Module container-app
containerApp
| Property |
Value |
Description |
| naming (required) |
naming |
|
| managedIdentityType |
'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). (default: None) |
| managedIdentityId |
string |
User assigned managed identity id to access other resources. |
| managedBy |
string |
The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. |
| configuration (required) |
configuration |
Non versioned Container App configuration properties. |
| template (required) |
template |
Container App versioned application definition. |
| workloadProfileName |
string |
Workload profile name to pin for container app execution. |
dapr
| Property |
Value |
Description |
| appId (required) |
string |
Dapr application identifier. |
| appPort (required) |
int |
Tells Dapr which port your application is listening on. |
| appProtocol |
'grpc'
'http' |
Tells Dapr which protocol your application is using. Valid options are http and grpc. (default: http) |
| enableApiLogging |
bool |
Enables API logging for the Dapr sidecar. |
| enabled |
bool |
Boolean indicating if the Dapr side car is enabled. |
| httpMaxRequestSize |
int |
Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. (default: 4MB) |
| httpReadBufferSize |
int |
Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. (Default: 65KB) |
| logLevel |
'debug'
'error'
'info'
'warn' |
Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. (Default: info) |
corsPolicy
| Property |
Value |
Description |
| allowCredentials |
bool |
Specifies whether the resource allows credentials. |
| allowedHeaders |
string[] |
Specifies the content for the access-control-allow-headers header. |
| allowedMethods |
string[] |
Specifies the content for the access-control-allow-methods header. |
| allowedOrigins (required) |
string[] |
Specifies the content for the access-control-allow-origins header. |
| exposeHeaders |
string[] |
Specifies the content for the access-control-expose-headers header. |
| maxAge |
int |
Specifies the content for the access-control-max-age header. |
stickySessions
| Property |
Value |
Description |
| affinity (required) |
'none'
'sticky' |
Sticky Session Affinity. |
ingress
| Property |
Value |
Description |
| allowInsecure |
bool |
Boolean indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. (default: false) |
| clientCertificateMode |
'accept'
'ignore'
'require' |
Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate. |
| corsPolicy |
corsPolicy |
CORS policy for container app. |
| customDomains |
containerAppCustomDomain[] |
Custom domain bindings for Container Apps hostnames. |
| exposedPort |
int |
Exposed Port in containers for TCP traffic from ingress. |
| additionalPortMappings |
containerAppAdditionalPortMapping[] |
Settings to expose additional ports on container app. |
| external (required) |
bool |
Boolean indicating if app exposes an external http endpoint. |
| ipSecurityRestrictions |
containerAppIpSecurityRestrictionRule[] |
Rules to restrict incoming IP address. |
| stickySessions |
stickySessions |
Sticky Sessions for Single Revision Mode. |
| targetPort |
int |
Target Port in containers for traffic from ingress. |
| traffic |
containerAppTrafficWeight[] |
Traffic weights for apps revisions. |
| transport |
'auto'
'http'
'http2'
'tcp' |
Ingress transport protocol. (default: auto) |
service
| Property |
Value |
Description |
| type (required) |
string |
Dev ContainerApp service type. |
configuration
| Property |
Value |
Description |
| activeRevisionsMode |
'Multiple'
'Single' |
ActiveRevisionsMode controls how active revisions are handled for the Container app: |
- Multiple: multiple revisions can be active.
- Single: Only one revision can be active at a time. Revision weights can not be used in this mode. If no value if provided, this is the default.
dapr | dapr | Dapr configuration for the Container App.
ingress | ingress | Ingress configurations.
maxInactiveRevisions | int | Optional. Max inactive revisions a Container App can have.
registries | containerAppRegistryCredentials[] | Collection of private container registry credentials for containers used by the Container app.
secrets | containerAppSecret[] | Collection of secrets used by a Container app.
service | service | Container App to be a dev Container App Service.
scale
| Property |
Value |
Description |
| maxReplicas |
int |
Optional. Maximum number of container replicas. Defaults to 10 if not set. |
| minReplicas |
int |
Optional. Minimum number of container replicas. |
| rules |
containerAppTemplateScaleRule[] |
Scaling rules. |
template
| Property |
Value |
Description |
| containers (required) |
containerAppTemplateContainer[] |
List of container definitions for the Container App. |
| initContainers |
containerAppTemplateInitContainer[] |
List of specialized containers that run before app containers. |
| revisionSuffix |
string |
User friendly suffix that is appended to the revision name. |
| scale |
scale |
Scaling properties for the Container App. |
| serviceBinds |
containerAppTemplateServiceBind[] |
List of container app services bound to the app. |
| terminationGracePeriodSeconds |
int |
Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. (default: 30 seconds) |
| volumes |
containerAppTemplateVolume[] |
List of volume definitions for the Container App. |
containerAppCustomDomain
| Property |
Value |
Description |
| bindingType |
'Disabled'
'SniEnabled' |
Custom Domain binding type. |
| certificateName |
string |
Resource Id of the Certificate to be bound to this hostname. Must exist in the Managed Environment. |
| name (required) |
string |
Hostname. |
containerAppIpSecurityRestrictionRule
| Property |
Value |
Description |
| action (required) |
'Allow'
'Deny' |
Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny. |
| description |
string |
Describe the IP restriction rule that is being sent to the container-app. This is an optional field. |
| ipAddressRange (required) |
string |
CIDR notation to match incoming IP address. |
| name (required) |
string |
Name for the IP restriction rule. |
containerAppAdditionalPortMapping
| Property |
Value |
Description |
| exposedPort |
int |
Specifies the exposed port for the target port. If not specified, it defaults to target port. |
| external (required) |
bool |
Specifies whether the app port is accessible outside of the environment. |
| targetPort (required) |
int |
Specifies the port user's container listens on. |
containerAppTrafficWeight
| Property |
Value |
Description |
| label |
string |
Associates a traffic label with a revision. |
| latestRevision |
bool |
Indicates that the traffic weight belongs to a latest stable revision. |
| revisionName |
string |
Name of a revision. |
| weight |
int |
Traffic weight assigned to a revision. |
containerAppRegistryCredentials
| Property |
Value |
Description |
| identity |
string |
A Managed Identity to use to authenticate with Azure Container Registry. For user-assigned identities, use the full user-assigned identity Resource ID. For system-assigned identities, use system. |
| passwordSecretRef |
string |
The name of the Secret that contains the registry login password. |
| server (required) |
string |
Container Registry Server. |
| username |
string |
Container Registry Username. |
containerAppSecret
| Property |
Value |
Description |
| identity |
string |
Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. |
| keyVaultUrl |
string |
Azure Key Vault URL pointing to the secret referenced by the container app. |
| name (required) |
string |
Secret Name. |
| value |
string |
Secret Value. |
containerAppTemplateContainer
containerAppResources
| Property |
Value |
Description |
| cpu (required) |
string |
Required CPU in cores, e.g. 0.5 To specify a decimal value, use the json() function. |
| memory |
string |
Required memory, e.g. "250Mb" |
containerAppTemplateContainerContainerAppProbe
| Property |
Value |
Description |
| failureThreshold (required) |
int |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. Maximum value is 10. (default: 3) |
| httpGet |
httpGet |
HTTPGet specifies the http request to perform. |
| initialDelaySeconds (required) |
int |
Number of seconds after the container has started before liveness probes are initiated. Minimum value is 1. Maximum value is 60. |
| periodSeconds (required) |
int |
How often (in seconds) to perform the probe. Minimum value is 1. Maximum value is 240. (default: 10 seconds) |
| successThreshold (required) |
int |
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. Maximum value is 10. |
| tcpSocket |
containerAppProbeTcpSocket |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. |
| terminationGracePeriodSeconds |
int |
Optional duration in seconds the Container App Instance needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. Set this value longer than the expected cleanup time for your process. (default: 30 seconds) |
| timeoutSeconds (required) |
int |
Number of seconds after which the probe times out. Minimum value is 1. Maximum value is 240. (default: 1 second) |
| type (required) |
'Liveness'
'Readiness'
'Startup' |
The type of probe. |
httpGet
| Property |
Value |
Description |
| host |
string |
Host name to connect to, defaults to the pod IP. You probably want to set Host in httpHeaders instead. |
| httpHeaders |
containerAppProbeHttpGetHttpHeadersItem[] |
Custom headers to set in the request. HTTP allows repeated headers. |
| path |
string |
Path to access on the HTTP server. |
| port (required) |
int |
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
| scheme |
'HTTP'
'HTTPS' |
Scheme to use for connecting to the host. (default: HTTP) |
| Property |
Value |
Description |
| name (required) |
string |
The header field name. |
| value (required) |
string |
The header field value. |
containerAppProbeTcpSocket
| Property |
Value |
Description |
| host |
string |
Optional: Host name to connect to, defaults to the pod IP. |
| port (required) |
int |
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
containerAppTemplateServiceBind
| Property |
Value |
Description |
| name (required) |
string |
Name of the service bind. |
| serviceId (required) |
string |
Resource id of the target service. |
containerAppTemplateVolume
| Property |
Value |
Description |
| name (required) |
string |
Volume name. |
| secrets |
containerAppTemplateVolumeSecretVolumeItem[] |
List of secrets to be added in volume. If no secrets are provided, all secrets in collection will be added to volume. |
| storageName (required) |
string |
Name of storage resource. No need to provide for EmptyDir and Secret. |
| storageType |
'AzureFile'
'EmptyDir'
'Secret' |
Storage type for the volume. If not provided, use EmptyDir. |
| mountOptions |
string |
Mount options used while mounting the AzureFile. Must be a comma-separated string. |
containerAppTemplateVolumeSecretVolumeItem
| Property |
Value |
Description |
| path (required) |
string |
Path to project secret to. If no path is provided, path defaults to name of secret listed in secretRef. |
| secretRef |
string |
Name of the Container App secret from which to pull the secret value. |
containerAppTemplateContainerEnvironmentVar
| Property |
Value |
Description |
| name (required) |
string |
Environment variable name. |
| secretRef |
string |
Name of the Container App secret from which to pull the environment variable value. |
| value |
string |
Non-secret environment variable value. |
containerAppVolumeMount
| Property |
Value |
Description |
| mountPath (required) |
string |
Path within the container at which the volume should be mounted.Must not contain ':'. |
| subPath |
string |
Path within the volume from which the containers volume should be mounted. Defaults to " "(volumes root). |
| volumeName (required) |
string |
This must match the Name of a Volume. |
containerAppTemplateInitContainer
containerAppTemplateInitContainerEnvironmentVar
| Property |
Value |
Description |
| name (required) |
string |
Environment variable name. |
| secretRef |
string |
Name of the Container App secret from which to pull the environment variable value. |
| value |
string |
Non-secret environment variable value. |
containerAppTemplateScaleRule
| Property |
Value |
Description |
| azureQueue |
azureQueue |
Azure Queue based scaling. |
| custom |
custom |
Custom scale rule. |
| http |
http |
HTTP requests based scaling. |
| name (required) |
string |
Scale Rule Name. |
| tcp |
tcp |
Tcp requests based scaling. |
azureQueue
| Property |
Value |
Description |
| accountName |
string |
Storage account name. required if using managed identity to authenticate |
| auth |
containerAppScaleRuleAuth[] |
Authentication secrets for the queue scale rule. |
| identity |
string |
The resource ID of a user-assigned managed identity that is assigned to the Container App, or 'system' for system-assigned identity. |
| queueLength (required) |
int |
Queue length. |
| queueName (required) |
string |
Queue name. |
custom
| Property |
Value |
Description |
| auth |
containerAppScaleRuleAuth[] |
Authentication secrets for the custom scale rule. |
| metadata (required) |
object |
Metadata properties to describe custom scale rule. |
| type (required) |
string |
Type of the custom scale rule, eg: azure-servicebus, redis etc. |
http
| Property |
Value |
Description |
| auth |
containerAppScaleRuleAuth[] |
Authentication secrets for the http scale rule. |
| metadata (required) |
object |
Metadata properties to describe http scale rule. |
tcp
| Property |
Value |
Description |
| auth |
containerAppScaleRuleAuth[] |
Authentication secrets for the tcp scale rule. |
| metadata (required) |
object |
Metadata properties to describe tcp scale rule. |
containerAppScaleRuleAuth
| Property |
Value |
Description |
| secretRef |
string |
Name of the secret from which to pull the auth params. |
| triggerParameter (required) |
string |
Trigger Parameter that uses the secret. |
containerAppProbeHttpGet
| Property |
Value |
Description |
| host |
string |
Host name to connect to, defaults to the pod IP. You probably want to set Host in httpHeaders instead. |
| httpHeaders |
containerAppProbeHttpGetHttpHeadersItem[] |
Custom headers to set in the request. HTTP allows repeated headers. |
| path |
string |
Path to access on the HTTP server. |
| port (required) |
int |
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
| scheme |
'HTTP'
'HTTPS' |
Scheme to use for connecting to the host. (default: HTTP) |
naming
| Property |
Value |
Description |
| forceFunctionAsFullName |
bool |
Use the function value as the full name of the resource |
| abbreviation |
string |
Override the abbreviation of this resource with this parameter |
| environment |
string |
The resource environment (for example: dev, tst, acc, prd) |
| location |
string |
The resource location (for example: weu, we, westeurope) |
| customer |
string |
The name of the customer |
| delimiter |
string |
The delimiter between resources (default: -) |
| nameFormat |
Array containing any of:
'abbreviation'
'customer'
'environment'
'function'
'location'
'param1'
'param2'
'param3'
'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 |
string |
Extra parameter self defined |
| param2 |
string |
Extra parameter self defined |
| param3 |
string |
Extra parameter self defined |
| function (required) |
string |
Function of the resource [can be app, db, security,...] |
| useCaseName |
string |
Name of the use case [can be hub, spoke,...] |
| suffix |
string |
Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming |
bool |
Force the CAF naming instead of default company naming |
Bicep Module Documentation