Bicep - Deploy Azure Container Registry (ACR)
The use of Infrastructure as Code (IaC) has become vital in achieving successful and scalable implementations. Azure Bicep allows us to provision and manage resources in Azure with reliability and conciseness.
In this blog post, I want to show you the steps to implement an ACR using a Bicep template. We’ll start by defining the ACR and its properties in a Bicep file, then we’ll use a parameter file to implement it, and finally, using the Azure CLI, we’ll deploy the resource.
Prerequisites #
Before you start, you’ll need the following to deploy and manage resources with Bicep:
- You need Azure CLI version 2.20.0 or later to deploy Bicep files on your local machine.
- A text editor or IDE of your choice (Visual Studio Code with Bicep extension is my recommendation)
Create the Bicep file #
The first step in deploying a Bicep template is to create the Bicep file that defines your resources. Create a new file named acr.bicep. This file will contain the necessary code to define and configure your Azure Container registry resource.
@description('Name of the project or solution')
@minLength(3)
@maxLength(18)
param projectName string
@description('The location where the ACR should be created')
@allowed([
'westeurope'
'northeurope'
])
param location string
@allowed([
'Basic'
'Standard'
'Premium'
])
@description('The SKU for the ACR')
param sku string = 'Premium'
@description('Flag indicating whether admin user should be enabled for the ACR')
param adminEnabled bool = false
@description('Flag indicating whether anonymous pull should be enabled')
param anonymousPullEnabled bool = false
@description('Flag indicating whether data endpoint should be enabled')
param dataEndpointEnabled bool = false
@allowed([
'Allow'
'Deny'
])
@description('The default action of network rule')
param defaultAction string = 'Allow'
@description('The IP address or range for network rule')
param ipAddress string
@description('Resource tags')
param resourceTags object = {
environment: 'jorgebernhardt.com'
}
var uniqueStringForAcr = uniqueString(resourceGroup().id)
var acrName = toLower('acr${projectName}${uniqueStringForAcr}')
resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
name: acrName
location: location
tags: resourceTags
sku: {
name: sku
}
identity: {
type: 'SystemAssigned'
}
properties: {
adminUserEnabled: adminEnabled
anonymousPullEnabled: anonymousPullEnabled
dataEndpointEnabled: dataEndpointEnabled
networkRuleSet: {
defaultAction: defaultAction
ipRules: [
{
action: 'Allow'
value: ipAddress
}
]
}
}
}
@description('The entire ACR resource object')
output acrObject object = acr
Important: Please note that in this example, I’ve selected the Premium SKU to demonstrate all possible features. Remember, each SKU has a different set of available features, so you may need to modify this template according to the SKU you select.
Deployment scope #
You can target your deployment to a resource group, subscription, management group, or tenant. In this case, when creating the Azure container registry, an Azure resource group is needed to put all the necessary resources here. By default, when deploying a Bicep template, the scope where the resource should be deployed is a resource group.
You can use an existing Resource Group, or you can create a new Resource Group. If you want to know how to create a Resource Group using Azure CLI, check out this link.
Deploy the Bicep template using the Azure CLI #
Once your Bicep template is prepared, and you’ve selected your desired scope, you can proceed to deploy the template through the Azure CLI. To do so, execute the following commands.
Parameters #
Personalization is key to making your template reusable. With the parameters, you can easily tailor the template to your specific needs. You can use either inline parameters or a parameter file to pass parameter values. In my case, I will use a file to pass the parameters; here is an example.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"projectName": {
"value": "demo"
},
"location": {
"value": "westeurope"
},
"sku": {
"value": "Premium"
},
"adminEnabled": {
"value": false
},
"anonymousPullEnabled": {
"value": false
},
"dataEndpointEnabled": {
"value": false
},
"defaultAction": {
"value": "Allow"
},
"ipAddress": {
"value": "0.0.0.0"
},
"resourceTags": {
"value": {
"environment": "jorgebernhardt.com"
}
}
}
}
Important: Please note that the parameter file stores parameter values in plain text format. If you need to include a parameter with sensitive data, it’s recommended to store the value in a secure key vault.
Preview changes #
Before deploying a Bicep file, you can preview the changes that will occur to your resources. Using what-if operations does not change existing resources; it simply shows you an output that includes color-coded results that allow you to see different changes.
az deployment group what-if \
--resource-group <resource-group-name> \
--template-file <filename>.bicep \
--parameters @<filename>.parameters.json
Deploy the Azure resource #
Finally, to deploy the template, run the following command.
az deployment group create \
--resource-group <resource-group-name> \
--template-file <filename>.bicep \
--parameters @<filename>.parameters.json
Validate the deployment #
To verify that the budget resource was created correctly, you can either use the Azure Portal or the Azure CLI to check the created resources and their configurations. For Azure CLI, use the following command.
az acr list \
--resource-group <resource-group-name> \
--output table
References and useful links #
Thank you for taking the time to read my post. I sincerely hope that you find it helpful.