Bicep resource definition
The containerApps resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/containerApps resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.App/containerApps@2022-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
configuration: {
activeRevisionsMode: 'string'
dapr: {
appId: 'string'
appPort: int
appProtocol: 'string'
enabled: bool
}
ingress: {
allowInsecure: bool
customDomains: [
{
bindingType: 'string'
certificateId: 'string'
name: 'string'
}
]
external: bool
targetPort: int
traffic: [
{
label: 'string'
latestRevision: bool
revisionName: 'string'
weight: int
}
]
transport: 'string'
}
registries: [
{
identity: 'string'
passwordSecretRef: 'string'
server: 'string'
username: 'string'
}
]
secrets: [
{
name: 'string'
value: 'string'
}
]
}
managedEnvironmentId: 'string'
template: {
containers: [
{
args: [
'string'
]
command: [
'string'
]
env: [
{
name: 'string'
secretRef: 'string'
value: 'string'
}
]
image: 'string'
name: 'string'
probes: [
{
failureThreshold: int
httpGet: {
host: 'string'
httpHeaders: [
{
name: 'string'
value: 'string'
}
]
path: 'string'
port: int
scheme: 'string'
}
initialDelaySeconds: int
periodSeconds: int
successThreshold: int
tcpSocket: {
host: 'string'
port: int
}
terminationGracePeriodSeconds: int
timeoutSeconds: int
type: 'string'
}
]
resources: {
cpu: json('decimal-as-string')
memory: 'string'
}
volumeMounts: [
{
mountPath: 'string'
volumeName: 'string'
}
]
}
]
revisionSuffix: 'string'
scale: {
maxReplicas: int
minReplicas: int
rules: [
{
azureQueue: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
queueLength: int
queueName: 'string'
}
custom: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
metadata: {
{customized property}: 'string'
}
type: 'string'
}
http: {
auth: [
{
secretRef: 'string'
triggerParameter: 'string'
}
]
metadata: {
{customized property}: 'string'
}
}
name: 'string'
}
]
}
volumes: [
{
name: 'string'
storageName: 'string'
storageType: 'string'
}
]
}
}
}
Property values
containerApps
| Name |
Description |
Value |
| name |
The resource name |
string (required)
Character limit: 2-32
Valid characters:
Lowercase letters, numbers, and hyphens..
Start with letter and end with alphanumeric. |
| location |
The geo-location where the resource lives |
string (required) |
| tags |
Resource tags. |
Dictionary of tag names and values. See Tags in templates |
| identity |
managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| properties |
ContainerApp resource specific properties |
ContainerAppProperties |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required) |
| userAssignedIdentities |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
UserAssignedIdentities |
UserAssignedIdentities
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ContainerAppProperties
| Name |
Description |
Value |
| configuration |
Non versioned Container App configuration properties. |
Configuration |
| managedEnvironmentId |
Resource ID of the Container App's environment. |
string |
| template |
Container App versioned application definition. |
Template |
Configuration
| Name |
Description |
Value |
| activeRevisionsMode |
ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active.{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.{/item}{/list} |
'Multiple'
'Single' |
| dapr |
Dapr configuration for the Container App. |
Dapr |
| ingress |
Ingress configurations. |
Ingress |
| registries |
Collection of private container registry credentials for containers used by the Container app |
RegistryCredentials[] |
| secrets |
Collection of secrets used by a Container app |
Secret[] |
Dapr
| Name |
Description |
Value |
| appId |
Dapr application identifier |
string |
| appPort |
Tells Dapr which port your application is listening on |
int |
| appProtocol |
Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http |
'grpc'
'http' |
| enabled |
Boolean indicating if the Dapr side car is enabled |
bool |
Ingress
| Name |
Description |
Value |
| allowInsecure |
Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections |
bool |
| customDomains |
custom domain bindings for Container Apps' hostnames. |
CustomDomain[] |
| external |
Bool indicating if app exposes an external http endpoint |
bool |
| targetPort |
Target Port in containers for traffic from ingress |
int |
| traffic |
Traffic weights for app's revisions |
TrafficWeight[] |
| transport |
Ingress transport protocol |
'auto'
'http'
'http2' |
CustomDomain
| Name |
Description |
Value |
| bindingType |
Custom Domain binding type. |
'Disabled'
'SniEnabled' |
| certificateId |
Resource Id of the Certificate to be bound to this hostname. |
string |
| name |
Hostname. |
string (required) |
TrafficWeight
| Name |
Description |
Value |
| label |
Associates a traffic label with a revision |
string |
| latestRevision |
Indicates that the traffic weight belongs to a latest stable revision |
bool |
| revisionName |
Name of a revision |
string |
| weight |
Traffic weight assigned to a revision |
int |
RegistryCredentials
| Name |
Description |
Value |
| identity |
A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' |
string |
| passwordSecretRef |
The name of the Secret that contains the registry login password |
string |
| server |
Container Registry Server |
string |
| username |
Container Registry Username |
string |
Secret
| Name |
Description |
Value |
| name |
Secret Name. |
string |
| value |
Secret Value. |
string
Constraints:
Sensitive value. Pass in as a secure parameter.
|
Template
| Name |
Description |
Value |
| containers |
List of container definitions for the Container App. |
Container[] |
| revisionSuffix |
User friendly suffix that is appended to the revision name |
string |
| scale |
Scaling properties for the Container App. |
Scale |
| volumes |
List of volume definitions for the Container App. |
Volume[] |
Container
| Name |
Description |
Value |
| args |
Container start command arguments. |
string[] |
| command |
Container start command. |
string[] |
| env |
Container environment variables. |
EnvironmentVar[] |
| image |
Container image tag. |
string |
| name |
Custom container name. |
string |
| probes |
List of probes for the container. |
ContainerAppProbe[] |
| resources |
Container resource requirements. |
ContainerResources |
| volumeMounts |
Container volume mounts. |
VolumeMount[] |
EnvironmentVar
| Name |
Description |
Value |
| name |
Environment variable name. |
string |
| secretRef |
Name of the Container App secret from which to pull the environment variable value. |
string |
| value |
Non-secret environment variable value. |
string |
ContainerAppProbe
| Name |
Description |
Value |
| failureThreshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. |
int |
| httpGet |
HTTPGet specifies the http request to perform. |
ContainerAppProbeHttpGet |
| initialDelaySeconds |
Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. |
int |
| periodSeconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. |
int |
| successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. |
int |
| tcpSocket |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. |
ContainerAppProbeTcpSocket |
| terminationGracePeriodSeconds |
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) |
int |
| timeoutSeconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. |
int |
| type |
The type of probe. |
'Liveness'
'Readiness'
'Startup' |
ContainerAppProbeHttpGet
| Name |
Description |
Value |
| host |
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
string |
| httpHeaders |
Custom headers to set in the request. HTTP allows repeated headers. |
ContainerAppProbeHttpGetHttpHeadersItem[] |
| path |
Path to access on the HTTP server. |
string |
| port |
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
| scheme |
Scheme to use for connecting to the host. Defaults to HTTP. |
'HTTP'
'HTTPS' |
| Name |
Description |
Value |
| name |
The header field name |
string (required) |
| value |
The header field value |
string (required) |
ContainerAppProbeTcpSocket
| Name |
Description |
Value |
| host |
Optional: Host name to connect to, defaults to the pod IP. |
string |
| port |
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
ContainerResources
| Name |
Description |
Value |
| cpu |
Required CPU in cores, e.g. 0.5 To specify a decimal value, use the json() function. |
int or json decimal |
| memory |
Required memory, e.g. "250Mb" |
string |
VolumeMount
| Name |
Description |
Value |
| mountPath |
Path within the container at which the volume should be mounted.Must not contain ':'. |
string |
| volumeName |
This must match the Name of a Volume. |
string |
Scale
| Name |
Description |
Value |
| maxReplicas |
Optional. Maximum number of container replicas. Defaults to 10 if not set. |
int |
| minReplicas |
Optional. Minimum number of container replicas. |
int |
| rules |
Scaling rules. |
ScaleRule[] |
ScaleRule
QueueScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the queue scale rule. |
ScaleRuleAuth[] |
| queueLength |
Queue length. |
int |
| queueName |
Queue name. |
string |
ScaleRuleAuth
| Name |
Description |
Value |
| secretRef |
Name of the Container App secret from which to pull the auth params. |
string |
| triggerParameter |
Trigger Parameter that uses the secret |
string |
CustomScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe custom scale rule. |
CustomScaleRuleMetadata |
| type |
Type of the custom scale rule
eg: azure-servicebus, redis etc.
|
string |
| Name |
Description |
Value |
| {customized property} |
|
string |
HttpScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe http scale rule. |
HttpScaleRuleMetadata |
| Name |
Description |
Value |
| {customized property} |
|
string |
Volume
| Name |
Description |
Value |
| name |
Volume name. |
string |
| storageName |
Name of storage resource. No need to provide for EmptyDir. |
string |
| storageType |
Storage type for the volume. If not provided, use EmptyDir. |
'AzureFile'
'EmptyDir' |
Quickstart templates
The following quickstart templates deploy this resource type.
ARM template resource definition
The containerApps resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/containerApps resource, add the following JSON to your template.
{
"type": "Microsoft.App/containerApps",
"apiVersion": "2022-03-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"configuration": {
"activeRevisionsMode": "string",
"dapr": {
"appId": "string",
"appPort": "int",
"appProtocol": "string",
"enabled": "bool"
},
"ingress": {
"allowInsecure": "bool",
"customDomains": [
{
"bindingType": "string",
"certificateId": "string",
"name": "string"
}
],
"external": "bool",
"targetPort": "int",
"traffic": [
{
"label": "string",
"latestRevision": "bool",
"revisionName": "string",
"weight": "int"
}
],
"transport": "string"
},
"registries": [
{
"identity": "string",
"passwordSecretRef": "string",
"server": "string",
"username": "string"
}
],
"secrets": [
{
"name": "string",
"value": "string"
}
]
},
"managedEnvironmentId": "string",
"template": {
"containers": [
{
"args": [ "string" ],
"command": [ "string" ],
"env": [
{
"name": "string",
"secretRef": "string",
"value": "string"
}
],
"image": "string",
"name": "string",
"probes": [
{
"failureThreshold": "int",
"httpGet": {
"host": "string",
"httpHeaders": [
{
"name": "string",
"value": "string"
}
],
"path": "string",
"port": "int",
"scheme": "string"
},
"initialDelaySeconds": "int",
"periodSeconds": "int",
"successThreshold": "int",
"tcpSocket": {
"host": "string",
"port": "int"
},
"terminationGracePeriodSeconds": "int",
"timeoutSeconds": "int",
"type": "string"
}
],
"resources": {
"cpu": "[json('decimal-as-string')]",
"memory": "string"
},
"volumeMounts": [
{
"mountPath": "string",
"volumeName": "string"
}
]
}
],
"revisionSuffix": "string",
"scale": {
"maxReplicas": "int",
"minReplicas": "int",
"rules": [
{
"azureQueue": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"queueLength": "int",
"queueName": "string"
},
"custom": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"metadata": {
"{customized property}": "string"
},
"type": "string"
},
"http": {
"auth": [
{
"secretRef": "string",
"triggerParameter": "string"
}
],
"metadata": {
"{customized property}": "string"
}
},
"name": "string"
}
]
},
"volumes": [
{
"name": "string",
"storageName": "string",
"storageType": "string"
}
]
}
}
}
Property values
containerApps
| Name |
Description |
Value |
| type |
The resource type |
'Microsoft.App/containerApps' |
| apiVersion |
The resource api version |
'2022-03-01' |
| name |
The resource name |
string (required)
Character limit: 2-32
Valid characters:
Lowercase letters, numbers, and hyphens..
Start with letter and end with alphanumeric. |
| location |
The geo-location where the resource lives |
string (required) |
| tags |
Resource tags. |
Dictionary of tag names and values. See Tags in templates |
| identity |
managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| properties |
ContainerApp resource specific properties |
ContainerAppProperties |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required) |
| userAssignedIdentities |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
UserAssignedIdentities |
UserAssignedIdentities
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ContainerAppProperties
| Name |
Description |
Value |
| configuration |
Non versioned Container App configuration properties. |
Configuration |
| managedEnvironmentId |
Resource ID of the Container App's environment. |
string |
| template |
Container App versioned application definition. |
Template |
Configuration
| Name |
Description |
Value |
| activeRevisionsMode |
ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active.{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.{/item}{/list} |
'Multiple'
'Single' |
| dapr |
Dapr configuration for the Container App. |
Dapr |
| ingress |
Ingress configurations. |
Ingress |
| registries |
Collection of private container registry credentials for containers used by the Container app |
RegistryCredentials[] |
| secrets |
Collection of secrets used by a Container app |
Secret[] |
Dapr
| Name |
Description |
Value |
| appId |
Dapr application identifier |
string |
| appPort |
Tells Dapr which port your application is listening on |
int |
| appProtocol |
Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http |
'grpc'
'http' |
| enabled |
Boolean indicating if the Dapr side car is enabled |
bool |
Ingress
| Name |
Description |
Value |
| allowInsecure |
Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections |
bool |
| customDomains |
custom domain bindings for Container Apps' hostnames. |
CustomDomain[] |
| external |
Bool indicating if app exposes an external http endpoint |
bool |
| targetPort |
Target Port in containers for traffic from ingress |
int |
| traffic |
Traffic weights for app's revisions |
TrafficWeight[] |
| transport |
Ingress transport protocol |
'auto'
'http'
'http2' |
CustomDomain
| Name |
Description |
Value |
| bindingType |
Custom Domain binding type. |
'Disabled'
'SniEnabled' |
| certificateId |
Resource Id of the Certificate to be bound to this hostname. |
string |
| name |
Hostname. |
string (required) |
TrafficWeight
| Name |
Description |
Value |
| label |
Associates a traffic label with a revision |
string |
| latestRevision |
Indicates that the traffic weight belongs to a latest stable revision |
bool |
| revisionName |
Name of a revision |
string |
| weight |
Traffic weight assigned to a revision |
int |
RegistryCredentials
| Name |
Description |
Value |
| identity |
A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' |
string |
| passwordSecretRef |
The name of the Secret that contains the registry login password |
string |
| server |
Container Registry Server |
string |
| username |
Container Registry Username |
string |
Secret
| Name |
Description |
Value |
| name |
Secret Name. |
string |
| value |
Secret Value. |
string
Constraints:
Sensitive value. Pass in as a secure parameter.
|
Template
| Name |
Description |
Value |
| containers |
List of container definitions for the Container App. |
Container[] |
| revisionSuffix |
User friendly suffix that is appended to the revision name |
string |
| scale |
Scaling properties for the Container App. |
Scale |
| volumes |
List of volume definitions for the Container App. |
Volume[] |
Container
| Name |
Description |
Value |
| args |
Container start command arguments. |
string[] |
| command |
Container start command. |
string[] |
| env |
Container environment variables. |
EnvironmentVar[] |
| image |
Container image tag. |
string |
| name |
Custom container name. |
string |
| probes |
List of probes for the container. |
ContainerAppProbe[] |
| resources |
Container resource requirements. |
ContainerResources |
| volumeMounts |
Container volume mounts. |
VolumeMount[] |
EnvironmentVar
| Name |
Description |
Value |
| name |
Environment variable name. |
string |
| secretRef |
Name of the Container App secret from which to pull the environment variable value. |
string |
| value |
Non-secret environment variable value. |
string |
ContainerAppProbe
| Name |
Description |
Value |
| failureThreshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. |
int |
| httpGet |
HTTPGet specifies the http request to perform. |
ContainerAppProbeHttpGet |
| initialDelaySeconds |
Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. |
int |
| periodSeconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. |
int |
| successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. |
int |
| tcpSocket |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. |
ContainerAppProbeTcpSocket |
| terminationGracePeriodSeconds |
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) |
int |
| timeoutSeconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. |
int |
| type |
The type of probe. |
'Liveness'
'Readiness'
'Startup' |
ContainerAppProbeHttpGet
| Name |
Description |
Value |
| host |
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
string |
| httpHeaders |
Custom headers to set in the request. HTTP allows repeated headers. |
ContainerAppProbeHttpGetHttpHeadersItem[] |
| path |
Path to access on the HTTP server. |
string |
| port |
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
| scheme |
Scheme to use for connecting to the host. Defaults to HTTP. |
'HTTP'
'HTTPS' |
| Name |
Description |
Value |
| name |
The header field name |
string (required) |
| value |
The header field value |
string (required) |
ContainerAppProbeTcpSocket
| Name |
Description |
Value |
| host |
Optional: Host name to connect to, defaults to the pod IP. |
string |
| port |
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
ContainerResources
| Name |
Description |
Value |
| cpu |
Required CPU in cores, e.g. 0.5 To specify a decimal value, use the json() function. |
int or json decimal |
| memory |
Required memory, e.g. "250Mb" |
string |
VolumeMount
| Name |
Description |
Value |
| mountPath |
Path within the container at which the volume should be mounted.Must not contain ':'. |
string |
| volumeName |
This must match the Name of a Volume. |
string |
Scale
| Name |
Description |
Value |
| maxReplicas |
Optional. Maximum number of container replicas. Defaults to 10 if not set. |
int |
| minReplicas |
Optional. Minimum number of container replicas. |
int |
| rules |
Scaling rules. |
ScaleRule[] |
ScaleRule
QueueScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the queue scale rule. |
ScaleRuleAuth[] |
| queueLength |
Queue length. |
int |
| queueName |
Queue name. |
string |
ScaleRuleAuth
| Name |
Description |
Value |
| secretRef |
Name of the Container App secret from which to pull the auth params. |
string |
| triggerParameter |
Trigger Parameter that uses the secret |
string |
CustomScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe custom scale rule. |
CustomScaleRuleMetadata |
| type |
Type of the custom scale rule
eg: azure-servicebus, redis etc.
|
string |
| Name |
Description |
Value |
| {customized property} |
|
string |
HttpScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe http scale rule. |
HttpScaleRuleMetadata |
| Name |
Description |
Value |
| {customized property} |
|
string |
Volume
| Name |
Description |
Value |
| name |
Volume name. |
string |
| storageName |
Name of storage resource. No need to provide for EmptyDir. |
string |
| storageType |
Storage type for the volume. If not provided, use EmptyDir. |
'AzureFile'
'EmptyDir' |
Quickstart templates
The following quickstart templates deploy this resource type.
The containerApps resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/containerApps resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.App/containerApps@2022-03-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
configuration = {
activeRevisionsMode = "string"
dapr = {
appId = "string"
appPort = int
appProtocol = "string"
enabled = bool
}
ingress = {
allowInsecure = bool
customDomains = [
{
bindingType = "string"
certificateId = "string"
name = "string"
}
]
external = bool
targetPort = int
traffic = [
{
label = "string"
latestRevision = bool
revisionName = "string"
weight = int
}
]
transport = "string"
}
registries = [
{
identity = "string"
passwordSecretRef = "string"
server = "string"
username = "string"
}
]
secrets = [
{
name = "string"
value = "string"
}
]
}
managedEnvironmentId = "string"
template = {
containers = [
{
args = [
"string"
]
command = [
"string"
]
env = [
{
name = "string"
secretRef = "string"
value = "string"
}
]
image = "string"
name = "string"
probes = [
{
failureThreshold = int
httpGet = {
host = "string"
httpHeaders = [
{
name = "string"
value = "string"
}
]
path = "string"
port = int
scheme = "string"
}
initialDelaySeconds = int
periodSeconds = int
successThreshold = int
tcpSocket = {
host = "string"
port = int
}
terminationGracePeriodSeconds = int
timeoutSeconds = int
type = "string"
}
]
resources = {
cpu = "decimal-as-string"
memory = "string"
}
volumeMounts = [
{
mountPath = "string"
volumeName = "string"
}
]
}
]
revisionSuffix = "string"
scale = {
maxReplicas = int
minReplicas = int
rules = [
{
azureQueue = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
queueLength = int
queueName = "string"
}
custom = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
metadata = {
{customized property} = "string"
}
type = "string"
}
http = {
auth = [
{
secretRef = "string"
triggerParameter = "string"
}
]
metadata = {
{customized property} = "string"
}
}
name = "string"
}
]
}
volumes = [
{
name = "string"
storageName = "string"
storageType = "string"
}
]
}
}
})
}
Property values
containerApps
| Name |
Description |
Value |
| type |
The resource type |
"Microsoft.App/containerApps@2022-03-01" |
| name |
The resource name |
string (required)
Character limit: 2-32
Valid characters:
Lowercase letters, numbers, and hyphens..
Start with letter and end with alphanumeric. |
| location |
The geo-location where the resource lives |
string (required) |
| parent_id |
To deploy to a resource group, use the ID of that resource group. |
string (required) |
| tags |
Resource tags. |
Dictionary of tag names and values. |
| identity |
managed identities for the Container App to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| properties |
ContainerApp resource specific properties |
ContainerAppProperties |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
"SystemAssigned"
"SystemAssigned,UserAssigned"
"UserAssigned" (required) |
| identity_ids |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
Array of user identity IDs. |
UserAssignedIdentities
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ContainerAppProperties
| Name |
Description |
Value |
| configuration |
Non versioned Container App configuration properties. |
Configuration |
| managedEnvironmentId |
Resource ID of the Container App's environment. |
string |
| template |
Container App versioned application definition. |
Template |
Configuration
| Name |
Description |
Value |
| activeRevisionsMode |
ActiveRevisionsMode controls how active revisions are handled for the Container app:
{list}{item}Multiple: multiple revisions can be active.{/item}{item}Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.{/item}{/list} |
"Multiple"
"Single" |
| dapr |
Dapr configuration for the Container App. |
Dapr |
| ingress |
Ingress configurations. |
Ingress |
| registries |
Collection of private container registry credentials for containers used by the Container app |
RegistryCredentials[] |
| secrets |
Collection of secrets used by a Container app |
Secret[] |
Dapr
| Name |
Description |
Value |
| appId |
Dapr application identifier |
string |
| appPort |
Tells Dapr which port your application is listening on |
int |
| appProtocol |
Tells Dapr which protocol your application is using. Valid options are http and grpc. Default is http |
"grpc"
"http" |
| enabled |
Boolean indicating if the Dapr side car is enabled |
bool |
Ingress
| Name |
Description |
Value |
| allowInsecure |
Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections |
bool |
| customDomains |
custom domain bindings for Container Apps' hostnames. |
CustomDomain[] |
| external |
Bool indicating if app exposes an external http endpoint |
bool |
| targetPort |
Target Port in containers for traffic from ingress |
int |
| traffic |
Traffic weights for app's revisions |
TrafficWeight[] |
| transport |
Ingress transport protocol |
"auto"
"http"
"http2" |
CustomDomain
| Name |
Description |
Value |
| bindingType |
Custom Domain binding type. |
"Disabled"
"SniEnabled" |
| certificateId |
Resource Id of the Certificate to be bound to this hostname. |
string |
| name |
Hostname. |
string (required) |
TrafficWeight
| Name |
Description |
Value |
| label |
Associates a traffic label with a revision |
string |
| latestRevision |
Indicates that the traffic weight belongs to a latest stable revision |
bool |
| revisionName |
Name of a revision |
string |
| weight |
Traffic weight assigned to a revision |
int |
RegistryCredentials
| Name |
Description |
Value |
| identity |
A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use 'system' |
string |
| passwordSecretRef |
The name of the Secret that contains the registry login password |
string |
| server |
Container Registry Server |
string |
| username |
Container Registry Username |
string |
Secret
| Name |
Description |
Value |
| name |
Secret Name. |
string |
| value |
Secret Value. |
string
Constraints:
Sensitive value. Pass in as a secure parameter.
|
Template
| Name |
Description |
Value |
| containers |
List of container definitions for the Container App. |
Container[] |
| revisionSuffix |
User friendly suffix that is appended to the revision name |
string |
| scale |
Scaling properties for the Container App. |
Scale |
| volumes |
List of volume definitions for the Container App. |
Volume[] |
Container
| Name |
Description |
Value |
| args |
Container start command arguments. |
string[] |
| command |
Container start command. |
string[] |
| env |
Container environment variables. |
EnvironmentVar[] |
| image |
Container image tag. |
string |
| name |
Custom container name. |
string |
| probes |
List of probes for the container. |
ContainerAppProbe[] |
| resources |
Container resource requirements. |
ContainerResources |
| volumeMounts |
Container volume mounts. |
VolumeMount[] |
EnvironmentVar
| Name |
Description |
Value |
| name |
Environment variable name. |
string |
| secretRef |
Name of the Container App secret from which to pull the environment variable value. |
string |
| value |
Non-secret environment variable value. |
string |
ContainerAppProbe
| Name |
Description |
Value |
| failureThreshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. Maximum value is 10. |
int |
| httpGet |
HTTPGet specifies the http request to perform. |
ContainerAppProbeHttpGet |
| initialDelaySeconds |
Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. |
int |
| periodSeconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value is 240. |
int |
| successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. |
int |
| tcpSocket |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. |
ContainerAppProbeTcpSocket |
| terminationGracePeriodSeconds |
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour) |
int |
| timeoutSeconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 240. |
int |
| type |
The type of probe. |
"Liveness"
"Readiness"
"Startup" |
ContainerAppProbeHttpGet
| Name |
Description |
Value |
| host |
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
string |
| httpHeaders |
Custom headers to set in the request. HTTP allows repeated headers. |
ContainerAppProbeHttpGetHttpHeadersItem[] |
| path |
Path to access on the HTTP server. |
string |
| port |
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
| scheme |
Scheme to use for connecting to the host. Defaults to HTTP. |
"HTTP"
"HTTPS" |
| Name |
Description |
Value |
| name |
The header field name |
string (required) |
| value |
The header field value |
string (required) |
ContainerAppProbeTcpSocket
| Name |
Description |
Value |
| host |
Optional: Host name to connect to, defaults to the pod IP. |
string |
| port |
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
int (required) |
ContainerResources
| Name |
Description |
Value |
| cpu |
Required CPU in cores, e.g. 0.5 Specify a decimal value as a string. |
int or json decimal |
| memory |
Required memory, e.g. "250Mb" |
string |
VolumeMount
| Name |
Description |
Value |
| mountPath |
Path within the container at which the volume should be mounted.Must not contain ':'. |
string |
| volumeName |
This must match the Name of a Volume. |
string |
Scale
| Name |
Description |
Value |
| maxReplicas |
Optional. Maximum number of container replicas. Defaults to 10 if not set. |
int |
| minReplicas |
Optional. Minimum number of container replicas. |
int |
| rules |
Scaling rules. |
ScaleRule[] |
ScaleRule
QueueScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the queue scale rule. |
ScaleRuleAuth[] |
| queueLength |
Queue length. |
int |
| queueName |
Queue name. |
string |
ScaleRuleAuth
| Name |
Description |
Value |
| secretRef |
Name of the Container App secret from which to pull the auth params. |
string |
| triggerParameter |
Trigger Parameter that uses the secret |
string |
CustomScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe custom scale rule. |
CustomScaleRuleMetadata |
| type |
Type of the custom scale rule
eg: azure-servicebus, redis etc.
|
string |
| Name |
Description |
Value |
| {customized property} |
|
string |
HttpScaleRule
| Name |
Description |
Value |
| auth |
Authentication secrets for the custom scale rule. |
ScaleRuleAuth[] |
| metadata |
Metadata properties to describe http scale rule. |
HttpScaleRuleMetadata |
| Name |
Description |
Value |
| {customized property} |
|
string |
Volume
| Name |
Description |
Value |
| name |
Volume name. |
string |
| storageName |
Name of storage resource. No need to provide for EmptyDir. |
string |
| storageType |
Storage type for the volume. If not provided, use EmptyDir. |
"AzureFile"
"EmptyDir" |
