Microsoft.ContainerRegistry registries
Bicep resource definition
The registries resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ContainerRegistry/registries@2024-11-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
adminUserEnabled: bool
anonymousPullEnabled: bool
autoGeneratedDomainNameLabelScope: 'string'
dataEndpointEnabled: bool
encryption: {
keyVaultProperties: {
identity: 'string'
keyIdentifier: 'string'
}
status: 'string'
}
metadataSearch: 'string'
networkRuleBypassOptions: 'string'
networkRuleSet: {
defaultAction: 'string'
ipRules: [
{
action: 'string'
value: 'string'
}
]
}
policies: {
azureADAuthenticationAsArmPolicy: {
status: 'string'
}
exportPolicy: {
status: 'string'
}
quarantinePolicy: {
status: 'string'
}
retentionPolicy: {
days: int
status: 'string'
}
softDeletePolicy: {
retentionDays: int
status: 'string'
}
trustPolicy: {
status: 'string'
type: 'string'
}
}
publicNetworkAccess: 'string'
zoneRedundancy: 'string'
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
AzureADAuthenticationAsArmPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
EncryptionProperty
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | Key vault properties. | KeyVaultProperties |
| status | Indicates whether or not the encryption is enabled for container registry. | 'disabled' 'enabled' |
ExportPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
IdentityProperties
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
IdentityPropertiesUserAssignedIdentities |
IdentityPropertiesUserAssignedIdentities
| Name | Description | Value |
|---|
IPRule
| Name | Description | Value |
|---|---|---|
| action | The action of IP ACL rule. | 'Allow' |
| value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| identity | The client id of the identity which will be used to access key vault. | string |
| keyIdentifier | Key vault uri to access the encryption key. | string |
Microsoft.ContainerRegistry/registries
| Name | Description | Value |
|---|---|---|
| identity | The identity of the container registry. | IdentityProperties |
| location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
| name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]*$ (required) |
| properties | The properties of the container registry. | RegistryProperties |
| sku | The SKU of the container registry. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| defaultAction | The default action of allow or deny when no other rules match. | 'Allow' 'Deny' (required) |
| ipRules | The IP ACL rules. | IPRule[] |
Policies
| Name | Description | Value |
|---|---|---|
| azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
| exportPolicy | The export policy for a container registry. | ExportPolicy |
| quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
| retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
| softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
| trustPolicy | The content trust policy for a container registry. | TrustPolicy |
QuarantinePolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
RegistryProperties
| Name | Description | Value |
|---|---|---|
| adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
| anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
| autoGeneratedDomainNameLabelScope | Determines the domain name label reuse scope. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
| encryption | The encryption settings of container registry. | EncryptionProperty |
| metadataSearch | Determines whether registry artifacts are indexed for metadata search. | 'Disabled' 'Enabled' |
| networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | 'AzureServices' 'None' |
| networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
| policies | The policies for a container registry. | Policies |
| publicNetworkAccess | Whether or not public network access is allowed for the container registry. | 'Disabled' 'Enabled' |
| zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|
RetentionPolicy
| Name | Description | Value |
|---|---|---|
| days | The number of days to retain an untagged manifest after which it gets purged. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name of the container registry. Required for registry creation. | 'Basic' 'Classic' 'Premium' 'Standard' (required) |
SoftDeletePolicy
| Name | Description | Value |
|---|---|---|
| retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
TrustPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
| type | The type of trust policy. | 'Notary' |
UserIdentityProperties
| Name | Description | Value |
|---|
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| Azure AI Studio basic setup | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio basic setup | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio basic setup | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio Network Restricted | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio Network Restricted | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio with Microsoft Entra ID Authentication | This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
| Azure Container Registry with Geo-replication Template | A template for creating a new Azure Container Registry with geo-replication |
| Azure Container Registry with Policies and Diagnostics | Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Machine Learning end-to-end secure setup | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Azure Machine Learning end-to-end secure setup (legacy) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Build container images with ACR Tasks | This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
| Create an AKS compute target with a Private IP address | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
| Create an Azure Machine Learning service workspace | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
| Create an Azure Machine Learning service workspace (CMK) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
| Create an Azure Machine Learning service workspace (CMK) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
| Create an Azure Machine Learning service workspace (legacy) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
| Create an Azure Machine Learning service workspace (vnet) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
| Creates a Container App and Environment with Registry | Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. |
| Deploy Secure Azure AI Studio with a managed virtual network | This template creates a secure Azure AI Studio environment with robust network and identity security restrictions. |
| Import Container Images into ACR | This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
| Simple Azure Container Registry Template | A template for creating a new Azure Container Registry. |
ARM template resource definition
The registries resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following JSON to your template.
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2024-11-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"adminUserEnabled": "bool",
"anonymousPullEnabled": "bool",
"autoGeneratedDomainNameLabelScope": "string",
"dataEndpointEnabled": "bool",
"encryption": {
"keyVaultProperties": {
"identity": "string",
"keyIdentifier": "string"
},
"status": "string"
},
"metadataSearch": "string",
"networkRuleBypassOptions": "string",
"networkRuleSet": {
"defaultAction": "string",
"ipRules": [
{
"action": "string",
"value": "string"
}
]
},
"policies": {
"azureADAuthenticationAsArmPolicy": {
"status": "string"
},
"exportPolicy": {
"status": "string"
},
"quarantinePolicy": {
"status": "string"
},
"retentionPolicy": {
"days": "int",
"status": "string"
},
"softDeletePolicy": {
"retentionDays": "int",
"status": "string"
},
"trustPolicy": {
"status": "string",
"type": "string"
}
},
"publicNetworkAccess": "string",
"zoneRedundancy": "string"
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
AzureADAuthenticationAsArmPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
EncryptionProperty
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | Key vault properties. | KeyVaultProperties |
| status | Indicates whether or not the encryption is enabled for container registry. | 'disabled' 'enabled' |
ExportPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
IdentityProperties
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
IdentityPropertiesUserAssignedIdentities |
IdentityPropertiesUserAssignedIdentities
| Name | Description | Value |
|---|
IPRule
| Name | Description | Value |
|---|---|---|
| action | The action of IP ACL rule. | 'Allow' |
| value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| identity | The client id of the identity which will be used to access key vault. | string |
| keyIdentifier | Key vault uri to access the encryption key. | string |
Microsoft.ContainerRegistry/registries
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-11-01-preview' |
| identity | The identity of the container registry. | IdentityProperties |
| location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
| name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]*$ (required) |
| properties | The properties of the container registry. | RegistryProperties |
| sku | The SKU of the container registry. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.ContainerRegistry/registries' |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| defaultAction | The default action of allow or deny when no other rules match. | 'Allow' 'Deny' (required) |
| ipRules | The IP ACL rules. | IPRule[] |
Policies
| Name | Description | Value |
|---|---|---|
| azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
| exportPolicy | The export policy for a container registry. | ExportPolicy |
| quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
| retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
| softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
| trustPolicy | The content trust policy for a container registry. | TrustPolicy |
QuarantinePolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
RegistryProperties
| Name | Description | Value |
|---|---|---|
| adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
| anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
| autoGeneratedDomainNameLabelScope | Determines the domain name label reuse scope. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
| encryption | The encryption settings of container registry. | EncryptionProperty |
| metadataSearch | Determines whether registry artifacts are indexed for metadata search. | 'Disabled' 'Enabled' |
| networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | 'AzureServices' 'None' |
| networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
| policies | The policies for a container registry. | Policies |
| publicNetworkAccess | Whether or not public network access is allowed for the container registry. | 'Disabled' 'Enabled' |
| zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|
RetentionPolicy
| Name | Description | Value |
|---|---|---|
| days | The number of days to retain an untagged manifest after which it gets purged. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name of the container registry. Required for registry creation. | 'Basic' 'Classic' 'Premium' 'Standard' (required) |
SoftDeletePolicy
| Name | Description | Value |
|---|---|---|
| retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
TrustPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
| type | The type of trust policy. | 'Notary' |
UserIdentityProperties
| Name | Description | Value |
|---|
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
| Azure AI Studio with Microsoft Entra ID Authentication |
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
| Azure Container Registry with Geo-replication Template |
A template for creating a new Azure Container Registry with geo-replication |
| Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Build container images with ACR Tasks |
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
| CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
| Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
| Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
| Create an Azure Machine Learning service workspace |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
| Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
| Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
| Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
| Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
| Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
| Deploy Secure Azure AI Studio with a managed virtual network |
This template creates a secure Azure AI Studio environment with robust network and identity security restrictions. |
| Import Container Images into ACR |
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
| Simple Azure Container Registry Template |
A template for creating a new Azure Container Registry. |
Terraform (AzAPI provider) resource definition
The registries resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ContainerRegistry/registries@2024-11-01-preview"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
adminUserEnabled = bool
anonymousPullEnabled = bool
autoGeneratedDomainNameLabelScope = "string"
dataEndpointEnabled = bool
encryption = {
keyVaultProperties = {
identity = "string"
keyIdentifier = "string"
}
status = "string"
}
metadataSearch = "string"
networkRuleBypassOptions = "string"
networkRuleSet = {
defaultAction = "string"
ipRules = [
{
action = "string"
value = "string"
}
]
}
policies = {
azureADAuthenticationAsArmPolicy = {
status = "string"
}
exportPolicy = {
status = "string"
}
quarantinePolicy = {
status = "string"
}
retentionPolicy = {
days = int
status = "string"
}
softDeletePolicy = {
retentionDays = int
status = "string"
}
trustPolicy = {
status = "string"
type = "string"
}
}
publicNetworkAccess = "string"
zoneRedundancy = "string"
}
})
}
Property values
AzureADAuthenticationAsArmPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
EncryptionProperty
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | Key vault properties. | KeyVaultProperties |
| status | Indicates whether or not the encryption is enabled for container registry. | 'disabled' 'enabled' |
ExportPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
IdentityProperties
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
IdentityPropertiesUserAssignedIdentities |
IdentityPropertiesUserAssignedIdentities
| Name | Description | Value |
|---|
IPRule
| Name | Description | Value |
|---|---|---|
| action | The action of IP ACL rule. | 'Allow' |
| value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| identity | The client id of the identity which will be used to access key vault. | string |
| keyIdentifier | Key vault uri to access the encryption key. | string |
Microsoft.ContainerRegistry/registries
| Name | Description | Value |
|---|---|---|
| identity | The identity of the container registry. | IdentityProperties |
| location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
| name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]*$ (required) |
| properties | The properties of the container registry. | RegistryProperties |
| sku | The SKU of the container registry. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.ContainerRegistry/registries@2024-11-01-preview" |
NetworkRuleSet
| Name | Description | Value |
|---|---|---|
| defaultAction | The default action of allow or deny when no other rules match. | 'Allow' 'Deny' (required) |
| ipRules | The IP ACL rules. | IPRule[] |
Policies
| Name | Description | Value |
|---|---|---|
| azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
| exportPolicy | The export policy for a container registry. | ExportPolicy |
| quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
| retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
| softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
| trustPolicy | The content trust policy for a container registry. | TrustPolicy |
QuarantinePolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
RegistryProperties
| Name | Description | Value |
|---|---|---|
| adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
| anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
| autoGeneratedDomainNameLabelScope | Determines the domain name label reuse scope. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
| encryption | The encryption settings of container registry. | EncryptionProperty |
| metadataSearch | Determines whether registry artifacts are indexed for metadata search. | 'Disabled' 'Enabled' |
| networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | 'AzureServices' 'None' |
| networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
| policies | The policies for a container registry. | Policies |
| publicNetworkAccess | Whether or not public network access is allowed for the container registry. | 'Disabled' 'Enabled' |
| zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|
RetentionPolicy
| Name | Description | Value |
|---|---|---|
| days | The number of days to retain an untagged manifest after which it gets purged. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name of the container registry. Required for registry creation. | 'Basic' 'Classic' 'Premium' 'Standard' (required) |
SoftDeletePolicy
| Name | Description | Value |
|---|---|---|
| retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
TrustPolicy
| Name | Description | Value |
|---|---|---|
| status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
| type | The type of trust policy. | 'Notary' |
UserIdentityProperties
| Name | Description | Value |
|---|