Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Microsoft.ContainerInstance containerGroups 2022-10-01-preview
- Latest
- 2026-06-01-preview
- 2025-09-01
- 2024-11-01-preview
- 2024-10-01-preview
- 2024-09-01-preview
- 2024-05-01-preview
- 2023-05-01
- 2023-02-01-preview
- 2022-10-01-preview
- 2022-09-01
- 2021-10-01
- 2021-09-01
- 2021-07-01
- 2021-03-01
- 2020-11-01
- 2019-12-01
- 2018-10-01
- 2018-09-01
- 2018-06-01
- 2018-04-01
- 2018-02-01-preview
- 2017-12-01-preview
- 2017-10-01-preview
- 2017-08-01-preview
Bicep resource definition
The containerGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerInstance/containerGroups resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ContainerInstance/containerGroups@2022-10-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
confidentialComputeProperties: {
ccePolicy: 'string'
}
containers: [
{
name: 'string'
properties: {
command: [
'string'
]
environmentVariables: [
{
name: 'string'
secureValue: 'string'
value: 'string'
}
]
image: 'string'
livenessProbe: {
exec: {
command: [
'string'
]
}
failureThreshold: int
httpGet: {
httpHeaders: [
{
name: 'string'
value: 'string'
}
]
path: 'string'
port: int
scheme: 'string'
}
initialDelaySeconds: int
periodSeconds: int
successThreshold: int
timeoutSeconds: int
}
ports: [
{
port: int
protocol: 'string'
}
]
readinessProbe: {
exec: {
command: [
'string'
]
}
failureThreshold: int
httpGet: {
httpHeaders: [
{
name: 'string'
value: 'string'
}
]
path: 'string'
port: int
scheme: 'string'
}
initialDelaySeconds: int
periodSeconds: int
successThreshold: int
timeoutSeconds: int
}
resources: {
limits: {
cpu: int
gpu: {
count: int
sku: 'string'
}
memoryInGB: int
}
requests: {
cpu: int
gpu: {
count: int
sku: 'string'
}
memoryInGB: int
}
}
securityContext: {
allowPrivilegeEscalation: bool
capabilities: {
add: [
'string'
]
drop: [
'string'
]
}
privileged: bool
runAsGroup: int
runAsUser: int
seccompProfile: 'string'
}
volumeMounts: [
{
mountPath: 'string'
name: 'string'
readOnly: bool
}
]
}
}
]
diagnostics: {
logAnalytics: {
logType: 'string'
metadata: {
{customized property}: 'string'
}
workspaceId: 'string'
workspaceKey: 'string'
workspaceResourceId: 'string'
}
}
dnsConfig: {
nameServers: [
'string'
]
options: 'string'
searchDomains: 'string'
}
encryptionProperties: {
identity: 'string'
keyName: 'string'
keyVersion: 'string'
vaultBaseUrl: 'string'
}
extensions: [
{
name: 'string'
properties: {
extensionType: 'string'
protectedSettings: any(...)
settings: any(...)
version: 'string'
}
}
]
imageRegistryCredentials: [
{
identity: 'string'
identityUrl: 'string'
password: 'string'
server: 'string'
username: 'string'
}
]
initContainers: [
{
name: 'string'
properties: {
command: [
'string'
]
environmentVariables: [
{
name: 'string'
secureValue: 'string'
value: 'string'
}
]
image: 'string'
securityContext: {
allowPrivilegeEscalation: bool
capabilities: {
add: [
'string'
]
drop: [
'string'
]
}
privileged: bool
runAsGroup: int
runAsUser: int
seccompProfile: 'string'
}
volumeMounts: [
{
mountPath: 'string'
name: 'string'
readOnly: bool
}
]
}
}
]
ipAddress: {
autoGeneratedDomainNameLabelScope: 'string'
dnsNameLabel: 'string'
ip: 'string'
ports: [
{
port: int
protocol: 'string'
}
]
type: 'string'
}
osType: 'string'
priority: 'string'
restartPolicy: 'string'
sku: 'string'
subnetIds: [
{
id: 'string'
name: 'string'
}
]
volumes: [
{
azureFile: {
readOnly: bool
shareName: 'string'
storageAccountKey: 'string'
storageAccountName: 'string'
}
emptyDir: any(...)
gitRepo: {
directory: 'string'
repository: 'string'
revision: 'string'
}
name: 'string'
secret: {
{customized property}: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property Values
Microsoft.ContainerInstance/containerGroups
| Name | Description | Value |
|---|---|---|
| identity | The identity of the container group, if configured. | ContainerGroupIdentity |
| location | The resource location. | string |
| name | The resource name | string (required) |
| properties | The container group properties | ContainerGroupPropertiesProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| zones | The zones for the container group. | string[] |
AzureFileVolume
| Name | Description | Value |
|---|---|---|
| readOnly | The flag indicating whether the Azure File shared mounted as a volume is read-only. | bool |
| shareName | The name of the Azure File share to be mounted as a volume. | string (required) |
| storageAccountKey | The storage account access key used to access the Azure File share. | string |
| storageAccountName | The name of the storage account that contains the Azure File share. | string (required) |
ConfidentialComputeProperties
| Name | Description | Value |
|---|---|---|
| ccePolicy | The base64 encoded confidential compute enforcement policy | string |
Container
| Name | Description | Value |
|---|---|---|
| name | The user-provided name of the container instance. | string (required) |
| properties | The properties of the container instance. | ContainerProperties (required) |
ContainerExec
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container. | string[] |
ContainerGroupDiagnostics
| Name | Description | Value |
|---|---|---|
| logAnalytics | Container group log analytics information. | LogAnalytics |
ContainerGroupIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the container group. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the container group. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the container group. | ContainerGroupIdentityUserAssignedIdentities |
ContainerGroupIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ContainerGroupPropertiesProperties
| Name | Description | Value |
|---|---|---|
| confidentialComputeProperties | The properties for confidential container group | ConfidentialComputeProperties |
| containers | The containers within the container group. | Container[] (required) |
| diagnostics | The diagnostic information for a container group. | ContainerGroupDiagnostics |
| dnsConfig | The DNS config information for a container group. | DnsConfiguration |
| encryptionProperties | The encryption properties for a container group. | EncryptionProperties |
| extensions | extensions used by virtual kubelet | DeploymentExtensionSpec[] |
| imageRegistryCredentials | The image registry credentials by which the container group is created from. | ImageRegistryCredential[] |
| initContainers | The init containers for a container group. | InitContainerDefinition[] |
| ipAddress | The IP address type of the container group. | IpAddress |
| osType | The operating system type required by the containers in the container group. | 'Linux' 'Windows' (required) |
| priority | The priority of the container group. | 'Regular' 'Spot' |
| restartPolicy | Restart policy for all containers within the container group. - Always Always restart- OnFailure Restart on failure- Never Never restart |
'Always' 'Never' 'OnFailure' |
| sku | The SKU for a container group. | 'Confidential' 'Dedicated' 'Standard' |
| subnetIds | The subnet resource IDs for a container group. | ContainerGroupSubnetId[] |
| volumes | The list of volumes that can be mounted by containers in this container group. | Volume[] |
ContainerGroupSubnetId
| Name | Description | Value |
|---|---|---|
| id | Resource ID of virtual network and subnet. | string (required) |
| name | Friendly name for the subnet. | string |
ContainerHttpGet
| Name | Description | Value |
|---|---|---|
| httpHeaders | The HTTP headers. | HttpHeader[] |
| path | The path to probe. | string |
| port | The port number to probe. | int (required) |
| scheme | The scheme. | 'http' 'https' |
ContainerPort
| Name | Description | Value |
|---|---|---|
| port | The port number exposed within the container group. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ContainerProbe
| Name | Description | Value |
|---|---|---|
| exec | The execution command to probe | ContainerExec |
| failureThreshold | The failure threshold. | int |
| httpGet | The Http Get settings to probe | ContainerHttpGet |
| initialDelaySeconds | The initial delay seconds. | int |
| periodSeconds | The period seconds. | int |
| successThreshold | The success threshold. | int |
| timeoutSeconds | The timeout seconds. | int |
ContainerProperties
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container instance in exec form. | string[] |
| environmentVariables | The environment variables to set in the container instance. | EnvironmentVariable[] |
| image | The name of the image used to create the container instance. | string (required) |
| livenessProbe | The liveness probe. | ContainerProbe |
| ports | The exposed ports on the container instance. | ContainerPort[] |
| readinessProbe | The readiness probe. | ContainerProbe |
| resources | The resource requirements of the container instance. | ResourceRequirements (required) |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the container instance. | VolumeMount[] |
DeploymentExtensionSpec
| Name | Description | Value |
|---|---|---|
| name | Name of the extension. | string (required) |
| properties | Extension specific properties | DeploymentExtensionSpecProperties |
DeploymentExtensionSpecProperties
| Name | Description | Value |
|---|---|---|
| extensionType | Type of extension to be added. | string (required) |
| protectedSettings | Protected settings for the extension. | any |
| settings | Settings for the extension. | any |
| version | Version of the extension being used. | string (required) |
DnsConfiguration
| Name | Description | Value |
|---|---|---|
| nameServers | The DNS servers for the container group. | string[] (required) |
| options | The DNS options for the container group. | string |
| searchDomains | The DNS search domains for hostname lookup in the container group. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| identity | The keyvault managed identity. | string |
| keyName | The encryption key name. | string (required) |
| keyVersion | The encryption key version. | string (required) |
| vaultBaseUrl | The keyvault base url. | string (required) |
EnvironmentVariable
| Name | Description | Value |
|---|---|---|
| name | The name of the environment variable. | string (required) |
| secureValue | The value of the secure environment variable. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| value | The value of the environment variable. | string |
GitRepoVolume
| Name | Description | Value |
|---|---|---|
| directory | Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. | string |
| repository | Repository URL | string (required) |
| revision | Commit hash for the specified revision. | string |
GpuResource
| Name | Description | Value |
|---|---|---|
| count | The count of the GPU resource. | int (required) |
| sku | The SKU of the GPU resource. | 'K80' 'P100' 'V100' (required) |
HttpHeader
| Name | Description | Value |
|---|---|---|
| name | The header name. | string |
| value | The header value. | string |
ImageRegistryCredential
| Name | Description | Value |
|---|---|---|
| identity | The identity for the private registry. | string |
| identityUrl | The identity URL for the private registry. | string |
| password | The password for the private registry. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| server | The Docker image registry server without a protocol such as "http" and "https". | string (required) |
| username | The username for the private registry. | string |
InitContainerDefinition
| Name | Description | Value |
|---|---|---|
| name | The name for the init container. | string (required) |
| properties | The properties for the init container. | InitContainerPropertiesDefinition (required) |
InitContainerPropertiesDefinition
| Name | Description | Value |
|---|---|---|
| command | The command to execute within the init container in exec form. | string[] |
| environmentVariables | The environment variables to set in the init container. | EnvironmentVariable[] |
| image | The image of the init container. | string |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the init container. | VolumeMount[] |
IpAddress
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | The value representing the security enum. The 'Unsecure' value is the default value if not selected and means the object's domain name label is not secured against subdomain takeover. The 'TenantReuse' value is the default value if selected and means the object's domain name label can be reused within the same tenant. The 'SubscriptionReuse' value means the object's domain name label can be reused within the same subscription. The 'ResourceGroupReuse' value means the object's domain name label can be reused within the same resource group. The 'NoReuse' value means the object's domain name label cannot be reused within the same resource group, subscription, or tenant. | 'Noreuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dnsNameLabel | The Dns name label for the IP. | string |
| ip | The IP exposed to the public internet. | string |
| ports | The list of ports exposed on the container group. | Port[] (required) |
| type | Specifies if the IP is exposed to the public internet or private VNET. | 'Private' 'Public' (required) |
LogAnalytics
| Name | Description | Value |
|---|---|---|
| logType | The log type to be used. | 'ContainerInsights' 'ContainerInstanceLogs' |
| metadata | Metadata for log analytics. | LogAnalyticsMetadata |
| workspaceId | The workspace id for log analytics | string (required) |
| workspaceKey | The workspace key for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
| workspaceResourceId | The workspace resource id for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. |
LogAnalyticsMetadata
| Name | Description | Value |
|---|
Port
| Name | Description | Value |
|---|---|---|
| port | The port number. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The CPU limit of this container instance. | int |
| gpu | The GPU limit of this container instance. | GpuResource |
| memoryInGB | The memory limit in GB of this container instance. | int |
ResourceRequests
| Name | Description | Value |
|---|---|---|
| cpu | The CPU request of this container instance. | int (required) |
| gpu | The GPU request of this container instance. | GpuResource |
| memoryInGB | The memory request in GB of this container instance. | int (required) |
ResourceRequirements
| Name | Description | Value |
|---|---|---|
| limits | The resource limits of this container instance. | ResourceLimits |
| requests | The resource requests of this container instance. | ResourceRequests (required) |
ResourceTags
| Name | Description | Value |
|---|
SecretVolume
| Name | Description | Value |
|---|
SecurityContextCapabilitiesDefinition
| Name | Description | Value |
|---|---|---|
| add | The capabilities to add to the container. | string[] |
| drop | The capabilities to drop from the container. | string[] |
SecurityContextDefinition
| Name | Description | Value |
|---|---|---|
| allowPrivilegeEscalation | A boolean value indicating whether the init process can elevate its privileges | bool |
| capabilities | The capabilities to add or drop from a container. | SecurityContextCapabilitiesDefinition |
| privileged | The flag to determine if the container permissions is elevated to Privileged. | bool |
| runAsGroup | Sets the User GID for the container. | int |
| runAsUser | Sets the User UID for the container. | int |
| seccompProfile | a base64 encoded string containing the contents of the JSON in the seccomp profile | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
Volume
| Name | Description | Value |
|---|---|---|
| azureFile | The Azure File volume. | AzureFileVolume |
| emptyDir | The empty directory volume. | any |
| gitRepo | The git repo volume. | GitRepoVolume |
| name | The name of the volume. | string (required) |
| secret | The secret volume. | SecretVolume |
VolumeMount
| Name | Description | Value |
|---|---|---|
| mountPath | The path within the container where the volume should be mounted. Must not contain colon (:). | string (required) |
| name | The name of the volume mount. | string (required) |
| readOnly | The flag indicating whether the volume mount is read-only. | bool |
Usage Examples
Bicep Samples
A basic example of deploying Azure Container Group instance.
param location string = 'westeurope'
param resourceName string = 'acctest0001'
resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2023-05-01' = {
name: resourceName
location: location
properties: {
containers: [
{
name: 'hw'
properties: {
command: []
environmentVariables: []
image: 'ubuntu:20.04'
ports: [
{
port: 80
protocol: 'TCP'
}
]
resources: {
requests: {
cpu: any('0.5')
memoryInGB: any('0.5')
}
}
}
}
]
initContainers: []
ipAddress: {
autoGeneratedDomainNameLabelScope: 'Unsecure'
ports: [
{
port: 80
protocol: 'TCP'
}
]
type: 'Public'
}
osType: 'Linux'
restartPolicy: 'Always'
volumes: []
}
tags: {
environment: 'Testing'
}
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Container Instance | AVM Resource Module for Container Instance |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Azure Container Instances - BC with SQL Server and IIS | Deploy a single Windows container with a fully featured self-contained Microsoft Dynamics 365 Business Central environment on Azure Container Instances. |
| Azure Container Instances - container with secrets | Deploy a Linux container that has a secret volume using Azure Container Instances. |
| Azure Container Instances - VNet | Deploy a container instance into an Azure virtual network. |
| Create a WordPress site | This template creates a WordPress site on Container Instance |
| Create an on-demand SFTP Server with persistent storage | This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). |
| Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
| Front Door Standard/Premium with Azure Container Instances | This template creates a Front Door Standard/Premium with a container group. |
| Front Door with Container Instances and Application Gateway | This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| SQL Server availability group on AKS | This creates a new AKS Cluster and then deploys SQL Server availability groups into it using a CNAB package deployed using Duffle and ACI |
ARM template resource definition
The containerGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerInstance/containerGroups resource, add the following JSON to your template.
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2022-10-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"confidentialComputeProperties": {
"ccePolicy": "string"
},
"containers": [
{
"name": "string",
"properties": {
"command": [ "string" ],
"environmentVariables": [
{
"name": "string",
"secureValue": "string",
"value": "string"
}
],
"image": "string",
"livenessProbe": {
"exec": {
"command": [ "string" ]
},
"failureThreshold": "int",
"httpGet": {
"httpHeaders": [
{
"name": "string",
"value": "string"
}
],
"path": "string",
"port": "int",
"scheme": "string"
},
"initialDelaySeconds": "int",
"periodSeconds": "int",
"successThreshold": "int",
"timeoutSeconds": "int"
},
"ports": [
{
"port": "int",
"protocol": "string"
}
],
"readinessProbe": {
"exec": {
"command": [ "string" ]
},
"failureThreshold": "int",
"httpGet": {
"httpHeaders": [
{
"name": "string",
"value": "string"
}
],
"path": "string",
"port": "int",
"scheme": "string"
},
"initialDelaySeconds": "int",
"periodSeconds": "int",
"successThreshold": "int",
"timeoutSeconds": "int"
},
"resources": {
"limits": {
"cpu": "int",
"gpu": {
"count": "int",
"sku": "string"
},
"memoryInGB": "int"
},
"requests": {
"cpu": "int",
"gpu": {
"count": "int",
"sku": "string"
},
"memoryInGB": "int"
}
},
"securityContext": {
"allowPrivilegeEscalation": "bool",
"capabilities": {
"add": [ "string" ],
"drop": [ "string" ]
},
"privileged": "bool",
"runAsGroup": "int",
"runAsUser": "int",
"seccompProfile": "string"
},
"volumeMounts": [
{
"mountPath": "string",
"name": "string",
"readOnly": "bool"
}
]
}
}
],
"diagnostics": {
"logAnalytics": {
"logType": "string",
"metadata": {
"{customized property}": "string"
},
"workspaceId": "string",
"workspaceKey": "string",
"workspaceResourceId": "string"
}
},
"dnsConfig": {
"nameServers": [ "string" ],
"options": "string",
"searchDomains": "string"
},
"encryptionProperties": {
"identity": "string",
"keyName": "string",
"keyVersion": "string",
"vaultBaseUrl": "string"
},
"extensions": [
{
"name": "string",
"properties": {
"extensionType": "string",
"protectedSettings": {},
"settings": {},
"version": "string"
}
}
],
"imageRegistryCredentials": [
{
"identity": "string",
"identityUrl": "string",
"password": "string",
"server": "string",
"username": "string"
}
],
"initContainers": [
{
"name": "string",
"properties": {
"command": [ "string" ],
"environmentVariables": [
{
"name": "string",
"secureValue": "string",
"value": "string"
}
],
"image": "string",
"securityContext": {
"allowPrivilegeEscalation": "bool",
"capabilities": {
"add": [ "string" ],
"drop": [ "string" ]
},
"privileged": "bool",
"runAsGroup": "int",
"runAsUser": "int",
"seccompProfile": "string"
},
"volumeMounts": [
{
"mountPath": "string",
"name": "string",
"readOnly": "bool"
}
]
}
}
],
"ipAddress": {
"autoGeneratedDomainNameLabelScope": "string",
"dnsNameLabel": "string",
"ip": "string",
"ports": [
{
"port": "int",
"protocol": "string"
}
],
"type": "string"
},
"osType": "string",
"priority": "string",
"restartPolicy": "string",
"sku": "string",
"subnetIds": [
{
"id": "string",
"name": "string"
}
],
"volumes": [
{
"azureFile": {
"readOnly": "bool",
"shareName": "string",
"storageAccountKey": "string",
"storageAccountName": "string"
},
"emptyDir": {},
"gitRepo": {
"directory": "string",
"repository": "string",
"revision": "string"
},
"name": "string",
"secret": {
"{customized property}": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property Values
Microsoft.ContainerInstance/containerGroups
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-10-01-preview' |
| identity | The identity of the container group, if configured. | ContainerGroupIdentity |
| location | The resource location. | string |
| name | The resource name | string (required) |
| properties | The container group properties | ContainerGroupPropertiesProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.ContainerInstance/containerGroups' |
| zones | The zones for the container group. | string[] |
AzureFileVolume
| Name | Description | Value |
|---|---|---|
| readOnly | The flag indicating whether the Azure File shared mounted as a volume is read-only. | bool |
| shareName | The name of the Azure File share to be mounted as a volume. | string (required) |
| storageAccountKey | The storage account access key used to access the Azure File share. | string |
| storageAccountName | The name of the storage account that contains the Azure File share. | string (required) |
ConfidentialComputeProperties
| Name | Description | Value |
|---|---|---|
| ccePolicy | The base64 encoded confidential compute enforcement policy | string |
Container
| Name | Description | Value |
|---|---|---|
| name | The user-provided name of the container instance. | string (required) |
| properties | The properties of the container instance. | ContainerProperties (required) |
ContainerExec
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container. | string[] |
ContainerGroupDiagnostics
| Name | Description | Value |
|---|---|---|
| logAnalytics | Container group log analytics information. | LogAnalytics |
ContainerGroupIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the container group. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the container group. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the container group. | ContainerGroupIdentityUserAssignedIdentities |
ContainerGroupIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ContainerGroupPropertiesProperties
| Name | Description | Value |
|---|---|---|
| confidentialComputeProperties | The properties for confidential container group | ConfidentialComputeProperties |
| containers | The containers within the container group. | Container[] (required) |
| diagnostics | The diagnostic information for a container group. | ContainerGroupDiagnostics |
| dnsConfig | The DNS config information for a container group. | DnsConfiguration |
| encryptionProperties | The encryption properties for a container group. | EncryptionProperties |
| extensions | extensions used by virtual kubelet | DeploymentExtensionSpec[] |
| imageRegistryCredentials | The image registry credentials by which the container group is created from. | ImageRegistryCredential[] |
| initContainers | The init containers for a container group. | InitContainerDefinition[] |
| ipAddress | The IP address type of the container group. | IpAddress |
| osType | The operating system type required by the containers in the container group. | 'Linux' 'Windows' (required) |
| priority | The priority of the container group. | 'Regular' 'Spot' |
| restartPolicy | Restart policy for all containers within the container group. - Always Always restart- OnFailure Restart on failure- Never Never restart |
'Always' 'Never' 'OnFailure' |
| sku | The SKU for a container group. | 'Confidential' 'Dedicated' 'Standard' |
| subnetIds | The subnet resource IDs for a container group. | ContainerGroupSubnetId[] |
| volumes | The list of volumes that can be mounted by containers in this container group. | Volume[] |
ContainerGroupSubnetId
| Name | Description | Value |
|---|---|---|
| id | Resource ID of virtual network and subnet. | string (required) |
| name | Friendly name for the subnet. | string |
ContainerHttpGet
| Name | Description | Value |
|---|---|---|
| httpHeaders | The HTTP headers. | HttpHeader[] |
| path | The path to probe. | string |
| port | The port number to probe. | int (required) |
| scheme | The scheme. | 'http' 'https' |
ContainerPort
| Name | Description | Value |
|---|---|---|
| port | The port number exposed within the container group. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ContainerProbe
| Name | Description | Value |
|---|---|---|
| exec | The execution command to probe | ContainerExec |
| failureThreshold | The failure threshold. | int |
| httpGet | The Http Get settings to probe | ContainerHttpGet |
| initialDelaySeconds | The initial delay seconds. | int |
| periodSeconds | The period seconds. | int |
| successThreshold | The success threshold. | int |
| timeoutSeconds | The timeout seconds. | int |
ContainerProperties
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container instance in exec form. | string[] |
| environmentVariables | The environment variables to set in the container instance. | EnvironmentVariable[] |
| image | The name of the image used to create the container instance. | string (required) |
| livenessProbe | The liveness probe. | ContainerProbe |
| ports | The exposed ports on the container instance. | ContainerPort[] |
| readinessProbe | The readiness probe. | ContainerProbe |
| resources | The resource requirements of the container instance. | ResourceRequirements (required) |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the container instance. | VolumeMount[] |
DeploymentExtensionSpec
| Name | Description | Value |
|---|---|---|
| name | Name of the extension. | string (required) |
| properties | Extension specific properties | DeploymentExtensionSpecProperties |
DeploymentExtensionSpecProperties
| Name | Description | Value |
|---|---|---|
| extensionType | Type of extension to be added. | string (required) |
| protectedSettings | Protected settings for the extension. | any |
| settings | Settings for the extension. | any |
| version | Version of the extension being used. | string (required) |
DnsConfiguration
| Name | Description | Value |
|---|---|---|
| nameServers | The DNS servers for the container group. | string[] (required) |
| options | The DNS options for the container group. | string |
| searchDomains | The DNS search domains for hostname lookup in the container group. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| identity | The keyvault managed identity. | string |
| keyName | The encryption key name. | string (required) |
| keyVersion | The encryption key version. | string (required) |
| vaultBaseUrl | The keyvault base url. | string (required) |
EnvironmentVariable
| Name | Description | Value |
|---|---|---|
| name | The name of the environment variable. | string (required) |
| secureValue | The value of the secure environment variable. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| value | The value of the environment variable. | string |
GitRepoVolume
| Name | Description | Value |
|---|---|---|
| directory | Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. | string |
| repository | Repository URL | string (required) |
| revision | Commit hash for the specified revision. | string |
GpuResource
| Name | Description | Value |
|---|---|---|
| count | The count of the GPU resource. | int (required) |
| sku | The SKU of the GPU resource. | 'K80' 'P100' 'V100' (required) |
HttpHeader
| Name | Description | Value |
|---|---|---|
| name | The header name. | string |
| value | The header value. | string |
ImageRegistryCredential
| Name | Description | Value |
|---|---|---|
| identity | The identity for the private registry. | string |
| identityUrl | The identity URL for the private registry. | string |
| password | The password for the private registry. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| server | The Docker image registry server without a protocol such as "http" and "https". | string (required) |
| username | The username for the private registry. | string |
InitContainerDefinition
| Name | Description | Value |
|---|---|---|
| name | The name for the init container. | string (required) |
| properties | The properties for the init container. | InitContainerPropertiesDefinition (required) |
InitContainerPropertiesDefinition
| Name | Description | Value |
|---|---|---|
| command | The command to execute within the init container in exec form. | string[] |
| environmentVariables | The environment variables to set in the init container. | EnvironmentVariable[] |
| image | The image of the init container. | string |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the init container. | VolumeMount[] |
IpAddress
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | The value representing the security enum. The 'Unsecure' value is the default value if not selected and means the object's domain name label is not secured against subdomain takeover. The 'TenantReuse' value is the default value if selected and means the object's domain name label can be reused within the same tenant. The 'SubscriptionReuse' value means the object's domain name label can be reused within the same subscription. The 'ResourceGroupReuse' value means the object's domain name label can be reused within the same resource group. The 'NoReuse' value means the object's domain name label cannot be reused within the same resource group, subscription, or tenant. | 'Noreuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dnsNameLabel | The Dns name label for the IP. | string |
| ip | The IP exposed to the public internet. | string |
| ports | The list of ports exposed on the container group. | Port[] (required) |
| type | Specifies if the IP is exposed to the public internet or private VNET. | 'Private' 'Public' (required) |
LogAnalytics
| Name | Description | Value |
|---|---|---|
| logType | The log type to be used. | 'ContainerInsights' 'ContainerInstanceLogs' |
| metadata | Metadata for log analytics. | LogAnalyticsMetadata |
| workspaceId | The workspace id for log analytics | string (required) |
| workspaceKey | The workspace key for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
| workspaceResourceId | The workspace resource id for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. |
LogAnalyticsMetadata
| Name | Description | Value |
|---|
Port
| Name | Description | Value |
|---|---|---|
| port | The port number. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The CPU limit of this container instance. | int |
| gpu | The GPU limit of this container instance. | GpuResource |
| memoryInGB | The memory limit in GB of this container instance. | int |
ResourceRequests
| Name | Description | Value |
|---|---|---|
| cpu | The CPU request of this container instance. | int (required) |
| gpu | The GPU request of this container instance. | GpuResource |
| memoryInGB | The memory request in GB of this container instance. | int (required) |
ResourceRequirements
| Name | Description | Value |
|---|---|---|
| limits | The resource limits of this container instance. | ResourceLimits |
| requests | The resource requests of this container instance. | ResourceRequests (required) |
ResourceTags
| Name | Description | Value |
|---|
SecretVolume
| Name | Description | Value |
|---|
SecurityContextCapabilitiesDefinition
| Name | Description | Value |
|---|---|---|
| add | The capabilities to add to the container. | string[] |
| drop | The capabilities to drop from the container. | string[] |
SecurityContextDefinition
| Name | Description | Value |
|---|---|---|
| allowPrivilegeEscalation | A boolean value indicating whether the init process can elevate its privileges | bool |
| capabilities | The capabilities to add or drop from a container. | SecurityContextCapabilitiesDefinition |
| privileged | The flag to determine if the container permissions is elevated to Privileged. | bool |
| runAsGroup | Sets the User GID for the container. | int |
| runAsUser | Sets the User UID for the container. | int |
| seccompProfile | a base64 encoded string containing the contents of the JSON in the seccomp profile | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
Volume
| Name | Description | Value |
|---|---|---|
| azureFile | The Azure File volume. | AzureFileVolume |
| emptyDir | The empty directory volume. | any |
| gitRepo | The git repo volume. | GitRepoVolume |
| name | The name of the volume. | string (required) |
| secret | The secret volume. | SecretVolume |
VolumeMount
| Name | Description | Value |
|---|---|---|
| mountPath | The path within the container where the volume should be mounted. Must not contain colon (:). | string (required) |
| name | The name of the volume mount. | string (required) |
| readOnly | The flag indicating whether the volume mount is read-only. | bool |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Azure Container Instances - BC with SQL Server and IIS 👁 Deploy to Azure |
Deploy a single Windows container with a fully featured self-contained Microsoft Dynamics 365 Business Central environment on Azure Container Instances. |
| Azure Container Instances - container with health probe 👁 Deploy to Azure |
Deploy a Linux container that has a health probe using Azure Container Instances. |
| Azure Container Instances - container with secrets 👁 Deploy to Azure |
Deploy a Linux container that has a secret volume using Azure Container Instances. |
| Azure Container Instances - container with secure envVar 👁 Deploy to Azure |
Deploy a Linux container that has a secure environment variable using Azure Container Instances. |
| Azure Container Instances - Linux container with emptyDir 👁 Deploy to Azure |
Deploy two Linux containers that share an emptyDir volume using Azure Container Instances. |
| Azure Container Instances - Linux container with gitRepo 👁 Deploy to Azure |
Deploy a Linux container that uses an gitRepo volume using Azure Container Instances. |
| Azure Container Instances - VNet 👁 Deploy to Azure |
Deploy a container instance into an Azure virtual network. |
| Create a Storage Account File Share via Containers 👁 Deploy to Azure |
This template creates a storage account and a file share via azure-cli in a Container Instance |
| Create a WordPress site 👁 Deploy to Azure |
This template creates a WordPress site on Container Instance |
| Create a WordPress site in a virtual network 👁 Deploy to Azure |
This template creates a WordPress site on Container Instance in a virtual network. And output a public site FQDN which could access WordPress site. |
| Create an on-demand SFTP Server with persistent storage 👁 Deploy to Azure |
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). |
| Create Application Gateway with Certificates 👁 Deploy to Azure |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
| Front Door Standard/Premium with Azure Container Instances 👁 Deploy to Azure |
This template creates a Front Door Standard/Premium with a container group. |
| Front Door with Container Instances and Application Gateway 👁 Deploy to Azure |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
| On-demand SFTP Server using an existing storage account 👁 Deploy to Azure |
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). |
| SQL Server availability group on AKS 👁 Deploy to Azure |
This creates a new AKS Cluster and then deploys SQL Server availability groups into it using a CNAB package deployed using Duffle and ACI |
| UDP Container in ACI 👁 Deploy to Azure |
This templates creates an ACI resource and exposes a container through UDP |
Terraform (AzAPI provider) resource definition
The containerGroups resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerInstance/containerGroups resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ContainerInstance/containerGroups@2022-10-01-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
confidentialComputeProperties = {
ccePolicy = "string"
}
containers = [
{
name = "string"
properties = {
command = [
"string"
]
environmentVariables = [
{
name = "string"
secureValue = "string"
value = "string"
}
]
image = "string"
livenessProbe = {
exec = {
command = [
"string"
]
}
failureThreshold = int
httpGet = {
httpHeaders = [
{
name = "string"
value = "string"
}
]
path = "string"
port = int
scheme = "string"
}
initialDelaySeconds = int
periodSeconds = int
successThreshold = int
timeoutSeconds = int
}
ports = [
{
port = int
protocol = "string"
}
]
readinessProbe = {
exec = {
command = [
"string"
]
}
failureThreshold = int
httpGet = {
httpHeaders = [
{
name = "string"
value = "string"
}
]
path = "string"
port = int
scheme = "string"
}
initialDelaySeconds = int
periodSeconds = int
successThreshold = int
timeoutSeconds = int
}
resources = {
limits = {
cpu = int
gpu = {
count = int
sku = "string"
}
memoryInGB = int
}
requests = {
cpu = int
gpu = {
count = int
sku = "string"
}
memoryInGB = int
}
}
securityContext = {
allowPrivilegeEscalation = bool
capabilities = {
add = [
"string"
]
drop = [
"string"
]
}
privileged = bool
runAsGroup = int
runAsUser = int
seccompProfile = "string"
}
volumeMounts = [
{
mountPath = "string"
name = "string"
readOnly = bool
}
]
}
}
]
diagnostics = {
logAnalytics = {
logType = "string"
metadata = {
{customized property} = "string"
}
workspaceId = "string"
workspaceKey = "string"
workspaceResourceId = "string"
}
}
dnsConfig = {
nameServers = [
"string"
]
options = "string"
searchDomains = "string"
}
encryptionProperties = {
identity = "string"
keyName = "string"
keyVersion = "string"
vaultBaseUrl = "string"
}
extensions = [
{
name = "string"
properties = {
extensionType = "string"
protectedSettings = ?
settings = ?
version = "string"
}
}
]
imageRegistryCredentials = [
{
identity = "string"
identityUrl = "string"
password = "string"
server = "string"
username = "string"
}
]
initContainers = [
{
name = "string"
properties = {
command = [
"string"
]
environmentVariables = [
{
name = "string"
secureValue = "string"
value = "string"
}
]
image = "string"
securityContext = {
allowPrivilegeEscalation = bool
capabilities = {
add = [
"string"
]
drop = [
"string"
]
}
privileged = bool
runAsGroup = int
runAsUser = int
seccompProfile = "string"
}
volumeMounts = [
{
mountPath = "string"
name = "string"
readOnly = bool
}
]
}
}
]
ipAddress = {
autoGeneratedDomainNameLabelScope = "string"
dnsNameLabel = "string"
ip = "string"
ports = [
{
port = int
protocol = "string"
}
]
type = "string"
}
osType = "string"
priority = "string"
restartPolicy = "string"
sku = "string"
subnetIds = [
{
id = "string"
name = "string"
}
]
volumes = [
{
azureFile = {
readOnly = bool
shareName = "string"
storageAccountKey = "string"
storageAccountName = "string"
}
emptyDir = ?
gitRepo = {
directory = "string"
repository = "string"
revision = "string"
}
name = "string"
secret = {
{customized property} = "string"
}
}
]
}
zones = [
"string"
]
}
}
Property Values
Microsoft.ContainerInstance/containerGroups
| Name | Description | Value |
|---|---|---|
| identity | The identity of the container group, if configured. | ContainerGroupIdentity |
| location | The resource location. | string |
| name | The resource name | string (required) |
| properties | The container group properties | ContainerGroupPropertiesProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.ContainerInstance/containerGroups@2022-10-01-preview" |
| zones | The zones for the container group. | string[] |
AzureFileVolume
| Name | Description | Value |
|---|---|---|
| readOnly | The flag indicating whether the Azure File shared mounted as a volume is read-only. | bool |
| shareName | The name of the Azure File share to be mounted as a volume. | string (required) |
| storageAccountKey | The storage account access key used to access the Azure File share. | string |
| storageAccountName | The name of the storage account that contains the Azure File share. | string (required) |
ConfidentialComputeProperties
| Name | Description | Value |
|---|---|---|
| ccePolicy | The base64 encoded confidential compute enforcement policy | string |
Container
| Name | Description | Value |
|---|---|---|
| name | The user-provided name of the container instance. | string (required) |
| properties | The properties of the container instance. | ContainerProperties (required) |
ContainerExec
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container. | string[] |
ContainerGroupDiagnostics
| Name | Description | Value |
|---|---|---|
| logAnalytics | Container group log analytics information. | LogAnalytics |
ContainerGroupIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the container group. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the container group. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the container group. | ContainerGroupIdentityUserAssignedIdentities |
ContainerGroupIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ContainerGroupPropertiesProperties
| Name | Description | Value |
|---|---|---|
| confidentialComputeProperties | The properties for confidential container group | ConfidentialComputeProperties |
| containers | The containers within the container group. | Container[] (required) |
| diagnostics | The diagnostic information for a container group. | ContainerGroupDiagnostics |
| dnsConfig | The DNS config information for a container group. | DnsConfiguration |
| encryptionProperties | The encryption properties for a container group. | EncryptionProperties |
| extensions | extensions used by virtual kubelet | DeploymentExtensionSpec[] |
| imageRegistryCredentials | The image registry credentials by which the container group is created from. | ImageRegistryCredential[] |
| initContainers | The init containers for a container group. | InitContainerDefinition[] |
| ipAddress | The IP address type of the container group. | IpAddress |
| osType | The operating system type required by the containers in the container group. | 'Linux' 'Windows' (required) |
| priority | The priority of the container group. | 'Regular' 'Spot' |
| restartPolicy | Restart policy for all containers within the container group. - Always Always restart- OnFailure Restart on failure- Never Never restart |
'Always' 'Never' 'OnFailure' |
| sku | The SKU for a container group. | 'Confidential' 'Dedicated' 'Standard' |
| subnetIds | The subnet resource IDs for a container group. | ContainerGroupSubnetId[] |
| volumes | The list of volumes that can be mounted by containers in this container group. | Volume[] |
ContainerGroupSubnetId
| Name | Description | Value |
|---|---|---|
| id | Resource ID of virtual network and subnet. | string (required) |
| name | Friendly name for the subnet. | string |
ContainerHttpGet
| Name | Description | Value |
|---|---|---|
| httpHeaders | The HTTP headers. | HttpHeader[] |
| path | The path to probe. | string |
| port | The port number to probe. | int (required) |
| scheme | The scheme. | 'http' 'https' |
ContainerPort
| Name | Description | Value |
|---|---|---|
| port | The port number exposed within the container group. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ContainerProbe
| Name | Description | Value |
|---|---|---|
| exec | The execution command to probe | ContainerExec |
| failureThreshold | The failure threshold. | int |
| httpGet | The Http Get settings to probe | ContainerHttpGet |
| initialDelaySeconds | The initial delay seconds. | int |
| periodSeconds | The period seconds. | int |
| successThreshold | The success threshold. | int |
| timeoutSeconds | The timeout seconds. | int |
ContainerProperties
| Name | Description | Value |
|---|---|---|
| command | The commands to execute within the container instance in exec form. | string[] |
| environmentVariables | The environment variables to set in the container instance. | EnvironmentVariable[] |
| image | The name of the image used to create the container instance. | string (required) |
| livenessProbe | The liveness probe. | ContainerProbe |
| ports | The exposed ports on the container instance. | ContainerPort[] |
| readinessProbe | The readiness probe. | ContainerProbe |
| resources | The resource requirements of the container instance. | ResourceRequirements (required) |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the container instance. | VolumeMount[] |
DeploymentExtensionSpec
| Name | Description | Value |
|---|---|---|
| name | Name of the extension. | string (required) |
| properties | Extension specific properties | DeploymentExtensionSpecProperties |
DeploymentExtensionSpecProperties
| Name | Description | Value |
|---|---|---|
| extensionType | Type of extension to be added. | string (required) |
| protectedSettings | Protected settings for the extension. | any |
| settings | Settings for the extension. | any |
| version | Version of the extension being used. | string (required) |
DnsConfiguration
| Name | Description | Value |
|---|---|---|
| nameServers | The DNS servers for the container group. | string[] (required) |
| options | The DNS options for the container group. | string |
| searchDomains | The DNS search domains for hostname lookup in the container group. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| identity | The keyvault managed identity. | string |
| keyName | The encryption key name. | string (required) |
| keyVersion | The encryption key version. | string (required) |
| vaultBaseUrl | The keyvault base url. | string (required) |
EnvironmentVariable
| Name | Description | Value |
|---|---|---|
| name | The name of the environment variable. | string (required) |
| secureValue | The value of the secure environment variable. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| value | The value of the environment variable. | string |
GitRepoVolume
| Name | Description | Value |
|---|---|---|
| directory | Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. | string |
| repository | Repository URL | string (required) |
| revision | Commit hash for the specified revision. | string |
GpuResource
| Name | Description | Value |
|---|---|---|
| count | The count of the GPU resource. | int (required) |
| sku | The SKU of the GPU resource. | 'K80' 'P100' 'V100' (required) |
HttpHeader
| Name | Description | Value |
|---|---|---|
| name | The header name. | string |
| value | The header value. | string |
ImageRegistryCredential
| Name | Description | Value |
|---|---|---|
| identity | The identity for the private registry. | string |
| identityUrl | The identity URL for the private registry. | string |
| password | The password for the private registry. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| server | The Docker image registry server without a protocol such as "http" and "https". | string (required) |
| username | The username for the private registry. | string |
InitContainerDefinition
| Name | Description | Value |
|---|---|---|
| name | The name for the init container. | string (required) |
| properties | The properties for the init container. | InitContainerPropertiesDefinition (required) |
InitContainerPropertiesDefinition
| Name | Description | Value |
|---|---|---|
| command | The command to execute within the init container in exec form. | string[] |
| environmentVariables | The environment variables to set in the init container. | EnvironmentVariable[] |
| image | The image of the init container. | string |
| securityContext | The container security properties. | SecurityContextDefinition |
| volumeMounts | The volume mounts available to the init container. | VolumeMount[] |
IpAddress
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | The value representing the security enum. The 'Unsecure' value is the default value if not selected and means the object's domain name label is not secured against subdomain takeover. The 'TenantReuse' value is the default value if selected and means the object's domain name label can be reused within the same tenant. The 'SubscriptionReuse' value means the object's domain name label can be reused within the same subscription. The 'ResourceGroupReuse' value means the object's domain name label can be reused within the same resource group. The 'NoReuse' value means the object's domain name label cannot be reused within the same resource group, subscription, or tenant. | 'Noreuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
| dnsNameLabel | The Dns name label for the IP. | string |
| ip | The IP exposed to the public internet. | string |
| ports | The list of ports exposed on the container group. | Port[] (required) |
| type | Specifies if the IP is exposed to the public internet or private VNET. | 'Private' 'Public' (required) |
LogAnalytics
| Name | Description | Value |
|---|---|---|
| logType | The log type to be used. | 'ContainerInsights' 'ContainerInstanceLogs' |
| metadata | Metadata for log analytics. | LogAnalyticsMetadata |
| workspaceId | The workspace id for log analytics | string (required) |
| workspaceKey | The workspace key for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
| workspaceResourceId | The workspace resource id for log analytics | string Constraints: Sensitive value. Pass in as a secure parameter. |
LogAnalyticsMetadata
| Name | Description | Value |
|---|
Port
| Name | Description | Value |
|---|---|---|
| port | The port number. | int (required) |
| protocol | The protocol associated with the port. | 'TCP' 'UDP' |
ResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The CPU limit of this container instance. | int |
| gpu | The GPU limit of this container instance. | GpuResource |
| memoryInGB | The memory limit in GB of this container instance. | int |
ResourceRequests
| Name | Description | Value |
|---|---|---|
| cpu | The CPU request of this container instance. | int (required) |
| gpu | The GPU request of this container instance. | GpuResource |
| memoryInGB | The memory request in GB of this container instance. | int (required) |
ResourceRequirements
| Name | Description | Value |
|---|---|---|
| limits | The resource limits of this container instance. | ResourceLimits |
| requests | The resource requests of this container instance. | ResourceRequests (required) |
ResourceTags
| Name | Description | Value |
|---|
SecretVolume
| Name | Description | Value |
|---|
SecurityContextCapabilitiesDefinition
| Name | Description | Value |
|---|---|---|
| add | The capabilities to add to the container. | string[] |
| drop | The capabilities to drop from the container. | string[] |
SecurityContextDefinition
| Name | Description | Value |
|---|---|---|
| allowPrivilegeEscalation | A boolean value indicating whether the init process can elevate its privileges | bool |
| capabilities | The capabilities to add or drop from a container. | SecurityContextCapabilitiesDefinition |
| privileged | The flag to determine if the container permissions is elevated to Privileged. | bool |
| runAsGroup | Sets the User GID for the container. | int |
| runAsUser | Sets the User UID for the container. | int |
| seccompProfile | a base64 encoded string containing the contents of the JSON in the seccomp profile | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
Volume
| Name | Description | Value |
|---|---|---|
| azureFile | The Azure File volume. | AzureFileVolume |
| emptyDir | The empty directory volume. | any |
| gitRepo | The git repo volume. | GitRepoVolume |
| name | The name of the volume. | string (required) |
| secret | The secret volume. | SecretVolume |
VolumeMount
| Name | Description | Value |
|---|---|---|
| mountPath | The path within the container where the volume should be mounted. Must not contain colon (:). | string (required) |
| name | The name of the volume mount. | string (required) |
| readOnly | The flag indicating whether the volume mount is read-only. | bool |
Usage Examples
Terraform Samples
A basic example of deploying Azure Container Group instance.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "containerGroup" {
type = "Microsoft.ContainerInstance/containerGroups@2023-05-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
containers = [
{
name = "hw"
properties = {
command = [
]
environmentVariables = [
]
image = "ubuntu:20.04"
ports = [
{
port = 80
protocol = "TCP"
},
]
resources = {
requests = {
cpu = 0.5
memoryInGB = 0.5
}
}
}
},
]
initContainers = [
]
ipAddress = {
autoGeneratedDomainNameLabelScope = "Unsecure"
ports = [
{
port = 80
protocol = "TCP"
},
]
type = "Public"
}
osType = "Linux"
restartPolicy = "Always"
volumes = [
]
}
tags = {
environment = "Testing"
}
zones = [
]
}
schema_validation_enabled = false
response_export_values = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Container Instance | AVM Resource Module for Container Instance |
Feedback
Was this page helpful?