Microsoft.App containerApps 2024-08-02-preview
Bicep resource definition
The containerApps resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/containerApps resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.App/containerApps@2024-08-02-preview' = {
extendedLocation: {
name: 'string'
type: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
managedBy: 'string'
name: 'string'
properties: {
configuration: {
activeRevisionsMode: 'string'
dapr: {
appId: 'string'
appPort: int
appProtocol: 'string'
enableApiLogging: bool
enabled: bool
httpMaxRequestSize: int
httpReadBufferSize: int
logLevel: 'string'
}
identitySettings: [
{
identity: 'string'
lifecycle: 'string'
}
]
ingress: {
additionalPortMappings: [
{
exposedPort: int
external: bool
targetPort: int
}
]
allowInsecure: bool
clientCertificateMode: 'string'
corsPolicy: {
allowCredentials: bool
allowedHeaders: [
'string'
]
allowedMethods: [
'string'
]
allowedOrigins: [
'string'
]
exposeHeaders: [
'string'
]
maxAge: int
}
customDomains: [
{
bindingType: 'string'
certificateId: 'string'
name: 'string'
}
]
exposedPort: int
external: bool
ipSecurityRestrictions: [
{
action: 'string'
description: 'string'
ipAddressRange: 'string'
name: 'string'
}
]
stickySessions: {
affinity: 'string'
}
targetPort: int
targetPortHttpScheme: 'string'
traffic: [
{
label: 'string'
latestRevision: bool
revisionName: 'string'
weight: int
}
]
transport: 'string'
}
maxInactiveRevisions: int
registries: [
{
identity: 'string'
passwordSecretRef: 'string'
server: 'string'
username: 'string'
}
]
runtime: {
dotnet: {
autoConfigureDataProtection: bool
}
java: {
enableMetrics: bool
javaAgent: {
enabled: bool
logging: {
loggerSettings: [
{
level: 'string'
logger: 'string'
}
]
}
}
}
}
secrets: [
{
identity: 'string'
keyVaultUrl: 'string'
name: 'string'
value: 'string'
}
]
service: {
type: 'string'
}
}
environmentId: 'string'
managedEnvironmentId: 'string'
patchingConfiguration: {
patchingMode: 'string'
}
template: {
containers: [
{
args: [
'string'
]
command: [
'string'
]
env: [
{
name: 'string'
secretRef: 'string'
value: 'string'
}
]
image: 'string'
imageType: 'string'
name: 'string'
probes: [
{
failureThreshold: int
httpGet: {
host: 'string'
httpHeaders: [
{
name: 'string'
value: 'string'
}
]
path: 'string'
port: int
scheme: 'string'
}
initialDelaySeconds: int
periodSeconds: int
successThreshold: int
tcpSocket: {
host: 'string'
port: int
}
terminationGracePeriodSeconds: int
timeoutSeconds: int
type: 'string'
}
]
resources: {
cpu: int
memory: 'string'
}
volumeMounts: [
{
mountPath: 'string'
subPath: 'string'
volumeName: 'string'
}
]
}
]
initContainers: [
{
args: [
'string'
]
command: [
'string'
]
env: [
{
name: 'string'
secretRef: 'string'
value: 'string'
}
]
image: 'string'
imageType: 'string'
name: 'string'
resources: {
cpu: int
memory: 'string'
}
volumeMounts: [
{
mountPath: 'string'
subPath: 'string'
volumeName: 'string'
}
]
}
]
revisionSuffix: 'string'
scale: {
cooldownPeriod: int
maxReplicas: int
minReplicas: int
pollingInterval: int
rules: [
{
azureQueue: {
accountName: 'string'
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
identity: 'string'
queueLength: int
queueName: 'string'
}
custom: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
identity: 'string'
metadata: {
{customized property}: 'string'
}
type: 'string'
}
http: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
identity: 'string'
metadata: {
{customized property}: 'string'
}
}
name: 'string'
tcp: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
identity: 'string'
metadata: {
{customized property}: 'string'
}
}
}
]
}
serviceBinds: [
{
clientType: 'string'
customizedKeys: {
{customized property}: 'string'
}
name: 'string'
serviceId: 'string'
}
]
terminationGracePeriodSeconds: int
volumes: [
{
mountOptions: 'string'
name: 'string'
secrets: [
{
path: 'string'
secretRef: 'string'
}
]
storageName: 'string'
storageType: 'string'
}
]
}
workloadProfileName: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
Configuration
Name | Description | Value |
---|---|---|
activeRevisionsMode | ActiveRevisionsMode controls how active revisions are handled for the Container app: <list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list> |
'Multiple' 'Single' |
dapr | Dapr configuration for the Container App. | Dapr |
identitySettings | Optional settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used. | IdentitySettings[] |
ingress | Ingress configurations. | Ingress |
maxInactiveRevisions | Optional. Max inactive revisions a Container App can have. | int |
registries | Collection of private container registry credentials for containers used by the Container app | RegistryCredentials[] |
runtime | App runtime configuration for the Container App. | Runtime |
secrets | Collection of secrets used by a Container app | Secret[] |
service | Container App to be a dev Container App Service | Service |
Container
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
probes | List of probes for the container. | ContainerAppProbe[] |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
ContainerAppProbe
Name | Description | Value |
---|---|---|
failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. | int |
httpGet | HTTPGet specifies the http request to perform. | ContainerAppProbeHttpGet |
initialDelaySeconds | Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. | int |
periodSeconds | How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. | int |
successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. | int |
tcpSocket | TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. | ContainerAppProbeTcpSocket |
terminationGracePeriodSeconds | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) | int |
timeoutSeconds | Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. | int |
type | The type of probe. | 'Liveness' 'Readiness' 'Startup' |
ContainerAppProbeHttpGet
Name | Description | Value |
---|---|---|
host | Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. | string |
httpHeaders | Custom headers to set in the request. HTTP allows repeated headers. | ContainerAppProbeHttpGetHttpHeadersItem[] |
path | Path to access on the HTTP server. | string |
port | Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
scheme | Scheme to use for connecting to the host. Defaults to HTTP. | 'HTTP' 'HTTPS' |
ContainerAppProbeHttpGetHttpHeadersItem
Name | Description | Value |
---|---|---|
name | The header field name | string (required) |
value | The header field value | string (required) |
ContainerAppProbeTcpSocket
Name | Description | Value |
---|---|---|
host | Optional: Host name to connect to, defaults to the pod IP. | string |
port | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
ContainerAppProperties
Name | Description | Value |
---|---|---|
configuration | Non versioned Container App configuration properties. | Configuration |
environmentId | Resource ID of environment. | string |
managedEnvironmentId | Deprecated. Resource ID of the Container App's environment. | string |
patchingConfiguration | Container App auto patch configuration. | ContainerAppPropertiesPatchingConfiguration |
template | Container App versioned application definition. | Template |
workloadProfileName | Workload profile name to pin for container app execution. | string |
ContainerAppPropertiesPatchingConfiguration
Name | Description | Value |
---|---|---|
patchingMode | Patching mode for the container app. Null or default in this field will be interpreted as Automatic by RP. Automatic mode will automatically apply available patches. Manual mode will require the user to manually apply patches. Disabled mode will stop patch detection and auto patching. | 'Automatic' 'Disabled' 'Manual' |
ContainerResources
Name | Description | Value |
---|---|---|
cpu | Required CPU in cores, e.g. 0.5 | int |
memory | Required memory, e.g. "250Mb" | string |
CorsPolicy
Name | Description | Value |
---|---|---|
allowCredentials | Specifies whether the resource allows credentials | bool |
allowedHeaders | Specifies the content for the access-control-allow-headers header | string[] |
allowedMethods | Specifies the content for the access-control-allow-methods header | string[] |
allowedOrigins | Specifies the content for the access-control-allow-origins header | string[] (required) |
exposeHeaders | Specifies the content for the access-control-expose-headers header | string[] |
maxAge | Specifies the content for the access-control-max-age header | int |
CustomDomain
Name | Description | Value |
---|---|---|
bindingType | Custom Domain binding type. | 'Disabled' 'SniEnabled' |
certificateId | Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. | string |
name | Hostname. | string (required) |
CustomScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe custom scale rule. | CustomScaleRuleMetadata |
type | Type of the custom scale rule eg: azure-servicebus, redis etc. |
string |
CustomScaleRuleMetadata
Name | Description | Value |
---|
Dapr
Name | Description | Value |
---|---|---|
appId | Dapr application identifier | string |
appPort | Tells Dapr which port your application is listening on | int |
appProtocol | Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http | 'grpc' 'http' |
enableApiLogging | Enables API logging for the Dapr sidecar | bool |
enabled | Boolean indicating if the Dapr side car is enabled | bool |
httpMaxRequestSize | Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
EnvironmentVar
Name | Description | Value |
---|---|---|
name | Environment variable name. | string |
secretRef | Name of the Container App secret from which to pull the environment variable value. | string |
value | Non-secret environment variable value. | string |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'CustomLocation' |
HttpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe http scale rule. | HttpScaleRuleMetadata |
HttpScaleRuleMetadata
Name | Description | Value |
---|
IdentitySettings
Name | Description | Value |
---|---|---|
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string (required) |
lifecycle | Use to select the lifecycle stages of a Container App during which the Managed Identity should be available. | 'All' 'Init' 'Main' 'None' |
Ingress
Name | Description | Value |
---|---|---|
additionalPortMappings | Settings to expose additional ports on container app | IngressPortMapping[] |
allowInsecure | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections | bool |
clientCertificateMode | Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. | 'accept' 'ignore' 'require' |
corsPolicy | CORS policy for container app | CorsPolicy |
customDomains | custom domain bindings for Container Apps' hostnames. | CustomDomain[] |
exposedPort | Exposed Port in containers for TCP traffic from ingress | int |
external | Bool indicating if app exposes an external http endpoint | bool |
ipSecurityRestrictions | Rules to restrict incoming IP address. | IpSecurityRestrictionRule[] |
stickySessions | Sticky Sessions for Single Revision Mode | IngressStickySessions |
targetPort | Target Port in containers for traffic from ingress | int |
targetPortHttpScheme | Whether an http app listens on http or https | 'http' 'https' |
traffic | Traffic weights for app's revisions | TrafficWeight[] |
transport | Ingress transport protocol | 'auto' 'http' 'http2' 'tcp' |
IngressPortMapping
Name | Description | Value |
---|---|---|
exposedPort | Specifies the exposed port for the target port. If not specified, it defaults to target port | int |
external | Specifies whether the app port is accessible outside of the environment | bool (required) |
targetPort | Specifies the port user's container listens on | int (required) |
IngressStickySessions
Name | Description | Value |
---|---|---|
affinity | Sticky Session Affinity | 'none' 'sticky' |
InitContainer
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
IpSecurityRestrictionRule
Name | Description | Value |
---|---|---|
action | Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny | 'Allow' 'Deny' (required) |
description | Describe the IP restriction rule that is being sent to the container-app. This is an optional field. | string |
ipAddressRange | CIDR notation to match incoming IP address | string (required) |
name | Name for the IP restriction rule. | string (required) |
LoggerSetting
Name | Description | Value |
---|---|---|
level | The specified logger's log level. | 'debug' 'error' 'info' 'off' 'trace' 'warn' (required) |
logger | Logger name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.App/containerApps
Name | Description | Value |
---|---|---|
extendedLocation | The complex type of the extended location. | ExtendedLocation |
identity | managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. | ManagedServiceIdentity |
kind | Metadata used to render different experiences for resources of the same type; e.g. WorkflowApp is a kind of Microsoft.App/ContainerApps type. If supported, the resource provider must validate and persist this value. | 'workflowapp' |
location | The geo-location where the resource lives | string (required) |
managedBy | The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. | string |
name | The resource name | string (required) |
properties | ContainerApp resource specific properties | ContainerAppProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
QueueScaleRule
Name | Description | Value |
---|---|---|
accountName | Storage account name. required if using managed identity to authenticate | string |
auth | Authentication secrets for the queue scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
queueLength | Queue length. | int |
queueName | Queue name. | string |
RegistryCredentials
Name | Description | Value |
---|---|---|
identity | A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' | string |
passwordSecretRef | The name of the Secret that contains the registry login password | string |
server | Container Registry Server | string |
username | Container Registry Username | string |
Runtime
Name | Description | Value |
---|---|---|
dotnet | .NET app configuration | RuntimeDotnet |
java | Java app configuration | RuntimeJava |
RuntimeDotnet
Name | Description | Value |
---|---|---|
autoConfigureDataProtection | Auto configure the ASP.NET Core Data Protection feature | bool |
RuntimeJava
Name | Description | Value |
---|---|---|
enableMetrics | Enable jmx core metrics for the java app | bool |
javaAgent | Diagnostic capabilities achieved by java agent | RuntimeJavaAgent |
RuntimeJavaAgent
Name | Description | Value |
---|---|---|
enabled | Enable java agent injection for the java app. | bool |
logging | Capabilities on the java logging scenario. | RuntimeJavaAgentLogging |
RuntimeJavaAgentLogging
Name | Description | Value |
---|---|---|
loggerSettings | Settings of the logger for the java app. | LoggerSetting[] |
Scale
Name | Description | Value |
---|---|---|
cooldownPeriod | Optional. KEDA Cooldown Period. Defaults to 300 seconds if not set. | int |
maxReplicas | Optional. Maximum number of container replicas. Defaults to 10 if not set. | int |
minReplicas | Optional. Minimum number of container replicas. | int |
pollingInterval | Optional. KEDA Polling Interval. Defaults to 30 seconds if not set. | int |
rules | Scaling rules. | ScaleRule[] |
ScaleRule
Name | Description | Value |
---|---|---|
azureQueue | Azure Queue based scaling. | QueueScaleRule |
custom | Custom scale rule. | CustomScaleRule |
http | HTTP requests based scaling. | HttpScaleRule |
name | Scale Rule Name | string |
tcp | Tcp requests based scaling. | TcpScaleRule |
ScaleRuleAuth
Name | Description | Value |
---|---|---|
secretRef | Name of the secret from which to pull the auth params. | string |
triggerParameter | Trigger Parameter that uses the secret | string |
Secret
Name | Description | Value |
---|---|---|
identity | Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. | string |
keyVaultUrl | Azure Key Vault URL pointing to the secret referenced by the container app. | string |
name | Secret Name. | string |
value | Secret Value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
SecretVolumeItem
Name | Description | Value |
---|---|---|
path | Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. | string |
secretRef | Name of the Container App secret from which to pull the secret value. | string |
Service
Name | Description | Value |
---|---|---|
type | Dev ContainerApp service type | string (required) |
ServiceBind
Name | Description | Value |
---|---|---|
clientType | Type of the client to be used to connect to the service | string |
customizedKeys | Customized keys for customizing injected values to the app | ServiceBindCustomizedKeys |
name | Name of the service bind | string |
serviceId | Resource id of the target service | string |
ServiceBindCustomizedKeys
Name | Description | Value |
---|
TcpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the tcp scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe tcp scale rule. | TcpScaleRuleMetadata |
TcpScaleRuleMetadata
Name | Description | Value |
---|
Template
Name | Description | Value |
---|---|---|
containers | List of container definitions for the Container App. | Container[] |
initContainers | List of specialized containers that run before app containers. | InitContainer[] |
revisionSuffix | User friendly suffix that is appended to the revision name | string |
scale | Scaling properties for the Container App. | Scale |
serviceBinds | List of container app services bound to the app | ServiceBind[] |
terminationGracePeriodSeconds | Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. | int |
volumes | List of volume definitions for the Container App. | Volume[] |
TrackedResourceTags
Name | Description | Value |
---|
TrafficWeight
Name | Description | Value |
---|---|---|
label | Associates a traffic label with a revision | string |
latestRevision | Indicates that the traffic weight belongs to a latest stable revision | bool |
revisionName | Name of a revision | string |
weight | Traffic weight assigned to a revision | int |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Volume
Name | Description | Value |
---|---|---|
mountOptions | Mount options used while mounting the Azure file share or NFS Azure file share. Must be a comma-separated string. | string |
name | Volume name. | string |
secrets | List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. | SecretVolumeItem[] |
storageName | Name of storage resource. No need to provide for EmptyDir and Secret. | string |
storageType | Storage type for the volume. If not provided, use EmptyDir. | 'AzureFile' 'EmptyDir' 'NfsAzureFile' 'Secret' 'Smb' |
VolumeMount
Name | Description | Value |
---|---|---|
mountPath | Path within the container at which the volume should be mounted.Must not contain ':'. | string |
subPath | Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). | string |
volumeName | This must match the Name of a Volume. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Creates a Container App and Environment with Registry | Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Container App with a defined HTTP scaling rule | Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
Creates a Container App within a Container App Environment | Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. |
Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. |
Creates a two Container App with a Container App Environment | Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
Creates an external Container App environment with a VNET | Creates an external Container App environment with a VNET. |
Creates an internal Container App environment with a VNET | Creates an internal Container App environment with a VNET. |
ARM template resource definition
The containerApps resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/containerApps resource, add the following JSON to your template.
{
"type": "Microsoft.App/containerApps",
"apiVersion": "2024-08-02-preview",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"managedBy": "string",
"properties": {
"configuration": {
"activeRevisionsMode": "string",
"dapr": {
"appId": "string",
"appPort": "int",
"appProtocol": "string",
"enableApiLogging": "bool",
"enabled": "bool",
"httpMaxRequestSize": "int",
"httpReadBufferSize": "int",
"logLevel": "string"
},
"identitySettings": [
{
"identity": "string",
"lifecycle": "string"
}
],
"ingress": {
"additionalPortMappings": [
{
"exposedPort": "int",
"external": "bool",
"targetPort": "int"
}
],
"allowInsecure": "bool",
"clientCertificateMode": "string",
"corsPolicy": {
"allowCredentials": "bool",
"allowedHeaders": [ "string" ],
"allowedMethods": [ "string" ],
"allowedOrigins": [ "string" ],
"exposeHeaders": [ "string" ],
"maxAge": "int"
},
"customDomains": [
{
"bindingType": "string",
"certificateId": "string",
"name": "string"
}
],
"exposedPort": "int",
"external": "bool",
"ipSecurityRestrictions": [
{
"action": "string",
"description": "string",
"ipAddressRange": "string",
"name": "string"
}
],
"stickySessions": {
"affinity": "string"
},
"targetPort": "int",
"targetPortHttpScheme": "string",
"traffic": [
{
"label": "string",
"latestRevision": "bool",
"revisionName": "string",
"weight": "int"
}
],
"transport": "string"
},
"maxInactiveRevisions": "int",
"registries": [
{
"identity": "string",
"passwordSecretRef": "string",
"server": "string",
"username": "string"
}
],
"runtime": {
"dotnet": {
"autoConfigureDataProtection": "bool"
},
"java": {
"enableMetrics": "bool",
"javaAgent": {
"enabled": "bool",
"logging": {
"loggerSettings": [
{
"level": "string",
"logger": "string"
}
]
}
}
}
},
"secrets": [
{
"identity": "string",
"keyVaultUrl": "string",
"name": "string",
"value": "string"
}
],
"service": {
"type": "string"
}
},
"environmentId": "string",
"managedEnvironmentId": "string",
"patchingConfiguration": {
"patchingMode": "string"
},
"template": {
"containers": [
{
"args": [ "string" ],
"command": [ "string" ],
"env": [
{
"name": "string",
"secretRef": "string",
"value": "string"
}
],
"image": "string",
"imageType": "string",
"name": "string",
"probes": [
{
"failureThreshold": "int",
"httpGet": {
"host": "string",
"httpHeaders": [
{
"name": "string",
"value": "string"
}
],
"path": "string",
"port": "int",
"scheme": "string"
},
"initialDelaySeconds": "int",
"periodSeconds": "int",
"successThreshold": "int",
"tcpSocket": {
"host": "string",
"port": "int"
},
"terminationGracePeriodSeconds": "int",
"timeoutSeconds": "int",
"type": "string"
}
],
"resources": {
"cpu": "int",
"memory": "string"
},
"volumeMounts": [
{
"mountPath": "string",
"subPath": "string",
"volumeName": "string"
}
]
}
],
"initContainers": [
{
"args": [ "string" ],
"command": [ "string" ],
"env": [
{
"name": "string",
"secretRef": "string",
"value": "string"
}
],
"image": "string",
"imageType": "string",
"name": "string",
"resources": {
"cpu": "int",
"memory": "string"
},
"volumeMounts": [
{
"mountPath": "string",
"subPath": "string",
"volumeName": "string"
}
]
}
],
"revisionSuffix": "string",
"scale": {
"cooldownPeriod": "int",
"maxReplicas": "int",
"minReplicas": "int",
"pollingInterval": "int",
"rules": [
{
"azureQueue": {
"accountName": "string",
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"identity": "string",
"queueLength": "int",
"queueName": "string"
},
"custom": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"identity": "string",
"metadata": {
"{customized property}": "string"
},
"type": "string"
},
"http": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"identity": "string",
"metadata": {
"{customized property}": "string"
}
},
"name": "string",
"tcp": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"identity": "string",
"metadata": {
"{customized property}": "string"
}
}
}
]
},
"serviceBinds": [
{
"clientType": "string",
"customizedKeys": {
"{customized property}": "string"
},
"name": "string",
"serviceId": "string"
}
],
"terminationGracePeriodSeconds": "int",
"volumes": [
{
"mountOptions": "string",
"name": "string",
"secrets": [
{
"path": "string",
"secretRef": "string"
}
],
"storageName": "string",
"storageType": "string"
}
]
},
"workloadProfileName": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
Configuration
Name | Description | Value |
---|---|---|
activeRevisionsMode | ActiveRevisionsMode controls how active revisions are handled for the Container app: <list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list> |
'Multiple' 'Single' |
dapr | Dapr configuration for the Container App. | Dapr |
identitySettings | Optional settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used. | IdentitySettings[] |
ingress | Ingress configurations. | Ingress |
maxInactiveRevisions | Optional. Max inactive revisions a Container App can have. | int |
registries | Collection of private container registry credentials for containers used by the Container app | RegistryCredentials[] |
runtime | App runtime configuration for the Container App. | Runtime |
secrets | Collection of secrets used by a Container app | Secret[] |
service | Container App to be a dev Container App Service | Service |
Container
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
probes | List of probes for the container. | ContainerAppProbe[] |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
ContainerAppProbe
Name | Description | Value |
---|---|---|
failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. | int |
httpGet | HTTPGet specifies the http request to perform. | ContainerAppProbeHttpGet |
initialDelaySeconds | Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. | int |
periodSeconds | How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. | int |
successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. | int |
tcpSocket | TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. | ContainerAppProbeTcpSocket |
terminationGracePeriodSeconds | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) | int |
timeoutSeconds | Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. | int |
type | The type of probe. | 'Liveness' 'Readiness' 'Startup' |
ContainerAppProbeHttpGet
Name | Description | Value |
---|---|---|
host | Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. | string |
httpHeaders | Custom headers to set in the request. HTTP allows repeated headers. | ContainerAppProbeHttpGetHttpHeadersItem[] |
path | Path to access on the HTTP server. | string |
port | Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
scheme | Scheme to use for connecting to the host. Defaults to HTTP. | 'HTTP' 'HTTPS' |
ContainerAppProbeHttpGetHttpHeadersItem
Name | Description | Value |
---|---|---|
name | The header field name | string (required) |
value | The header field value | string (required) |
ContainerAppProbeTcpSocket
Name | Description | Value |
---|---|---|
host | Optional: Host name to connect to, defaults to the pod IP. | string |
port | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
ContainerAppProperties
Name | Description | Value |
---|---|---|
configuration | Non versioned Container App configuration properties. | Configuration |
environmentId | Resource ID of environment. | string |
managedEnvironmentId | Deprecated. Resource ID of the Container App's environment. | string |
patchingConfiguration | Container App auto patch configuration. | ContainerAppPropertiesPatchingConfiguration |
template | Container App versioned application definition. | Template |
workloadProfileName | Workload profile name to pin for container app execution. | string |
ContainerAppPropertiesPatchingConfiguration
Name | Description | Value |
---|---|---|
patchingMode | Patching mode for the container app. Null or default in this field will be interpreted as Automatic by RP. Automatic mode will automatically apply available patches. Manual mode will require the user to manually apply patches. Disabled mode will stop patch detection and auto patching. | 'Automatic' 'Disabled' 'Manual' |
ContainerResources
Name | Description | Value |
---|---|---|
cpu | Required CPU in cores, e.g. 0.5 | int |
memory | Required memory, e.g. "250Mb" | string |
CorsPolicy
Name | Description | Value |
---|---|---|
allowCredentials | Specifies whether the resource allows credentials | bool |
allowedHeaders | Specifies the content for the access-control-allow-headers header | string[] |
allowedMethods | Specifies the content for the access-control-allow-methods header | string[] |
allowedOrigins | Specifies the content for the access-control-allow-origins header | string[] (required) |
exposeHeaders | Specifies the content for the access-control-expose-headers header | string[] |
maxAge | Specifies the content for the access-control-max-age header | int |
CustomDomain
Name | Description | Value |
---|---|---|
bindingType | Custom Domain binding type. | 'Disabled' 'SniEnabled' |
certificateId | Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. | string |
name | Hostname. | string (required) |
CustomScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe custom scale rule. | CustomScaleRuleMetadata |
type | Type of the custom scale rule eg: azure-servicebus, redis etc. |
string |
CustomScaleRuleMetadata
Name | Description | Value |
---|
Dapr
Name | Description | Value |
---|---|---|
appId | Dapr application identifier | string |
appPort | Tells Dapr which port your application is listening on | int |
appProtocol | Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http | 'grpc' 'http' |
enableApiLogging | Enables API logging for the Dapr sidecar | bool |
enabled | Boolean indicating if the Dapr side car is enabled | bool |
httpMaxRequestSize | Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
EnvironmentVar
Name | Description | Value |
---|---|---|
name | Environment variable name. | string |
secretRef | Name of the Container App secret from which to pull the environment variable value. | string |
value | Non-secret environment variable value. | string |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'CustomLocation' |
HttpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe http scale rule. | HttpScaleRuleMetadata |
HttpScaleRuleMetadata
Name | Description | Value |
---|
IdentitySettings
Name | Description | Value |
---|---|---|
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string (required) |
lifecycle | Use to select the lifecycle stages of a Container App during which the Managed Identity should be available. | 'All' 'Init' 'Main' 'None' |
Ingress
Name | Description | Value |
---|---|---|
additionalPortMappings | Settings to expose additional ports on container app | IngressPortMapping[] |
allowInsecure | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections | bool |
clientCertificateMode | Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. | 'accept' 'ignore' 'require' |
corsPolicy | CORS policy for container app | CorsPolicy |
customDomains | custom domain bindings for Container Apps' hostnames. | CustomDomain[] |
exposedPort | Exposed Port in containers for TCP traffic from ingress | int |
external | Bool indicating if app exposes an external http endpoint | bool |
ipSecurityRestrictions | Rules to restrict incoming IP address. | IpSecurityRestrictionRule[] |
stickySessions | Sticky Sessions for Single Revision Mode | IngressStickySessions |
targetPort | Target Port in containers for traffic from ingress | int |
targetPortHttpScheme | Whether an http app listens on http or https | 'http' 'https' |
traffic | Traffic weights for app's revisions | TrafficWeight[] |
transport | Ingress transport protocol | 'auto' 'http' 'http2' 'tcp' |
IngressPortMapping
Name | Description | Value |
---|---|---|
exposedPort | Specifies the exposed port for the target port. If not specified, it defaults to target port | int |
external | Specifies whether the app port is accessible outside of the environment | bool (required) |
targetPort | Specifies the port user's container listens on | int (required) |
IngressStickySessions
Name | Description | Value |
---|---|---|
affinity | Sticky Session Affinity | 'none' 'sticky' |
InitContainer
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
IpSecurityRestrictionRule
Name | Description | Value |
---|---|---|
action | Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny | 'Allow' 'Deny' (required) |
description | Describe the IP restriction rule that is being sent to the container-app. This is an optional field. | string |
ipAddressRange | CIDR notation to match incoming IP address | string (required) |
name | Name for the IP restriction rule. | string (required) |
LoggerSetting
Name | Description | Value |
---|---|---|
level | The specified logger's log level. | 'debug' 'error' 'info' 'off' 'trace' 'warn' (required) |
logger | Logger name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.App/containerApps
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-08-02-preview' |
extendedLocation | The complex type of the extended location. | ExtendedLocation |
identity | managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. | ManagedServiceIdentity |
kind | Metadata used to render different experiences for resources of the same type; e.g. WorkflowApp is a kind of Microsoft.App/ContainerApps type. If supported, the resource provider must validate and persist this value. | 'workflowapp' |
location | The geo-location where the resource lives | string (required) |
managedBy | The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. | string |
name | The resource name | string (required) |
properties | ContainerApp resource specific properties | ContainerAppProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.App/containerApps' |
QueueScaleRule
Name | Description | Value |
---|---|---|
accountName | Storage account name. required if using managed identity to authenticate | string |
auth | Authentication secrets for the queue scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
queueLength | Queue length. | int |
queueName | Queue name. | string |
RegistryCredentials
Name | Description | Value |
---|---|---|
identity | A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' | string |
passwordSecretRef | The name of the Secret that contains the registry login password | string |
server | Container Registry Server | string |
username | Container Registry Username | string |
Runtime
Name | Description | Value |
---|---|---|
dotnet | .NET app configuration | RuntimeDotnet |
java | Java app configuration | RuntimeJava |
RuntimeDotnet
Name | Description | Value |
---|---|---|
autoConfigureDataProtection | Auto configure the ASP.NET Core Data Protection feature | bool |
RuntimeJava
Name | Description | Value |
---|---|---|
enableMetrics | Enable jmx core metrics for the java app | bool |
javaAgent | Diagnostic capabilities achieved by java agent | RuntimeJavaAgent |
RuntimeJavaAgent
Name | Description | Value |
---|---|---|
enabled | Enable java agent injection for the java app. | bool |
logging | Capabilities on the java logging scenario. | RuntimeJavaAgentLogging |
RuntimeJavaAgentLogging
Name | Description | Value |
---|---|---|
loggerSettings | Settings of the logger for the java app. | LoggerSetting[] |
Scale
Name | Description | Value |
---|---|---|
cooldownPeriod | Optional. KEDA Cooldown Period. Defaults to 300 seconds if not set. | int |
maxReplicas | Optional. Maximum number of container replicas. Defaults to 10 if not set. | int |
minReplicas | Optional. Minimum number of container replicas. | int |
pollingInterval | Optional. KEDA Polling Interval. Defaults to 30 seconds if not set. | int |
rules | Scaling rules. | ScaleRule[] |
ScaleRule
Name | Description | Value |
---|---|---|
azureQueue | Azure Queue based scaling. | QueueScaleRule |
custom | Custom scale rule. | CustomScaleRule |
http | HTTP requests based scaling. | HttpScaleRule |
name | Scale Rule Name | string |
tcp | Tcp requests based scaling. | TcpScaleRule |
ScaleRuleAuth
Name | Description | Value |
---|---|---|
secretRef | Name of the secret from which to pull the auth params. | string |
triggerParameter | Trigger Parameter that uses the secret | string |
Secret
Name | Description | Value |
---|---|---|
identity | Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. | string |
keyVaultUrl | Azure Key Vault URL pointing to the secret referenced by the container app. | string |
name | Secret Name. | string |
value | Secret Value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
SecretVolumeItem
Name | Description | Value |
---|---|---|
path | Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. | string |
secretRef | Name of the Container App secret from which to pull the secret value. | string |
Service
Name | Description | Value |
---|---|---|
type | Dev ContainerApp service type | string (required) |
ServiceBind
Name | Description | Value |
---|---|---|
clientType | Type of the client to be used to connect to the service | string |
customizedKeys | Customized keys for customizing injected values to the app | ServiceBindCustomizedKeys |
name | Name of the service bind | string |
serviceId | Resource id of the target service | string |
ServiceBindCustomizedKeys
Name | Description | Value |
---|
TcpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the tcp scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe tcp scale rule. | TcpScaleRuleMetadata |
TcpScaleRuleMetadata
Name | Description | Value |
---|
Template
Name | Description | Value |
---|---|---|
containers | List of container definitions for the Container App. | Container[] |
initContainers | List of specialized containers that run before app containers. | InitContainer[] |
revisionSuffix | User friendly suffix that is appended to the revision name | string |
scale | Scaling properties for the Container App. | Scale |
serviceBinds | List of container app services bound to the app | ServiceBind[] |
terminationGracePeriodSeconds | Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. | int |
volumes | List of volume definitions for the Container App. | Volume[] |
TrackedResourceTags
Name | Description | Value |
---|
TrafficWeight
Name | Description | Value |
---|---|---|
label | Associates a traffic label with a revision | string |
latestRevision | Indicates that the traffic weight belongs to a latest stable revision | bool |
revisionName | Name of a revision | string |
weight | Traffic weight assigned to a revision | int |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Volume
Name | Description | Value |
---|---|---|
mountOptions | Mount options used while mounting the Azure file share or NFS Azure file share. Must be a comma-separated string. | string |
name | Volume name. | string |
secrets | List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. | SecretVolumeItem[] |
storageName | Name of storage resource. No need to provide for EmptyDir and Secret. | string |
storageType | Storage type for the volume. If not provided, use EmptyDir. | 'AzureFile' 'EmptyDir' 'NfsAzureFile' 'Secret' 'Smb' |
VolumeMount
Name | Description | Value |
---|---|---|
mountPath | Path within the container at which the volume should be mounted.Must not contain ':'. | string |
subPath | Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). | string |
volumeName | This must match the Name of a Volume. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Container App with a defined HTTP scaling rule |
Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
Creates a Container App within a Container App Environment |
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr microservices app using Container Apps |
Create a Dapr microservices app using Container Apps. |
Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
Creates a two Container App with a Container App Environment |
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
Creates an external Container App environment with a VNET |
Creates an external Container App environment with a VNET. |
Creates an internal Container App environment with a VNET |
Creates an internal Container App environment with a VNET. |
Terraform (AzAPI provider) resource definition
The containerApps resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/containerApps resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.App/containerApps@2024-08-02-preview"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
kind = "string"
location = "string"
managedBy = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
extendedLocation = {
name = "string"
type = "string"
}
properties = {
configuration = {
activeRevisionsMode = "string"
dapr = {
appId = "string"
appPort = int
appProtocol = "string"
enableApiLogging = bool
enabled = bool
httpMaxRequestSize = int
httpReadBufferSize = int
logLevel = "string"
}
identitySettings = [
{
identity = "string"
lifecycle = "string"
}
]
ingress = {
additionalPortMappings = [
{
exposedPort = int
external = bool
targetPort = int
}
]
allowInsecure = bool
clientCertificateMode = "string"
corsPolicy = {
allowCredentials = bool
allowedHeaders = [
"string"
]
allowedMethods = [
"string"
]
allowedOrigins = [
"string"
]
exposeHeaders = [
"string"
]
maxAge = int
}
customDomains = [
{
bindingType = "string"
certificateId = "string"
name = "string"
}
]
exposedPort = int
external = bool
ipSecurityRestrictions = [
{
action = "string"
description = "string"
ipAddressRange = "string"
name = "string"
}
]
stickySessions = {
affinity = "string"
}
targetPort = int
targetPortHttpScheme = "string"
traffic = [
{
label = "string"
latestRevision = bool
revisionName = "string"
weight = int
}
]
transport = "string"
}
maxInactiveRevisions = int
registries = [
{
identity = "string"
passwordSecretRef = "string"
server = "string"
username = "string"
}
]
runtime = {
dotnet = {
autoConfigureDataProtection = bool
}
java = {
enableMetrics = bool
javaAgent = {
enabled = bool
logging = {
loggerSettings = [
{
level = "string"
logger = "string"
}
]
}
}
}
}
secrets = [
{
identity = "string"
keyVaultUrl = "string"
name = "string"
value = "string"
}
]
service = {
type = "string"
}
}
environmentId = "string"
managedEnvironmentId = "string"
patchingConfiguration = {
patchingMode = "string"
}
template = {
containers = [
{
args = [
"string"
]
command = [
"string"
]
env = [
{
name = "string"
secretRef = "string"
value = "string"
}
]
image = "string"
imageType = "string"
name = "string"
probes = [
{
failureThreshold = int
httpGet = {
host = "string"
httpHeaders = [
{
name = "string"
value = "string"
}
]
path = "string"
port = int
scheme = "string"
}
initialDelaySeconds = int
periodSeconds = int
successThreshold = int
tcpSocket = {
host = "string"
port = int
}
terminationGracePeriodSeconds = int
timeoutSeconds = int
type = "string"
}
]
resources = {
cpu = int
memory = "string"
}
volumeMounts = [
{
mountPath = "string"
subPath = "string"
volumeName = "string"
}
]
}
]
initContainers = [
{
args = [
"string"
]
command = [
"string"
]
env = [
{
name = "string"
secretRef = "string"
value = "string"
}
]
image = "string"
imageType = "string"
name = "string"
resources = {
cpu = int
memory = "string"
}
volumeMounts = [
{
mountPath = "string"
subPath = "string"
volumeName = "string"
}
]
}
]
revisionSuffix = "string"
scale = {
cooldownPeriod = int
maxReplicas = int
minReplicas = int
pollingInterval = int
rules = [
{
azureQueue = {
accountName = "string"
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
identity = "string"
queueLength = int
queueName = "string"
}
custom = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
identity = "string"
metadata = {
{customized property} = "string"
}
type = "string"
}
http = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
identity = "string"
metadata = {
{customized property} = "string"
}
}
name = "string"
tcp = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
identity = "string"
metadata = {
{customized property} = "string"
}
}
}
]
}
serviceBinds = [
{
clientType = "string"
customizedKeys = {
{customized property} = "string"
}
name = "string"
serviceId = "string"
}
]
terminationGracePeriodSeconds = int
volumes = [
{
mountOptions = "string"
name = "string"
secrets = [
{
path = "string"
secretRef = "string"
}
]
storageName = "string"
storageType = "string"
}
]
}
workloadProfileName = "string"
}
})
}
Property values
Configuration
Name | Description | Value |
---|---|---|
activeRevisionsMode | ActiveRevisionsMode controls how active revisions are handled for the Container app: <list><item>Multiple: multiple revisions can be active.</item><item>Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.</item></list> |
'Multiple' 'Single' |
dapr | Dapr configuration for the Container App. | Dapr |
identitySettings | Optional settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used. | IdentitySettings[] |
ingress | Ingress configurations. | Ingress |
maxInactiveRevisions | Optional. Max inactive revisions a Container App can have. | int |
registries | Collection of private container registry credentials for containers used by the Container app | RegistryCredentials[] |
runtime | App runtime configuration for the Container App. | Runtime |
secrets | Collection of secrets used by a Container app | Secret[] |
service | Container App to be a dev Container App Service | Service |
Container
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
probes | List of probes for the container. | ContainerAppProbe[] |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
ContainerAppProbe
Name | Description | Value |
---|---|---|
failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. | int |
httpGet | HTTPGet specifies the http request to perform. | ContainerAppProbeHttpGet |
initialDelaySeconds | Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. | int |
periodSeconds | How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. | int |
successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. | int |
tcpSocket | TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. | ContainerAppProbeTcpSocket |
terminationGracePeriodSeconds | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) | int |
timeoutSeconds | Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. | int |
type | The type of probe. | 'Liveness' 'Readiness' 'Startup' |
ContainerAppProbeHttpGet
Name | Description | Value |
---|---|---|
host | Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. | string |
httpHeaders | Custom headers to set in the request. HTTP allows repeated headers. | ContainerAppProbeHttpGetHttpHeadersItem[] |
path | Path to access on the HTTP server. | string |
port | Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
scheme | Scheme to use for connecting to the host. Defaults to HTTP. | 'HTTP' 'HTTPS' |
ContainerAppProbeHttpGetHttpHeadersItem
Name | Description | Value |
---|---|---|
name | The header field name | string (required) |
value | The header field value | string (required) |
ContainerAppProbeTcpSocket
Name | Description | Value |
---|---|---|
host | Optional: Host name to connect to, defaults to the pod IP. | string |
port | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. | int (required) |
ContainerAppProperties
Name | Description | Value |
---|---|---|
configuration | Non versioned Container App configuration properties. | Configuration |
environmentId | Resource ID of environment. | string |
managedEnvironmentId | Deprecated. Resource ID of the Container App's environment. | string |
patchingConfiguration | Container App auto patch configuration. | ContainerAppPropertiesPatchingConfiguration |
template | Container App versioned application definition. | Template |
workloadProfileName | Workload profile name to pin for container app execution. | string |
ContainerAppPropertiesPatchingConfiguration
Name | Description | Value |
---|---|---|
patchingMode | Patching mode for the container app. Null or default in this field will be interpreted as Automatic by RP. Automatic mode will automatically apply available patches. Manual mode will require the user to manually apply patches. Disabled mode will stop patch detection and auto patching. | 'Automatic' 'Disabled' 'Manual' |
ContainerResources
Name | Description | Value |
---|---|---|
cpu | Required CPU in cores, e.g. 0.5 | int |
memory | Required memory, e.g. "250Mb" | string |
CorsPolicy
Name | Description | Value |
---|---|---|
allowCredentials | Specifies whether the resource allows credentials | bool |
allowedHeaders | Specifies the content for the access-control-allow-headers header | string[] |
allowedMethods | Specifies the content for the access-control-allow-methods header | string[] |
allowedOrigins | Specifies the content for the access-control-allow-origins header | string[] (required) |
exposeHeaders | Specifies the content for the access-control-expose-headers header | string[] |
maxAge | Specifies the content for the access-control-max-age header | int |
CustomDomain
Name | Description | Value |
---|---|---|
bindingType | Custom Domain binding type. | 'Disabled' 'SniEnabled' |
certificateId | Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. | string |
name | Hostname. | string (required) |
CustomScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe custom scale rule. | CustomScaleRuleMetadata |
type | Type of the custom scale rule eg: azure-servicebus, redis etc. |
string |
CustomScaleRuleMetadata
Name | Description | Value |
---|
Dapr
Name | Description | Value |
---|---|---|
appId | Dapr application identifier | string |
appPort | Tells Dapr which port your application is listening on | int |
appProtocol | Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http | 'grpc' 'http' |
enableApiLogging | Enables API logging for the Dapr sidecar | bool |
enabled | Boolean indicating if the Dapr side car is enabled | bool |
httpMaxRequestSize | Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
EnvironmentVar
Name | Description | Value |
---|---|---|
name | Environment variable name. | string |
secretRef | Name of the Container App secret from which to pull the environment variable value. | string |
value | Non-secret environment variable value. | string |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'CustomLocation' |
HttpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the custom scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe http scale rule. | HttpScaleRuleMetadata |
HttpScaleRuleMetadata
Name | Description | Value |
---|
IdentitySettings
Name | Description | Value |
---|---|---|
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string (required) |
lifecycle | Use to select the lifecycle stages of a Container App during which the Managed Identity should be available. | 'All' 'Init' 'Main' 'None' |
Ingress
Name | Description | Value |
---|---|---|
additionalPortMappings | Settings to expose additional ports on container app | IngressPortMapping[] |
allowInsecure | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections | bool |
clientCertificateMode | Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. | 'accept' 'ignore' 'require' |
corsPolicy | CORS policy for container app | CorsPolicy |
customDomains | custom domain bindings for Container Apps' hostnames. | CustomDomain[] |
exposedPort | Exposed Port in containers for TCP traffic from ingress | int |
external | Bool indicating if app exposes an external http endpoint | bool |
ipSecurityRestrictions | Rules to restrict incoming IP address. | IpSecurityRestrictionRule[] |
stickySessions | Sticky Sessions for Single Revision Mode | IngressStickySessions |
targetPort | Target Port in containers for traffic from ingress | int |
targetPortHttpScheme | Whether an http app listens on http or https | 'http' 'https' |
traffic | Traffic weights for app's revisions | TrafficWeight[] |
transport | Ingress transport protocol | 'auto' 'http' 'http2' 'tcp' |
IngressPortMapping
Name | Description | Value |
---|---|---|
exposedPort | Specifies the exposed port for the target port. If not specified, it defaults to target port | int |
external | Specifies whether the app port is accessible outside of the environment | bool (required) |
targetPort | Specifies the port user's container listens on | int (required) |
IngressStickySessions
Name | Description | Value |
---|---|---|
affinity | Sticky Session Affinity | 'none' 'sticky' |
InitContainer
Name | Description | Value |
---|---|---|
args | Container start command arguments. | string[] |
command | Container start command. | string[] |
env | Container environment variables. | EnvironmentVar[] |
image | Container image tag. | string |
imageType | The type of the image. Set to CloudBuild to let the system manages the image, where user will not be able to update image through image field. Set to ContainerImage for user provided image. | 'CloudBuild' 'ContainerImage' |
name | Custom container name. | string |
resources | Container resource requirements. | ContainerResources |
volumeMounts | Container volume mounts. | VolumeMount[] |
IpSecurityRestrictionRule
Name | Description | Value |
---|---|---|
action | Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny | 'Allow' 'Deny' (required) |
description | Describe the IP restriction rule that is being sent to the container-app. This is an optional field. | string |
ipAddressRange | CIDR notation to match incoming IP address | string (required) |
name | Name for the IP restriction rule. | string (required) |
LoggerSetting
Name | Description | Value |
---|---|---|
level | The specified logger's log level. | 'debug' 'error' 'info' 'off' 'trace' 'warn' (required) |
logger | Logger name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.App/containerApps
Name | Description | Value |
---|---|---|
extendedLocation | The complex type of the extended location. | ExtendedLocation |
identity | managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. | ManagedServiceIdentity |
kind | Metadata used to render different experiences for resources of the same type; e.g. WorkflowApp is a kind of Microsoft.App/ContainerApps type. If supported, the resource provider must validate and persist this value. | 'workflowapp' |
location | The geo-location where the resource lives | string (required) |
managedBy | The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. | string |
name | The resource name | string (required) |
properties | ContainerApp resource specific properties | ContainerAppProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.App/containerApps@2024-08-02-preview" |
QueueScaleRule
Name | Description | Value |
---|---|---|
accountName | Storage account name. required if using managed identity to authenticate | string |
auth | Authentication secrets for the queue scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
queueLength | Queue length. | int |
queueName | Queue name. | string |
RegistryCredentials
Name | Description | Value |
---|---|---|
identity | A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' | string |
passwordSecretRef | The name of the Secret that contains the registry login password | string |
server | Container Registry Server | string |
username | Container Registry Username | string |
Runtime
Name | Description | Value |
---|---|---|
dotnet | .NET app configuration | RuntimeDotnet |
java | Java app configuration | RuntimeJava |
RuntimeDotnet
Name | Description | Value |
---|---|---|
autoConfigureDataProtection | Auto configure the ASP.NET Core Data Protection feature | bool |
RuntimeJava
Name | Description | Value |
---|---|---|
enableMetrics | Enable jmx core metrics for the java app | bool |
javaAgent | Diagnostic capabilities achieved by java agent | RuntimeJavaAgent |
RuntimeJavaAgent
Name | Description | Value |
---|---|---|
enabled | Enable java agent injection for the java app. | bool |
logging | Capabilities on the java logging scenario. | RuntimeJavaAgentLogging |
RuntimeJavaAgentLogging
Name | Description | Value |
---|---|---|
loggerSettings | Settings of the logger for the java app. | LoggerSetting[] |
Scale
Name | Description | Value |
---|---|---|
cooldownPeriod | Optional. KEDA Cooldown Period. Defaults to 300 seconds if not set. | int |
maxReplicas | Optional. Maximum number of container replicas. Defaults to 10 if not set. | int |
minReplicas | Optional. Minimum number of container replicas. | int |
pollingInterval | Optional. KEDA Polling Interval. Defaults to 30 seconds if not set. | int |
rules | Scaling rules. | ScaleRule[] |
ScaleRule
Name | Description | Value |
---|---|---|
azureQueue | Azure Queue based scaling. | QueueScaleRule |
custom | Custom scale rule. | CustomScaleRule |
http | HTTP requests based scaling. | HttpScaleRule |
name | Scale Rule Name | string |
tcp | Tcp requests based scaling. | TcpScaleRule |
ScaleRuleAuth
Name | Description | Value |
---|---|---|
secretRef | Name of the secret from which to pull the auth params. | string |
triggerParameter | Trigger Parameter that uses the secret | string |
Secret
Name | Description | Value |
---|---|---|
identity | Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. | string |
keyVaultUrl | Azure Key Vault URL pointing to the secret referenced by the container app. | string |
name | Secret Name. | string |
value | Secret Value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
SecretVolumeItem
Name | Description | Value |
---|---|---|
path | Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. | string |
secretRef | Name of the Container App secret from which to pull the secret value. | string |
Service
Name | Description | Value |
---|---|---|
type | Dev ContainerApp service type | string (required) |
ServiceBind
Name | Description | Value |
---|---|---|
clientType | Type of the client to be used to connect to the service | string |
customizedKeys | Customized keys for customizing injected values to the app | ServiceBindCustomizedKeys |
name | Name of the service bind | string |
serviceId | Resource id of the target service | string |
ServiceBindCustomizedKeys
Name | Description | Value |
---|
TcpScaleRule
Name | Description | Value |
---|---|---|
auth | Authentication secrets for the tcp scale rule. | ScaleRuleAuth[] |
identity | The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. | string |
metadata | Metadata properties to describe tcp scale rule. | TcpScaleRuleMetadata |
TcpScaleRuleMetadata
Name | Description | Value |
---|
Template
Name | Description | Value |
---|---|---|
containers | List of container definitions for the Container App. | Container[] |
initContainers | List of specialized containers that run before app containers. | InitContainer[] |
revisionSuffix | User friendly suffix that is appended to the revision name | string |
scale | Scaling properties for the Container App. | Scale |
serviceBinds | List of container app services bound to the app | ServiceBind[] |
terminationGracePeriodSeconds | Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. | int |
volumes | List of volume definitions for the Container App. | Volume[] |
TrackedResourceTags
Name | Description | Value |
---|
TrafficWeight
Name | Description | Value |
---|---|---|
label | Associates a traffic label with a revision | string |
latestRevision | Indicates that the traffic weight belongs to a latest stable revision | bool |
revisionName | Name of a revision | string |
weight | Traffic weight assigned to a revision | int |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Volume
Name | Description | Value |
---|---|---|
mountOptions | Mount options used while mounting the Azure file share or NFS Azure file share. Must be a comma-separated string. | string |
name | Volume name. | string |
secrets | List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. | SecretVolumeItem[] |
storageName | Name of storage resource. No need to provide for EmptyDir and Secret. | string |
storageType | Storage type for the volume. If not provided, use EmptyDir. | 'AzureFile' 'EmptyDir' 'NfsAzureFile' 'Secret' 'Smb' |
VolumeMount
Name | Description | Value |
---|---|---|
mountPath | Path within the container at which the volume should be mounted.Must not contain ':'. | string |
subPath | Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). | string |
volumeName | This must match the Name of a Volume. | string |