Bicep Module Documentation
← Back to Overview
Module container-instance
containerInstance
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| identity | identity | The identity of the container group, if configured. |
| zones | string[] | The zones for the container group. |
| container (required) | container | The containers within the container group. Only a single container is supported. |
| confidentialComputeProperties | confidentialComputeProperties | The properties for confidential container group |
| osType (required) | 'Linux' 'Windows' |
The operating system type required by the containers in the container group. |
| priority | 'Regular' 'Spot' |
The priority of the container group. |
| restartPolicy | 'Always' 'Never' 'OnFailure' |
Restart policy for all containers within the container group (defauult: OnFailure). |
| sku | 'Confidential' 'Dedicated' 'NotSpecified' 'Standard' |
The SKU for a container group (default: Standard). |
| volumes | volumes[] | The list of volumes that can be mounted by containers in this container group. |
| securityContext | securityContext | The container security properties. |
| ipAddress | ipAddress | The IP address type of the container group. |
| subnetId | string | The subnetId associated with the container group. The subnet must be delegated to 'Microsoft.ContainerInstance/containerGroups' |
| diagnostics | diagnostics | The diagnostic information for a container group. |
| encryptionProperties | encryptionProperties | The encryption properties for a container group. |
| extensions | extensions[] | extensions used by virtual kubelet |
| imageRegistryCredentials | imageRegistryCredentials[] | The image registry credentials by which the container group is created from. |
| initContainers | initContainers[] | The init containers for a container group. |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
The types of identities associated with this resource. (default: none) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
keyValuePairs
| Property | Value | Description |
|---|---|---|
| key (required) | string | |
| value (required) | string |
configMap
| Property | Value | Description |
|---|---|---|
| keyValuePairs (required) | keyValuePairs | The key value pairs dictionary in the config map. |
ports
| Property | Value | Description |
|---|---|---|
| port (required) | int | The port number. |
| protocol | 'TCP' 'UDP' |
The protocol associated with the port. |
gpu
| Property | Value | Description |
|---|---|---|
| count (required) | int | The number of GPU cores. |
| sku (required) | 'K80' 'P100' 'V100' |
The SKU of the GPU. |
limits
| Property | Value | Description |
|---|---|---|
| memoryInGB (required) | int | The memory limit in GB of this container instance. |
| cpu (required) | int | The CPU limit of this container instance. |
| gpu | gpu | The GPU limit of this container instance. |
requests
| Property | Value | Description |
|---|---|---|
| memoryInGB (required) | int | The memory request in GB of this container instance. . |
| cpu (required) | int | The CPU request of this container instance. |
| gpu | gpu | The GPU request of this container instance. |
resources
| Property | Value | Description |
|---|---|---|
| limits | limits | The resource limits of this container instance. |
| requests (required) | requests | The resource requests of this container instance. |
container
| Property | Value | Description |
|---|---|---|
| command | string[] | The commands to execute within the container instance in exec form. |
| configMap | configMap | The config map. |
| environmentVariables | environmentVariable[] | The environment variables to set in the container instance. |
| image | string | The name of the image used to create the container instance. |
| livenessProbe | containerProbe | The liveness probe. |
| ports | ports[] | The exposed ports on the container instance. |
| readinessProbe | containerProbe | |
| resources | resources | The resource requirements of the container instance. |
| securityContext | securityContext | The container security properties. |
| volumeMounts | volumeMount[] | The volume mounts available to the container instance. |
confidentialComputeProperties
| Property | Value | Description |
|---|---|---|
| ccePolicy (required) | string | The base64 encoded confidential compute enforcement policy |
azureFile
| Property | Value | Description |
|---|---|---|
| readOnly | bool | The flag indicating whether the Azure File shared mounted as a volume is read-only. |
| shareName (required) | string | The name of the Azure File share to be mounted as a volume. |
| storageAccountKey (required) | securestring | The storage account access key used to access the Azure File share. |
| storageAccountKeyReference | string | The reference to the storage account access key used to access the Azure File share. |
| storageAccountName (required) | string | The name of the storage account that contains the Azure File share. |
gitRepo
| Property | Value | Description |
|---|---|---|
| directory | string | Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. |
| repository (required) | string | The repository URL. |
| revision | string | The commit hash for the specified revision. |
volumes
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the volume. |
| azureFile | azureFile | The Azure File volume. |
| gitRepo | gitRepo | The git repo volume. |
ipAddress
| Property | Value | Description |
|---|---|---|
| type (required) | 'Private' 'Public' |
Specifies if the IP is exposed to the public internet or private VNET. |
| ports (required) | ports[] | The list of ports exposed on the container group. |
| dnsNameLabel | string | The Dns name label for the IP. |
| ip | string | The IP exposed to the public internet. |
| autoGeneratedDomainNameLabelScope | 'Noreuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' 'Unsecure' |
The value representing the security enum. The 'Unsecure' value is the default value if not selected and means the object's domain name label is not secured against subdomain takeover. The 'TenantReuse' value is the default value if selected and means the object's domain name label can be reused within the same tenant. The 'SubscriptionReuse' value means the object's domain name label can be reused within the same subscription. The 'ResourceGroupReuse' value means the object's domain name label can be reused within the same resource group. The 'NoReuse' value means the object's domain name label cannot be reused within the same resource group, subscription, or tenant. |
logAnalytics
| Property | Value | Description |
|---|---|---|
| workspaceId (required) | string | The workspace id for log analytics. |
| logType | 'ContainerInsights' 'ContainerInstanceLogs' |
The log type to be used. |
| workspaceKey (required) | securestring | The workspace key for log analytics. |
| workspaceResourceId | securestring | The workspace resource id for log analytics |
diagnostics
| Property | Value | Description |
|---|---|---|
| logAnalytics (required) | logAnalytics | Container group log analytics information. |
encryptionProperties
| Property | Value | Description |
|---|---|---|
| identity | string | The keyvault managed identity. |
| keyName (required) | string | The encryption key name. |
| keyVersion (required) | string | The encryption key version. |
| vaultBaseUrl (required) | string | The keyvault base url. |
properties
| Property | Value | Description |
|---|---|---|
| command | string[] | The command to execute within the init container in exec form. |
| image | string | The image of the init container. |
| environmentVariables | environmentVariable[] | The environment variables to set in the init container. |
| securityContext | securityContext | The container security properties. |
| volumeMounts | volumeMount[] | The volume mounts available to the init container. |
extensions
| Property | Value | Description |
|---|---|---|
| name (required) | string | Name of the extension. |
| properties (required) | properties | Extension specific properties |
imageRegistryCredentials
| Property | Value | Description |
|---|---|---|
| identity | string | The identity for the private registry. |
| identityUrl | string | The identity URL for the private registry. |
| password | securestring | The password for the private registry. |
| passwordReference | string | The reference for the private registry password. |
| server (required) | string | The Docker image registry server without a protocol such as "http" and "https". |
| username | string | The username for the private registry. |
initContainers
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name for the init container. |
| properties (required) | properties | The properties for the init container. |
containerProbe
| Property | Value | Description |
|---|---|---|
| exec | exec | The execution command to probe |
| failureThreshold | int | The failure threshold. |
| httpGet | httpGet | The HTTP GET probe. |
| initialDelaySeconds | int | The initial delay seconds. |
| periodSeconds | int | The period seconds. |
| successThreshold | int | The success threshold. |
| timeoutSeconds | int | The timeout seconds. |
exec
| Property | Value | Description |
|---|---|---|
| command (required) | string[] | The commands to execute within the container. |
httpHeaders
| Property | Value | Description |
|---|---|---|
| name (required) | string | The header name. |
| value (required) | string | The header value. |
httpGet
| Property | Value | Description |
|---|---|---|
| path | string | The path to access on the HTTP server. |
| port (required) | int | The port number to probe. |
| scheme | 'http' 'https' |
The scheme to use for connecting to the host. |
| httpHeaders | httpHeaders[] | The HTTP headers to set for the HTTP probe. |
securityContext
| Property | Value | Description |
|---|---|---|
| allowPrivilegeEscalation | bool | A boolean value indicating whether the init process can elevate its privileges |
| privileged | bool | The flag to determine if the container permissions is elevated to Privileged. |
| runAsGroup | int | Sets the User GID for the container. |
| runAsUser | int | Sets the User UID for the container. |
| seccompProfile | string | a base64 encoded string containing the contents of the JSON in the seccomp profile |
| capabilities | capabilities | The capabilities to add or drop from a container. |
capabilities
| Property | Value | Description |
|---|---|---|
| add | string[] | The capabilities to add to the container. |
| drop | string[] | The capabilities to drop from the container. |
environmentVariable
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the environment variable. |
| secureValue | securestring | The value of the secure environment variable. |
| secureValueReference | string | The reference of the secure environment variable. |
| value | string | The value of the environment variable. |
volumeMount
| Property | Value | Description |
|---|---|---|
| mountPath (required) | string | The path within the container where the volume should be mounted. Must not contain colon (:). |
| name (required) | string | The name of the volume mount. |
| readOnly | bool | The flag indicating whether the volume mount is read-only. |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
Changelog
1.1.0 (2025-12-02)
Features
- add identity property
1.0.0 (2025-11-27)
⚠ BREAKING CHANGES
- add initial version
Features
- add initial version