 'string'
            }
          ]
          resources: {
            cpu: int
            memory: 'string'
          }
          volumeMounts: [
            {
              mountPath: 'string'
              subPath: 'string'
              volumeName: 'string'
            }
          ]
        }
      ]
      initContainers: [
        {
          args: [
            'string'
          ]
          command: [
            'string'
          ]
          env: [
            {
              name: 'string'
              secretRef: 'string'
              value: 'string'
            }
          ]
          image: 'string'
          name: 'string'
          resources: {
            cpu: int
            memory: 'string'
          }
          volumeMounts: [
            {
              mountPath: 'string'
              subPath: 'string'
              volumeName: 'string'
            }
          ]
        }
      ]
      revisionSuffix: 'string'
      scale: {
        maxReplicas: int
        minReplicas: int
        rules: [
          {
            azureQueue: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              queueLength: int
              queueName: 'string'
            }
            custom: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              metadata: {
                {customized property}: 'string'
              }
              type: 'string'
            }
            http: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              metadata: {
                {customized property}: 'string'
              }
            }
            name: 'string'
            tcp: {
              auth: [
                {
                  secretRef: 'string'
                  triggerParameter: 'string'
                }
              ]
              metadata: {
                {customized property}: 'string'
              }
            }
          }
        ]
      }
      serviceBinds: [
        {
          name: 'string'
          serviceId: 'string'
        }
      ]
      terminationGracePeriodSeconds: int
      volumes: [
        {
          mountOptions: 'string'
          name: 'string'
          secrets: [
            {
              path: 'string'
              secretRef: 'string'
            }
          ]
          storageName: 'string'
          storageType: 'string'
        }
      ]
    }
    workloadProfileName: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
<list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list>
'Multiple'
'Single'
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
maxInactiveRevisions Optional. Max inactive revisions a Container App can have. int
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]
service Container App to be a dev Container App Service Service

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. 'Liveness'
'Readiness'
'Startup'

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. 'HTTP'
'HTTPS'

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
environmentId Resource ID of environment. string
managedEnvironmentId Deprecated. Resource ID of the Container App's environment. string
template Container App versioned application definition. Template
workloadProfileName Workload profile name to pin for container app execution. string

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 int
memory Required memory, e.g. "250Mb" string

CorsPolicy

Name Description Value
allowCredentials Specifies whether the resource allows credentials bool
allowedHeaders Specifies the content for the access-control-allow-headers header string[]
allowedMethods Specifies the content for the access-control-allow-methods header string[]
allowedOrigins Specifies the content for the access-control-allow-origins header string[] (required)
exposeHeaders Specifies the content for the access-control-expose-headers header string[]
maxAge Specifies the content for the access-control-max-age header int

CustomDomain

Name Description Value
bindingType Custom Domain binding type. 'Disabled'
'SniEnabled'
certificateId Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. string
name Hostname. string (required)

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http 'grpc'
'http'
enableApiLogging Enables API logging for the Dapr sidecar bool
enabled Boolean indicating if the Dapr side car is enabled bool
httpMaxRequestSize Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. int
httpReadBufferSize Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. int
logLevel Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. 'debug'
'error'
'info'
'warn'

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'CustomLocation'

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value

Ingress

Name Description Value
additionalPortMappings Settings to expose additional ports on container app IngressPortMapping[]
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
clientCertificateMode Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. 'accept'
'ignore'
'require'
corsPolicy CORS policy for container app CorsPolicy
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
exposedPort Exposed Port in containers for TCP traffic from ingress int
external Bool indicating if app exposes an external http endpoint bool
ipSecurityRestrictions Rules to restrict incoming IP address. IpSecurityRestrictionRule[]
stickySessions Sticky Sessions for Single Revision Mode IngressStickySessions
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol 'auto'
'http'
'http2'
'tcp'

IngressPortMapping

Name Description Value
exposedPort Specifies the exposed port for the target port. If not specified, it defaults to target port int
external Specifies whether the app port is accessible outside of the environment bool (required)
targetPort Specifies the port user's container listens on int (required)

IngressStickySessions

Name Description Value
affinity Sticky Session Affinity 'none'
'sticky'

InitContainer

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

IpSecurityRestrictionRule

Name Description Value
action Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny 'Allow'
'Deny' (required)
description Describe the IP restriction rule that is being sent to the container-app. This is an optional field. string
ipAddressRange CIDR notation to match incoming IP address string (required)
name Name for the IP restriction rule. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.App/containerApps

Name Description Value
extendedLocation The complex type of the extended location. ExtendedLocation
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
location The geo-location where the resource lives string (required)
managedBy The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. string
name The resource name string (required)
properties ContainerApp resource specific properties ContainerAppProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

RegistryCredentials

Name Description Value
identity A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' string
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string
tcp Tcp requests based scaling. TcpScaleRule

ScaleRuleAuth

Name Description Value
secretRef Name of the secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

Secret

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl Azure Key Vault URL pointing to the secret referenced by the container app. string
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

SecretVolumeItem

Name Description Value
path Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. string
secretRef Name of the Container App secret from which to pull the secret value. string

Service

Name Description Value
type Dev ContainerApp service type string (required)

ServiceBind

Name Description Value
name Name of the service bind string
serviceId Resource id of the target service string

TcpScaleRule

Name Description Value
auth Authentication secrets for the tcp scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe tcp scale rule. TcpScaleRuleMetadata

TcpScaleRuleMetadata

Name Description Value

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
initContainers List of specialized containers that run before app containers. InitContainer[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
serviceBinds List of container app services bound to the app ServiceBind[]
terminationGracePeriodSeconds Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. int
volumes List of volume definitions for the Container App. Volume[]

TrackedResourceTags

Name Description Value

TrafficWeight

Name Description Value
label Associates a traffic label with a revision string
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

Volume

Name Description Value
mountOptions Mount options used while mounting the AzureFile. Must be a comma-separated string. string
name Volume name. string
secrets List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. SecretVolumeItem[]
storageName Name of storage resource. No need to provide for EmptyDir and Secret. string
storageType Storage type for the volume. If not provided, use EmptyDir. 'AzureFile'
'EmptyDir'
'Secret'

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
subPath Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). string
volumeName This must match the Name of a Volume. string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Creates a Container App and Environment with Registry Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET Creates an internal Container App environment with a VNET.

ARM template resource definition

The containerApps resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following JSON to your template.

{
  "type": "Microsoft.App/containerApps",
  "apiVersion": "2023-05-02-preview",
  "name": "string",
  "extendedLocation": {
    "name": "string",
    "type": "string"
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "managedBy": "string",
  "properties": {
    "configuration": {
      "activeRevisionsMode": "string",
      "dapr": {
        "appId": "string",
        "appPort": "int",
        "appProtocol": "string",
        "enableApiLogging": "bool",
        "enabled": "bool",
        "httpMaxRequestSize": "int",
        "httpReadBufferSize": "int",
        "logLevel": "string"
      },
      "ingress": {
        "additionalPortMappings": [
          {
            "exposedPort": "int",
            "external": "bool",
            "targetPort": "int"
          }
        ],
        "allowInsecure": "bool",
        "clientCertificateMode": "string",
        "corsPolicy": {
          "allowCredentials": "bool",
          "allowedHeaders": [ "string" ],
          "allowedMethods": [ "string" ],
          "allowedOrigins": [ "string" ],
          "exposeHeaders": [ "string" ],
          "maxAge": "int"
        },
        "customDomains": [
          {
            "bindingType": "string",
            "certificateId": "string",
            "name": "string"
          }
        ],
        "exposedPort": "int",
        "external": "bool",
        "ipSecurityRestrictions": [
          {
            "action": "string",
            "description": "string",
            "ipAddressRange": "string",
            "name": "string"
          }
        ],
        "stickySessions": {
          "affinity": "string"
        },
        "targetPort": "int",
        "traffic": [
          {
            "label": "string",
            "latestRevision": "bool",
            "revisionName": "string",
            "weight": "int"
          }
        ],
        "transport": "string"
      },
      "maxInactiveRevisions": "int",
      "registries": [
        {
          "identity": "string",
          "passwordSecretRef": "string",
          "server": "string",
          "username": "string"
        }
      ],
      "secrets": [
        {
          "identity": "string",
          "keyVaultUrl": "string",
          "name": "string",
          "value": "string"
        }
      ],
      "service": {
        "type": "string"
      }
    },
    "environmentId": "string",
    "managedEnvironmentId": "string",
    "template": {
      "containers": [
        {
          "args": [ "string" ],
          "command": [ "string" ],
          "env": [
            {
              "name": "string",
              "secretRef": "string",
              "value": "string"
            }
          ],
          "image": "string",
          "name": "string",
          "probes": [
            {
              "failureThreshold": "int",
              "httpGet": {
                "host": "string",
                "httpHeaders": [
                  {
                    "name": "string",
                    "value": "string"
                  }
                ],
                "path": "string",
                "port": "int",
                "scheme": "string"
              },
              "initialDelaySeconds": "int",
              "periodSeconds": "int",
              "successThreshold": "int",
              "tcpSocket": {
                "host": "string",
                "port": "int"
              },
              "terminationGracePeriodSeconds": "int",
              "timeoutSeconds": "int",
              "type": "string"
            }
          ],
          "resources": {
            "cpu": "int",
            "memory": "string"
          },
          "volumeMounts": [
            {
              "mountPath": "string",
              "subPath": "string",
              "volumeName": "string"
            }
          ]
        }
      ],
      "initContainers": [
        {
          "args": [ "string" ],
          "command": [ "string" ],
          "env": [
            {
              "name": "string",
              "secretRef": "string",
              "value": "string"
            }
          ],
          "image": "string",
          "name": "string",
          "resources": {
            "cpu": "int",
            "memory": "string"
          },
          "volumeMounts": [
            {
              "mountPath": "string",
              "subPath": "string",
              "volumeName": "string"
            }
          ]
        }
      ],
      "revisionSuffix": "string",
      "scale": {
        "maxReplicas": "int",
        "minReplicas": "int",
        "rules": [
          {
            "azureQueue": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "queueLength": "int",
              "queueName": "string"
            },
            "custom": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "metadata": {
                "{customized property}": "string"
              },
              "type": "string"
            },
            "http": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "metadata": {
                "{customized property}": "string"
              }
            },
            "name": "string",
            "tcp": {
              "auth": [
                {
                  "secretRef": "string",
                  "triggerParameter": "string"
                }
              ],
              "metadata": {
                "{customized property}": "string"
              }
            }
          }
        ]
      },
      "serviceBinds": [
        {
          "name": "string",
          "serviceId": "string"
        }
      ],
      "terminationGracePeriodSeconds": "int",
      "volumes": [
        {
          "mountOptions": "string",
          "name": "string",
          "secrets": [
            {
              "path": "string",
              "secretRef": "string"
            }
          ],
          "storageName": "string",
          "storageType": "string"
        }
      ]
    },
    "workloadProfileName": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
<list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list>
'Multiple'
'Single'
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
maxInactiveRevisions Optional. Max inactive revisions a Container App can have. int
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]
service Container App to be a dev Container App Service Service

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. 'Liveness'
'Readiness'
'Startup'

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. 'HTTP'
'HTTPS'

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
environmentId Resource ID of environment. string
managedEnvironmentId Deprecated. Resource ID of the Container App's environment. string
template Container App versioned application definition. Template
workloadProfileName Workload profile name to pin for container app execution. string

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 int
memory Required memory, e.g. "250Mb" string

CorsPolicy

Name Description Value
allowCredentials Specifies whether the resource allows credentials bool
allowedHeaders Specifies the content for the access-control-allow-headers header string[]
allowedMethods Specifies the content for the access-control-allow-methods header string[]
allowedOrigins Specifies the content for the access-control-allow-origins header string[] (required)
exposeHeaders Specifies the content for the access-control-expose-headers header string[]
maxAge Specifies the content for the access-control-max-age header int

CustomDomain

Name Description Value
bindingType Custom Domain binding type. 'Disabled'
'SniEnabled'
certificateId Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. string
name Hostname. string (required)

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http 'grpc'
'http'
enableApiLogging Enables API logging for the Dapr sidecar bool
enabled Boolean indicating if the Dapr side car is enabled bool
httpMaxRequestSize Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. int
httpReadBufferSize Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. int
logLevel Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. 'debug'
'error'
'info'
'warn'

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'CustomLocation'

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value

Ingress

Name Description Value
additionalPortMappings Settings to expose additional ports on container app IngressPortMapping[]
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
clientCertificateMode Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. 'accept'
'ignore'
'require'
corsPolicy CORS policy for container app CorsPolicy
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
exposedPort Exposed Port in containers for TCP traffic from ingress int
external Bool indicating if app exposes an external http endpoint bool
ipSecurityRestrictions Rules to restrict incoming IP address. IpSecurityRestrictionRule[]
stickySessions Sticky Sessions for Single Revision Mode IngressStickySessions
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol 'auto'
'http'
'http2'
'tcp'

IngressPortMapping

Name Description Value
exposedPort Specifies the exposed port for the target port. If not specified, it defaults to target port int
external Specifies whether the app port is accessible outside of the environment bool (required)
targetPort Specifies the port user's container listens on int (required)

IngressStickySessions

Name Description Value
affinity Sticky Session Affinity 'none'
'sticky'

InitContainer

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

IpSecurityRestrictionRule

Name Description Value
action Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny 'Allow'
'Deny' (required)
description Describe the IP restriction rule that is being sent to the container-app. This is an optional field. string
ipAddressRange CIDR notation to match incoming IP address string (required)
name Name for the IP restriction rule. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.App/containerApps

Name Description Value
apiVersion The api version '2023-05-02-preview'
extendedLocation The complex type of the extended location. ExtendedLocation
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
location The geo-location where the resource lives string (required)
managedBy The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. string
name The resource name string (required)
properties ContainerApp resource specific properties ContainerAppProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.App/containerApps'

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

RegistryCredentials

Name Description Value
identity A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' string
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string
tcp Tcp requests based scaling. TcpScaleRule

ScaleRuleAuth

Name Description Value
secretRef Name of the secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

Secret

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl Azure Key Vault URL pointing to the secret referenced by the container app. string
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

SecretVolumeItem

Name Description Value
path Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. string
secretRef Name of the Container App secret from which to pull the secret value. string

Service

Name Description Value
type Dev ContainerApp service type string (required)

ServiceBind

Name Description Value
name Name of the service bind string
serviceId Resource id of the target service string

TcpScaleRule

Name Description Value
auth Authentication secrets for the tcp scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe tcp scale rule. TcpScaleRuleMetadata

TcpScaleRuleMetadata

Name Description Value

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
initContainers List of specialized containers that run before app containers. InitContainer[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
serviceBinds List of container app services bound to the app ServiceBind[]
terminationGracePeriodSeconds Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. int
volumes List of volume definitions for the Container App. Volume[]

TrackedResourceTags

Name Description Value

TrafficWeight

Name Description Value
label Associates a traffic label with a revision string
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

Volume

Name Description Value
mountOptions Mount options used while mounting the AzureFile. Must be a comma-separated string. string
name Volume name. string
secrets List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. SecretVolumeItem[]
storageName Name of storage resource. No need to provide for EmptyDir and Secret. string
storageType Storage type for the volume. If not provided, use EmptyDir. 'AzureFile'
'EmptyDir'
'Secret'

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
subPath Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). string
volumeName This must match the Name of a Volume. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

Terraform (AzAPI provider) resource definition

The containerApps resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/containerApps resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.App/containerApps@2023-05-02-preview"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  managedBy = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    extendedLocation = {
      name = "string"
      type = "string"
    }
    properties = {
      configuration = {
        activeRevisionsMode = "string"
        dapr = {
          appId = "string"
          appPort = int
          appProtocol = "string"
          enableApiLogging = bool
          enabled = bool
          httpMaxRequestSize = int
          httpReadBufferSize = int
          logLevel = "string"
        }
        ingress = {
          additionalPortMappings = [
            {
              exposedPort = int
              external = bool
              targetPort = int
            }
          ]
          allowInsecure = bool
          clientCertificateMode = "string"
          corsPolicy = {
            allowCredentials = bool
            allowedHeaders = [
              "string"
            ]
            allowedMethods = [
              "string"
            ]
            allowedOrigins = [
              "string"
            ]
            exposeHeaders = [
              "string"
            ]
            maxAge = int
          }
          customDomains = [
            {
              bindingType = "string"
              certificateId = "string"
              name = "string"
            }
          ]
          exposedPort = int
          external = bool
          ipSecurityRestrictions = [
            {
              action = "string"
              description = "string"
              ipAddressRange = "string"
              name = "string"
            }
          ]
          stickySessions = {
            affinity = "string"
          }
          targetPort = int
          traffic = [
            {
              label = "string"
              latestRevision = bool
              revisionName = "string"
              weight = int
            }
          ]
          transport = "string"
        }
        maxInactiveRevisions = int
        registries = [
          {
            identity = "string"
            passwordSecretRef = "string"
            server = "string"
            username = "string"
          }
        ]
        secrets = [
          {
            identity = "string"
            keyVaultUrl = "string"
            name = "string"
            value = "string"
          }
        ]
        service = {
          type = "string"
        }
      }
      environmentId = "string"
      managedEnvironmentId = "string"
      template = {
        containers = [
          {
            args = [
              "string"
            ]
            command = [
              "string"
            ]
            env = [
              {
                name = "string"
                secretRef = "string"
                value = "string"
              }
            ]
            image = "string"
            name = "string"
            probes = [
              {
                failureThreshold = int
                httpGet = {
                  host = "string"
                  httpHeaders = [
                    {
                      name = "string"
                      value = "string"
                    }
                  ]
                  path = "string"
                  port = int
                  scheme = "string"
                }
                initialDelaySeconds = int
                periodSeconds = int
                successThreshold = int
                tcpSocket = {
                  host = "string"
                  port = int
                }
                terminationGracePeriodSeconds = int
                timeoutSeconds = int
                type = "string"
              }
            ]
            resources = {
              cpu = int
              memory = "string"
            }
            volumeMounts = [
              {
                mountPath = "string"
                subPath = "string"
                volumeName = "string"
              }
            ]
          }
        ]
        initContainers = [
          {
            args = [
              "string"
            ]
            command = [
              "string"
            ]
            env = [
              {
                name = "string"
                secretRef = "string"
                value = "string"
              }
            ]
            image = "string"
            name = "string"
            resources = {
              cpu = int
              memory = "string"
            }
            volumeMounts = [
              {
                mountPath = "string"
                subPath = "string"
                volumeName = "string"
              }
            ]
          }
        ]
        revisionSuffix = "string"
        scale = {
          maxReplicas = int
          minReplicas = int
          rules = [
            {
              azureQueue = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                queueLength = int
                queueName = "string"
              }
              custom = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                metadata = {
                  {customized property} = "string"
                }
                type = "string"
              }
              http = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                metadata = {
                  {customized property} = "string"
                }
              }
              name = "string"
              tcp = {
                auth = [
                  {
                    secretRef = "string"
                    triggerParameter = "string"
                  }
                ]
                metadata = {
                  {customized property} = "string"
                }
              }
            }
          ]
        }
        serviceBinds = [
          {
            name = "string"
            serviceId = "string"
          }
        ]
        terminationGracePeriodSeconds = int
        volumes = [
          {
            mountOptions = "string"
            name = "string"
            secrets = [
              {
                path = "string"
                secretRef = "string"
              }
            ]
            storageName = "string"
            storageType = "string"
          }
        ]
      }
      workloadProfileName = "string"
    }
  })
}

Property values

Configuration

Name Description Value
activeRevisionsMode ActiveRevisionsMode controls how active revisions are handled for the Container app:
<list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list>
'Multiple'
'Single'
dapr Dapr configuration for the Container App. Dapr
ingress Ingress configurations. Ingress
maxInactiveRevisions Optional. Max inactive revisions a Container App can have. int
registries Collection of private container registry credentials for containers used by the Container app RegistryCredentials[]
secrets Collection of secrets used by a Container app Secret[]
service Container App to be a dev Container App Service Service

Container

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
probes List of probes for the container. ContainerAppProbe[]
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

ContainerAppProbe

Name Description Value
failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. int
httpGet HTTPGet specifies the http request to perform. ContainerAppProbeHttpGet
initialDelaySeconds Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. int
periodSeconds How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. int
successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. int
tcpSocket TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. ContainerAppProbeTcpSocket
terminationGracePeriodSeconds Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) int
timeoutSeconds Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. int
type The type of probe. 'Liveness'
'Readiness'
'Startup'

ContainerAppProbeHttpGet

Name Description Value
host Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. string
httpHeaders Custom headers to set in the request. HTTP allows repeated headers. ContainerAppProbeHttpGetHttpHeadersItem[]
path Path to access on the HTTP server. string
port Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)
scheme Scheme to use for connecting to the host. Defaults to HTTP. 'HTTP'
'HTTPS'

ContainerAppProbeHttpGetHttpHeadersItem

Name Description Value
name The header field name string (required)
value The header field value string (required)

ContainerAppProbeTcpSocket

Name Description Value
host Optional: Host name to connect to, defaults to the pod IP. string
port Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. int (required)

ContainerAppProperties

Name Description Value
configuration Non versioned Container App configuration properties. Configuration
environmentId Resource ID of environment. string
managedEnvironmentId Deprecated. Resource ID of the Container App's environment. string
template Container App versioned application definition. Template
workloadProfileName Workload profile name to pin for container app execution. string

ContainerResources

Name Description Value
cpu Required CPU in cores, e.g. 0.5 int
memory Required memory, e.g. "250Mb" string

CorsPolicy

Name Description Value
allowCredentials Specifies whether the resource allows credentials bool
allowedHeaders Specifies the content for the access-control-allow-headers header string[]
allowedMethods Specifies the content for the access-control-allow-methods header string[]
allowedOrigins Specifies the content for the access-control-allow-origins header string[] (required)
exposeHeaders Specifies the content for the access-control-expose-headers header string[]
maxAge Specifies the content for the access-control-max-age header int

CustomDomain

Name Description Value
bindingType Custom Domain binding type. 'Disabled'
'SniEnabled'
certificateId Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. string
name Hostname. string (required)

CustomScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe custom scale rule. CustomScaleRuleMetadata
type Type of the custom scale rule
eg: azure-servicebus, redis etc.
string

CustomScaleRuleMetadata

Name Description Value

Dapr

Name Description Value
appId Dapr application identifier string
appPort Tells Dapr which port your application is listening on int
appProtocol Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http 'grpc'
'http'
enableApiLogging Enables API logging for the Dapr sidecar bool
enabled Boolean indicating if the Dapr side car is enabled bool
httpMaxRequestSize Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. int
httpReadBufferSize Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. int
logLevel Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. 'debug'
'error'
'info'
'warn'

EnvironmentVar

Name Description Value
name Environment variable name. string
secretRef Name of the Container App secret from which to pull the environment variable value. string
value Non-secret environment variable value. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'CustomLocation'

HttpScaleRule

Name Description Value
auth Authentication secrets for the custom scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe http scale rule. HttpScaleRuleMetadata

HttpScaleRuleMetadata

Name Description Value

Ingress

Name Description Value
additionalPortMappings Settings to expose additional ports on container app IngressPortMapping[]
allowInsecure Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections bool
clientCertificateMode Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. 'accept'
'ignore'
'require'
corsPolicy CORS policy for container app CorsPolicy
customDomains custom domain bindings for Container Apps' hostnames. CustomDomain[]
exposedPort Exposed Port in containers for TCP traffic from ingress int
external Bool indicating if app exposes an external http endpoint bool
ipSecurityRestrictions Rules to restrict incoming IP address. IpSecurityRestrictionRule[]
stickySessions Sticky Sessions for Single Revision Mode IngressStickySessions
targetPort Target Port in containers for traffic from ingress int
traffic Traffic weights for app's revisions TrafficWeight[]
transport Ingress transport protocol 'auto'
'http'
'http2'
'tcp'

IngressPortMapping

Name Description Value
exposedPort Specifies the exposed port for the target port. If not specified, it defaults to target port int
external Specifies whether the app port is accessible outside of the environment bool (required)
targetPort Specifies the port user's container listens on int (required)

IngressStickySessions

Name Description Value
affinity Sticky Session Affinity 'none'
'sticky'

InitContainer

Name Description Value
args Container start command arguments. string[]
command Container start command. string[]
env Container environment variables. EnvironmentVar[]
image Container image tag. string
name Custom container name. string
resources Container resource requirements. ContainerResources
volumeMounts Container volume mounts. VolumeMount[]

IpSecurityRestrictionRule

Name Description Value
action Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny 'Allow'
'Deny' (required)
description Describe the IP restriction rule that is being sent to the container-app. This is an optional field. string
ipAddressRange CIDR notation to match incoming IP address string (required)
name Name for the IP restriction rule. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.App/containerApps

Name Description Value
extendedLocation The complex type of the extended location. ExtendedLocation
identity managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
location The geo-location where the resource lives string (required)
managedBy The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. string
name The resource name string (required)
properties ContainerApp resource specific properties ContainerAppProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.App/containerApps@2023-05-02-preview"

QueueScaleRule

Name Description Value
auth Authentication secrets for the queue scale rule. ScaleRuleAuth[]
queueLength Queue length. int
queueName Queue name. string

RegistryCredentials

Name Description Value
identity A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' string
passwordSecretRef The name of the Secret that contains the registry login password string
server Container Registry Server string
username Container Registry Username string

Scale

Name Description Value
maxReplicas Optional. Maximum number of container replicas. Defaults to 10 if not set. int
minReplicas Optional. Minimum number of container replicas. int
rules Scaling rules. ScaleRule[]

ScaleRule

Name Description Value
azureQueue Azure Queue based scaling. QueueScaleRule
custom Custom scale rule. CustomScaleRule
http HTTP requests based scaling. HttpScaleRule
name Scale Rule Name string
tcp Tcp requests based scaling. TcpScaleRule

ScaleRuleAuth

Name Description Value
secretRef Name of the secret from which to pull the auth params. string
triggerParameter Trigger Parameter that uses the secret string

Secret

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl Azure Key Vault URL pointing to the secret referenced by the container app. string
name Secret Name. string
value Secret Value. string

Constraints:
Sensitive value. Pass in as a secure parameter.

SecretVolumeItem

Name Description Value
path Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. string
secretRef Name of the Container App secret from which to pull the secret value. string

Service

Name Description Value
type Dev ContainerApp service type string (required)

ServiceBind

Name Description Value
name Name of the service bind string
serviceId Resource id of the target service string

TcpScaleRule

Name Description Value
auth Authentication secrets for the tcp scale rule. ScaleRuleAuth[]
metadata Metadata properties to describe tcp scale rule. TcpScaleRuleMetadata

TcpScaleRuleMetadata

Name Description Value

Template

Name Description Value
containers List of container definitions for the Container App. Container[]
initContainers List of specialized containers that run before app containers. InitContainer[]
revisionSuffix User friendly suffix that is appended to the revision name string
scale Scaling properties for the Container App. Scale
serviceBinds List of container app services bound to the app ServiceBind[]
terminationGracePeriodSeconds Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. int
volumes List of volume definitions for the Container App. Volume[]

TrackedResourceTags

Name Description Value

TrafficWeight

Name Description Value
label Associates a traffic label with a revision string
latestRevision Indicates that the traffic weight belongs to a latest stable revision bool
revisionName Name of a revision string
weight Traffic weight assigned to a revision int

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

Volume

Name Description Value
mountOptions Mount options used while mounting the AzureFile. Must be a comma-separated string. string
name Volume name. string
secrets List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. SecretVolumeItem[]
storageName Name of storage resource. No need to provide for EmptyDir and Secret. string
storageType Storage type for the volume. If not provided, use EmptyDir. 'AzureFile'
'EmptyDir'
'Secret'

VolumeMount

Name Description Value
mountPath Path within the container at which the volume should be mounted.Must not contain ':'. string
subPath Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). string
volumeName This must match the Name of a Volume. string