Microsoft.ContainerRegistry registries 2020-11-01-preview

Template format

To create a Microsoft.ContainerRegistry/registries resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.ContainerRegistry/registries",
  "apiVersion": "2020-11-01-preview",
  "location": "string",
  "tags": {},
  "sku": {
    "name": "string"
  },
  "identity": {
    "principalId": "string",
    "tenantId": "string",
    "type": "string",
    "userAssignedIdentities": {}
  },
  "properties": {
    "adminUserEnabled": "boolean",
    "networkRuleSet": {
      "defaultAction": "string",
      "virtualNetworkRules": [
        {
          "action": "Allow",
          "id": "string"
        }
      ],
      "ipRules": [
        {
          "action": "Allow",
          "value": "string"
        }
      ]
    },
    "policies": {
      "quarantinePolicy": {
        "status": "string"
      },
      "trustPolicy": {
        "type": "Notary",
        "status": "string"
      },
      "retentionPolicy": {
        "days": "integer",
        "status": "string"
      }
    },
    "encryption": {
      "status": "string",
      "keyVaultProperties": {
        "keyIdentifier": "string",
        "identity": "string"
      }
    },
    "dataEndpointEnabled": "boolean",
    "publicNetworkAccess": "string",
    "networkRuleBypassOptions": "string",
    "zoneRedundancy": "string",
    "anonymousPullEnabled": "boolean"
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ContainerRegistry/registries object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The name of the container registry.
type enum Yes For JSON - Microsoft.ContainerRegistry/registries
apiVersion enum Yes For JSON - 2020-11-01-preview
location string Yes The location of the resource. This cannot be changed after the resource is created.
tags object No The tags of the resource.
sku object Yes The SKU of the container registry. - Sku object
identity object No The identity of the container registry. - IdentityProperties object
properties object Yes The properties of the container registry. - RegistryProperties object
resources array No webhooks tokens scopeMaps replications privateEndpointConnections pipelineRuns importPipelines exportPipelines connectedRegistries

Sku object

Name Type Required Value
name enum Yes The SKU name of the container registry. Required for registry creation. - Classic, Basic, Standard, Premium

IdentityProperties object

Name Type Required Value
principalId string No The principal ID of resource identity.
tenantId string No The tenant ID of resource.
type enum No The identity type. - SystemAssigned, UserAssigned, SystemAssigned, UserAssigned, None
userAssignedIdentities object No The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.

RegistryProperties object

Name Type Required Value
adminUserEnabled boolean No The value that indicates whether the admin user is enabled.
networkRuleSet object No The network rule set for a container registry. - NetworkRuleSet object
policies object No The policies for a container registry. - Policies object
encryption object No The encryption settings of container registry. - EncryptionProperty object
dataEndpointEnabled boolean No Enable a single data endpoint per region for serving data.
publicNetworkAccess enum No Whether or not public network access is allowed for the container registry. - Enabled or Disabled
networkRuleBypassOptions enum No Whether to allow trusted Azure services to access a network restricted registry. - AzureServices or None
zoneRedundancy enum No Whether or not zone redundancy is enabled for this container registry. - Enabled or Disabled
anonymousPullEnabled boolean No Enables registry-wide pull from unauthenticated clients.

NetworkRuleSet object

Name Type Required Value
defaultAction enum Yes The default action of allow or deny when no other rules match. - Allow or Deny
virtualNetworkRules array No The virtual network rules. - VirtualNetworkRule object
ipRules array No The IP ACL rules. - IPRule object

Policies object

Name Type Required Value
quarantinePolicy object No The quarantine policy for a container registry. - QuarantinePolicy object
trustPolicy object No The content trust policy for a container registry. - TrustPolicy object
retentionPolicy object No The retention policy for a container registry. - RetentionPolicy object

EncryptionProperty object

Name Type Required Value
status enum No Indicates whether or not the encryption is enabled for container registry. - enabled or disabled
keyVaultProperties object No Key vault properties. - KeyVaultProperties object

VirtualNetworkRule object

Name Type Required Value
action enum No The action of virtual network rule. - Allow
id string Yes Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.

IPRule object

Name Type Required Value
action enum No The action of IP ACL rule. - Allow
value string Yes Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

QuarantinePolicy object

Name Type Required Value
status enum No The value that indicates whether the policy is enabled or not. - enabled or disabled

TrustPolicy object

Name Type Required Value
type enum No The type of trust policy. - Notary
status enum No The value that indicates whether the policy is enabled or not. - enabled or disabled

RetentionPolicy object

Name Type Required Value
days integer No The number of days to retain an untagged manifest after which it gets purged.
status enum No The value that indicates whether the policy is enabled or not. - enabled or disabled

KeyVaultProperties object

Name Type Required Value
keyIdentifier string No Key vault uri to access the encryption key.
identity string No The client id of the identity which will be used to access key vault.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment.
Azure Container Registry Template

Deploy to Azure
A template for creating a new Azure Container Registry.
Azure Container Registry with Geo-replication Template

Deploy to Azure
A template for creating a new Azure Container Registry with geo-replication
Advanced template for Azure Machine Learning workspace

Deploy to Azure
A template that creates Azure Machine Learning workspace with private endpoints and resources behind VNET
Enable encryption at rest for Azure Machine Learning

Deploy to Azure
A template that creates a new Azure Machine Learning workspace. Optionally, you can enable encryption for data at rest in the workspace, and data stored by the workspace in Azure Cosmos DB.
Create an AKS compute target with a Private IP address.

Deploy to Azure
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault