azure.containerservice.Registry (v4)

Azure v4.42.0 (4.x), Mar 9 26

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var rg = new Azure.Core.ResourceGroup("rg", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var acr = new Azure.ContainerService.Registry("acr", new Azure.ContainerService.RegistryArgs
        {
            ResourceGroupName = rg.Name,
            Location = rg.Location,
            Sku = "Premium",
            AdminEnabled = false,
            Georeplications = 
            {
                new Azure.ContainerService.Inputs.RegistryGeoreplicationArgs
                {
                    Location = "East US",
                    ZoneRedundancyEnabled = true,
                    Tags = ,
                },
                new Azure.ContainerService.Inputs.RegistryGeoreplicationArgs
                {
                    Location = "westeurope",
                    ZoneRedundancyEnabled = true,
                    Tags = ,
                },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/containerservice"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		rg, err := core.NewResourceGroup(ctx, "rg", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = containerservice.NewRegistry(ctx, "acr", &containerservice.RegistryArgs{
			ResourceGroupName: rg.Name,
			Location:          rg.Location,
			Sku:               pulumi.String("Premium"),
			AdminEnabled:      pulumi.Bool(false),
			Georeplications: containerservice.RegistryGeoreplicationArray{
				&containerservice.RegistryGeoreplicationArgs{
					Location:              pulumi.String("East US"),
					ZoneRedundancyEnabled: pulumi.Bool(true),
					Tags:                  nil,
				},
				&containerservice.RegistryGeoreplicationArgs{
					Location:              pulumi.String("westeurope"),
					ZoneRedundancyEnabled: pulumi.Bool(true),
					Tags:                  nil,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const rg = new azure.core.ResourceGroup("rg", {location: "West Europe"});
const acr = new azure.containerservice.Registry("acr", {
    resourceGroupName: rg.name,
    location: rg.location,
    sku: "Premium",
    adminEnabled: false,
    georeplications: [
        {
            location: "East US",
            zoneRedundancyEnabled: true,
            tags: {},
        },
        {
            location: "westeurope",
            zoneRedundancyEnabled: true,
            tags: {},
        },
    ],
});

import pulumi
import pulumi_azure as azure

rg = azure.core.ResourceGroup("rg", location="West Europe")
acr = azure.containerservice.Registry("acr",
    resource_group_name=rg.name,
    location=rg.location,
    sku="Premium",
    admin_enabled=False,
    georeplications=[
        azure.containerservice.RegistryGeoreplicationArgs(
            location="East US",
            zone_redundancy_enabled=True,
            tags={},
        ),
        azure.containerservice.RegistryGeoreplicationArgs(
            location="westeurope",
            zone_redundancy_enabled=True,
            tags={},
        ),
    ])

Example coming soon!

Encryption)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var rg = new Azure.Core.ResourceGroup("rg", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("exampleUserAssignedIdentity", new Azure.Authorization.UserAssignedIdentityArgs
        {
            ResourceGroupName = azurerm_resource_group.Example.Name,
            Location = azurerm_resource_group.Example.Location,
        });
        var exampleKey = Output.Create(Azure.KeyVault.GetKey.InvokeAsync(new Azure.KeyVault.GetKeyArgs
        {
            Name = "super-secret",
            KeyVaultId = data.Azurerm_key_vault.Existing.Id,
        }));
        var acr = new Azure.ContainerService.Registry("acr", new Azure.ContainerService.RegistryArgs
        {
            ResourceGroupName = rg.Name,
            Location = rg.Location,
            Sku = "Premium",
            Identity = new Azure.ContainerService.Inputs.RegistryIdentityArgs
            {
                Type = "UserAssigned",
                IdentityIds = 
                {
                    exampleUserAssignedIdentity.Id,
                },
            },
            Encryption = new Azure.ContainerService.Inputs.RegistryEncryptionArgs
            {
                Enabled = true,
                KeyVaultKeyId = exampleKey.Apply(exampleKey => exampleKey.Id),
                IdentityClientId = exampleUserAssignedIdentity.ClientId,
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/containerservice"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		rg, err := core.NewResourceGroup(ctx, "rg", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "exampleUserAssignedIdentity", &authorization.UserAssignedIdentityArgs{
			ResourceGroupName: pulumi.Any(azurerm_resource_group.Example.Name),
			Location:          pulumi.Any(azurerm_resource_group.Example.Location),
		})
		if err != nil {
			return err
		}
		exampleKey, err := keyvault.LookupKey(ctx, &keyvault.LookupKeyArgs{
			Name:       "super-secret",
			KeyVaultId: data.Azurerm_key_vault.Existing.Id,
		}, nil)
		if err != nil {
			return err
		}
		_, err = containerservice.NewRegistry(ctx, "acr", &containerservice.RegistryArgs{
			ResourceGroupName: rg.Name,
			Location:          rg.Location,
			Sku:               pulumi.String("Premium"),
			Identity: &containerservice.RegistryIdentityArgs{
				Type: pulumi.String("UserAssigned"),
				IdentityIds: pulumi.StringArray{
					exampleUserAssignedIdentity.ID(),
				},
			},
			Encryption: &containerservice.RegistryEncryptionArgs{
				Enabled:          pulumi.Bool(true),
				KeyVaultKeyId:    pulumi.String(exampleKey.Id),
				IdentityClientId: exampleUserAssignedIdentity.ClientId,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const rg = new azure.core.ResourceGroup("rg", {location: "West Europe"});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("exampleUserAssignedIdentity", {
    resourceGroupName: azurerm_resource_group.example.name,
    location: azurerm_resource_group.example.location,
});
const exampleKey = azure.keyvault.getKey({
    name: "super-secret",
    keyVaultId: data.azurerm_key_vault.existing.id,
});
const acr = new azure.containerservice.Registry("acr", {
    resourceGroupName: rg.name,
    location: rg.location,
    sku: "Premium",
    identity: {
        type: "UserAssigned",
        identityIds: [exampleUserAssignedIdentity.id],
    },
    encryption: {
        enabled: true,
        keyVaultKeyId: exampleKey.then(exampleKey => exampleKey.id),
        identityClientId: exampleUserAssignedIdentity.clientId,
    },
});

import pulumi
import pulumi_azure as azure

rg = azure.core.ResourceGroup("rg", location="West Europe")
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("exampleUserAssignedIdentity",
    resource_group_name=azurerm_resource_group["example"]["name"],
    location=azurerm_resource_group["example"]["location"])
example_key = azure.keyvault.get_key(name="super-secret",
    key_vault_id=data["azurerm_key_vault"]["existing"]["id"])
acr = azure.containerservice.Registry("acr",
    resource_group_name=rg.name,
    location=rg.location,
    sku="Premium",
    identity=azure.containerservice.RegistryIdentityArgs(
        type="UserAssigned",
        identity_ids=[example_user_assigned_identity.id],
    ),
    encryption=azure.containerservice.RegistryEncryptionArgs(
        enabled=True,
        key_vault_key_id=example_key.id,
        identity_client_id=example_user_assigned_identity.client_id,
    ))

Example coming soon!

Attaching A Container Registry To A Kubernetes Cluster)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var exampleRegistry = new Azure.ContainerService.Registry("exampleRegistry", new Azure.ContainerService.RegistryArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            Location = exampleResourceGroup.Location,
        });
        var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("exampleKubernetesCluster", new Azure.ContainerService.KubernetesClusterArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            DnsPrefix = "exampleaks1",
            DefaultNodePool = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolArgs
            {
                Name = "default",
                NodeCount = 1,
                VmSize = "Standard_D2_v2",
            },
            Identity = new Azure.ContainerService.Inputs.KubernetesClusterIdentityArgs
            {
                Type = "SystemAssigned",
            },
            Tags = 
            {
                { "Environment", "Production" },
            },
        });
        var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
        {
            PrincipalId = exampleKubernetesCluster.KubeletIdentities.Apply(kubeletIdentities => kubeletIdentities[0].ObjectId),
            RoleDefinitionName = "AcrPull",
            Scope = exampleRegistry.Id,
            SkipServicePrincipalAadCheck = true,
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/containerservice"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleRegistry, err := containerservice.NewRegistry(ctx, "exampleRegistry", &containerservice.RegistryArgs{
			ResourceGroupName: exampleResourceGroup.Name,
			Location:          exampleResourceGroup.Location,
		})
		if err != nil {
			return err
		}
		exampleKubernetesCluster, err := containerservice.NewKubernetesCluster(ctx, "exampleKubernetesCluster", &containerservice.KubernetesClusterArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			DnsPrefix:         pulumi.String("exampleaks1"),
			DefaultNodePool: &containerservice.KubernetesClusterDefaultNodePoolArgs{
				Name:      pulumi.String("default"),
				NodeCount: pulumi.Int(1),
				VmSize:    pulumi.String("Standard_D2_v2"),
			},
			Identity: &containerservice.KubernetesClusterIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("Production"),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			PrincipalId: exampleKubernetesCluster.KubeletIdentities.ApplyT(func(kubeletIdentities []containerservice.KubernetesClusterKubeletIdentity) (string, error) {
				return kubeletIdentities[0].ObjectId, nil
			}).(pulumi.StringOutput),
			RoleDefinitionName:           pulumi.String("AcrPull"),
			Scope:                        exampleRegistry.ID(),
			SkipServicePrincipalAadCheck: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleRegistry = new azure.containerservice.Registry("exampleRegistry", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
});
const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("exampleKubernetesCluster", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    dnsPrefix: "exampleaks1",
    defaultNodePool: {
        name: "default",
        nodeCount: 1,
        vmSize: "Standard_D2_v2",
    },
    identity: {
        type: "SystemAssigned",
    },
    tags: {
        Environment: "Production",
    },
});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
    principalId: exampleKubernetesCluster.kubeletIdentities.apply(kubeletIdentities => kubeletIdentities[0].objectId),
    roleDefinitionName: "AcrPull",
    scope: exampleRegistry.id,
    skipServicePrincipalAadCheck: true,
});

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_registry = azure.containerservice.Registry("exampleRegistry",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location)
example_kubernetes_cluster = azure.containerservice.KubernetesCluster("exampleKubernetesCluster",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    dns_prefix="exampleaks1",
    default_node_pool=azure.containerservice.KubernetesClusterDefaultNodePoolArgs(
        name="default",
        node_count=1,
        vm_size="Standard_D2_v2",
    ),
    identity=azure.containerservice.KubernetesClusterIdentityArgs(
        type="SystemAssigned",
    ),
    tags={
        "Environment": "Production",
    })
example_assignment = azure.authorization.Assignment("exampleAssignment",
    principal_id=example_kubernetes_cluster.kubelet_identities[0].object_id,
    role_definition_name="AcrPull",
    scope=example_registry.id,
    skip_service_principal_aad_check=True)

Example coming soon!

Create Registry Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Registry(name: string, args: RegistryArgs, opts?: CustomResourceOptions);

@overload
def Registry(resource_name: str,
             args: RegistryArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Registry(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             resource_group_name: Optional[str] = None,
             network_rule_bypass_option: Optional[str] = None,
             data_endpoint_enabled: Optional[bool] = None,
             encryption: Optional[RegistryEncryptionArgs] = None,
             export_policy_enabled: Optional[bool] = None,
             georeplication_locations: Optional[Sequence[str]] = None,
             georeplications: Optional[Sequence[RegistryGeoreplicationArgs]] = None,
             identity: Optional[RegistryIdentityArgs] = None,
             location: Optional[str] = None,
             admin_enabled: Optional[bool] = None,
             name: Optional[str] = None,
             quarantine_policy_enabled: Optional[bool] = None,
             public_network_access_enabled: Optional[bool] = None,
             network_rule_set: Optional[RegistryNetworkRuleSetArgs] = None,
             anonymous_pull_enabled: Optional[bool] = None,
             retention_policy: Optional[RegistryRetentionPolicyArgs] = None,
             sku: Optional[str] = None,
             storage_account_id: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             trust_policy: Optional[RegistryTrustPolicyArgs] = None,
             zone_redundancy_enabled: Optional[bool] = None)

func NewRegistry(ctx *Context, name string, args RegistryArgs, opts ...ResourceOption) (*Registry, error)

public Registry(string name, RegistryArgs args, CustomResourceOptions? opts = null)

public Registry(String name, RegistryArgs args)
public Registry(String name, RegistryArgs args, CustomResourceOptions options)

type: azure:containerservice:Registry
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RegistryArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RegistryArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RegistryArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RegistryArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RegistryArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var registryResource = new Azure.ContainerService.Registry("registryResource", new()
{
    ResourceGroupName = "string",
    NetworkRuleBypassOption = "string",
    DataEndpointEnabled = false,
    Encryption = new Azure.ContainerService.Inputs.RegistryEncryptionArgs
    {
        IdentityClientId = "string",
        KeyVaultKeyId = "string",
        Enabled = false,
    },
    ExportPolicyEnabled = false,
    Georeplications = new[]
    {
        new Azure.ContainerService.Inputs.RegistryGeoreplicationArgs
        {
            Location = "string",
            RegionalEndpointEnabled = false,
            Tags = 
            {
                { "string", "string" },
            },
            ZoneRedundancyEnabled = false,
        },
    },
    Identity = new Azure.ContainerService.Inputs.RegistryIdentityArgs
    {
        Type = "string",
        IdentityIds = new[]
        {
            "string",
        },
        PrincipalId = "string",
        TenantId = "string",
    },
    Location = "string",
    AdminEnabled = false,
    Name = "string",
    QuarantinePolicyEnabled = false,
    PublicNetworkAccessEnabled = false,
    NetworkRuleSet = new Azure.ContainerService.Inputs.RegistryNetworkRuleSetArgs
    {
        DefaultAction = "string",
        IpRules = new[]
        {
            new Azure.ContainerService.Inputs.RegistryNetworkRuleSetIpRuleArgs
            {
                Action = "string",
                IpRange = "string",
            },
        },
        VirtualNetworks = new[]
        {
            new Azure.ContainerService.Inputs.RegistryNetworkRuleSetVirtualNetworkArgs
            {
                Action = "string",
                SubnetId = "string",
            },
        },
    },
    AnonymousPullEnabled = false,
    RetentionPolicy = new Azure.ContainerService.Inputs.RegistryRetentionPolicyArgs
    {
        Days = 0,
        Enabled = false,
    },
    Sku = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TrustPolicy = new Azure.ContainerService.Inputs.RegistryTrustPolicyArgs
    {
        Enabled = false,
    },
    ZoneRedundancyEnabled = false,
});

example, err := containerservice.NewRegistry(ctx, "registryResource", &containerservice.RegistryArgs{
	ResourceGroupName:       pulumi.String("string"),
	NetworkRuleBypassOption: pulumi.String("string"),
	DataEndpointEnabled:     pulumi.Bool(false),
	Encryption: &containerservice.RegistryEncryptionArgs{
		IdentityClientId: pulumi.String("string"),
		KeyVaultKeyId:    pulumi.String("string"),
		Enabled:          pulumi.Bool(false),
	},
	ExportPolicyEnabled: pulumi.Bool(false),
	Georeplications: containerservice.RegistryGeoreplicationArray{
		&containerservice.RegistryGeoreplicationArgs{
			Location:                pulumi.String("string"),
			RegionalEndpointEnabled: pulumi.Bool(false),
			Tags: pulumi.StringMap{
				"string": pulumi.String("string"),
			},
			ZoneRedundancyEnabled: pulumi.Bool(false),
		},
	},
	Identity: &containerservice.RegistryIdentityArgs{
		Type: pulumi.String("string"),
		IdentityIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		PrincipalId: pulumi.String("string"),
		TenantId:    pulumi.String("string"),
	},
	Location:                   pulumi.String("string"),
	AdminEnabled:               pulumi.Bool(false),
	Name:                       pulumi.String("string"),
	QuarantinePolicyEnabled:    pulumi.Bool(false),
	PublicNetworkAccessEnabled: pulumi.Bool(false),
	NetworkRuleSet: &containerservice.RegistryNetworkRuleSetArgs{
		DefaultAction: pulumi.String("string"),
		IpRules: containerservice.RegistryNetworkRuleSetIpRuleArray{
			&containerservice.RegistryNetworkRuleSetIpRuleArgs{
				Action:  pulumi.String("string"),
				IpRange: pulumi.String("string"),
			},
		},
		VirtualNetworks: containerservice.RegistryNetworkRuleSetVirtualNetworkArray{
			&containerservice.RegistryNetworkRuleSetVirtualNetworkArgs{
				Action:   pulumi.String("string"),
				SubnetId: pulumi.String("string"),
			},
		},
	},
	AnonymousPullEnabled: pulumi.Bool(false),
	RetentionPolicy: &containerservice.RegistryRetentionPolicyArgs{
		Days:    pulumi.Int(0),
		Enabled: pulumi.Bool(false),
	},
	Sku: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TrustPolicy: &containerservice.RegistryTrustPolicyArgs{
		Enabled: pulumi.Bool(false),
	},
	ZoneRedundancyEnabled: pulumi.Bool(false),
})

var registryResource = new Registry("registryResource", RegistryArgs.builder()
    .resourceGroupName("string")
    .networkRuleBypassOption("string")
    .dataEndpointEnabled(false)
    .encryption(RegistryEncryptionArgs.builder()
        .identityClientId("string")
        .keyVaultKeyId("string")
        .enabled(false)
        .build())
    .exportPolicyEnabled(false)
    .georeplications(RegistryGeoreplicationArgs.builder()
        .location("string")
        .regionalEndpointEnabled(false)
        .tags(Map.of("string", "string"))
        .zoneRedundancyEnabled(false)
        .build())
    .identity(RegistryIdentityArgs.builder()
        .type("string")
        .identityIds("string")
        .principalId("string")
        .tenantId("string")
        .build())
    .location("string")
    .adminEnabled(false)
    .name("string")
    .quarantinePolicyEnabled(false)
    .publicNetworkAccessEnabled(false)
    .networkRuleSet(RegistryNetworkRuleSetArgs.builder()
        .defaultAction("string")
        .ipRules(RegistryNetworkRuleSetIpRuleArgs.builder()
            .action("string")
            .ipRange("string")
            .build())
        .virtualNetworks(RegistryNetworkRuleSetVirtualNetworkArgs.builder()
            .action("string")
            .subnetId("string")
            .build())
        .build())
    .anonymousPullEnabled(false)
    .retentionPolicy(RegistryRetentionPolicyArgs.builder()
        .days(0)
        .enabled(false)
        .build())
    .sku("string")
    .tags(Map.of("string", "string"))
    .trustPolicy(RegistryTrustPolicyArgs.builder()
        .enabled(false)
        .build())
    .zoneRedundancyEnabled(false)
    .build());

registry_resource = azure.containerservice.Registry("registryResource",
    resource_group_name="string",
    network_rule_bypass_option="string",
    data_endpoint_enabled=False,
    encryption={
        "identity_client_id": "string",
        "key_vault_key_id": "string",
        "enabled": False,
    },
    export_policy_enabled=False,
    georeplications=[{
        "location": "string",
        "regional_endpoint_enabled": False,
        "tags": {
            "string": "string",
        },
        "zone_redundancy_enabled": False,
    }],
    identity={
        "type": "string",
        "identity_ids": ["string"],
        "principal_id": "string",
        "tenant_id": "string",
    },
    location="string",
    admin_enabled=False,
    name="string",
    quarantine_policy_enabled=False,
    public_network_access_enabled=False,
    network_rule_set={
        "default_action": "string",
        "ip_rules": [{
            "action": "string",
            "ip_range": "string",
        }],
        "virtual_networks": [{
            "action": "string",
            "subnet_id": "string",
        }],
    },
    anonymous_pull_enabled=False,
    retention_policy={
        "days": 0,
        "enabled": False,
    },
    sku="string",
    tags={
        "string": "string",
    },
    trust_policy={
        "enabled": False,
    },
    zone_redundancy_enabled=False)

const registryResource = new azure.containerservice.Registry("registryResource", {
    resourceGroupName: "string",
    networkRuleBypassOption: "string",
    dataEndpointEnabled: false,
    encryption: {
        identityClientId: "string",
        keyVaultKeyId: "string",
        enabled: false,
    },
    exportPolicyEnabled: false,
    georeplications: [{
        location: "string",
        regionalEndpointEnabled: false,
        tags: {
            string: "string",
        },
        zoneRedundancyEnabled: false,
    }],
    identity: {
        type: "string",
        identityIds: ["string"],
        principalId: "string",
        tenantId: "string",
    },
    location: "string",
    adminEnabled: false,
    name: "string",
    quarantinePolicyEnabled: false,
    publicNetworkAccessEnabled: false,
    networkRuleSet: {
        defaultAction: "string",
        ipRules: [{
            action: "string",
            ipRange: "string",
        }],
        virtualNetworks: [{
            action: "string",
            subnetId: "string",
        }],
    },
    anonymousPullEnabled: false,
    retentionPolicy: {
        days: 0,
        enabled: false,
    },
    sku: "string",
    tags: {
        string: "string",
    },
    trustPolicy: {
        enabled: false,
    },
    zoneRedundancyEnabled: false,
});

type: azure:containerservice:Registry
properties:
    adminEnabled: false
    anonymousPullEnabled: false
    dataEndpointEnabled: false
    encryption:
        enabled: false
        identityClientId: string
        keyVaultKeyId: string
    exportPolicyEnabled: false
    georeplications:
        - location: string
          regionalEndpointEnabled: false
          tags:
            string: string
          zoneRedundancyEnabled: false
    identity:
        identityIds:
            - string
        principalId: string
        tenantId: string
        type: string
    location: string
    name: string
    networkRuleBypassOption: string
    networkRuleSet:
        defaultAction: string
        ipRules:
            - action: string
              ipRange: string
        virtualNetworks:
            - action: string
              subnetId: string
    publicNetworkAccessEnabled: false
    quarantinePolicyEnabled: false
    resourceGroupName: string
    retentionPolicy:
        days: 0
        enabled: false
    sku: string
    tags:
        string: string
    trustPolicy:
        enabled: false
    zoneRedundancyEnabled: false

Registry Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Registry resource accepts the following input properties:

ResourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
AdminEnabled bool: Specifies whether the admin user is enabled. Defaults to false.
AnonymousPullEnabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
DataEndpointEnabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
Encryption RegistryEncryption: An encryption block as documented below.
ExportPolicyEnabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
GeoreplicationLocations List<string>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
Georeplications List<RegistryGeoreplication>: A georeplications block as documented below.
Identity RegistryIdentity: An identity block as defined below.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
NetworkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
NetworkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
PublicNetworkAccessEnabled bool: Whether public network access is allowed for the container registry. Defaults to true.
QuarantinePolicyEnabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
RetentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
Sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
StorageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TrustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

ResourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
AdminEnabled bool: Specifies whether the admin user is enabled. Defaults to false.
AnonymousPullEnabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
DataEndpointEnabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
Encryption RegistryEncryptionArgs: An encryption block as documented below.
ExportPolicyEnabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
GeoreplicationLocations []string: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
Georeplications []RegistryGeoreplicationArgs: A georeplications block as documented below.
Identity RegistryIdentityArgs: An identity block as defined below.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
NetworkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
NetworkRuleSet RegistryNetworkRuleSetArgs: A network_rule_set block as documented below.
PublicNetworkAccessEnabled bool: Whether public network access is allowed for the container registry. Defaults to true.
QuarantinePolicyEnabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
RetentionPolicy RegistryRetentionPolicyArgs: A retention_policy block as documented below.
Sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
StorageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
Tags map[string]string: A mapping of tags to assign to the resource.
TrustPolicy RegistryTrustPolicyArgs: A trust_policy block as documented below.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

resourceGroupName String: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
adminEnabled Boolean: Specifies whether the admin user is enabled. Defaults to false.
anonymousPullEnabled Boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled Boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryption: An encryption block as documented below.
exportPolicyEnabled Boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations List<String>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications List<RegistryGeoreplication>: A georeplications block as documented below.
identity RegistryIdentity: An identity block as defined below.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption String: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
publicNetworkAccessEnabled Boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled Boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
retentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
sku String: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId String: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Map<String,String>: A mapping of tags to assign to the resource.
trustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

resourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
adminEnabled boolean: Specifies whether the admin user is enabled. Defaults to false.
anonymousPullEnabled boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryption: An encryption block as documented below.
exportPolicyEnabled boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations string[]: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications RegistryGeoreplication[]: A georeplications block as documented below.
identity RegistryIdentity: An identity block as defined below.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
publicNetworkAccessEnabled boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
retentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags {[key: string]: string}: A mapping of tags to assign to the resource.
trustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
zoneRedundancyEnabled boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

resource_group_name str: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
admin_enabled bool: Specifies whether the admin user is enabled. Defaults to false.
anonymous_pull_enabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
data_endpoint_enabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryptionArgs: An encryption block as documented below.
export_policy_enabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplication_locations Sequence[str]: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications Sequence[RegistryGeoreplicationArgs]: A georeplications block as documented below.
identity RegistryIdentityArgs: An identity block as defined below.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
network_rule_bypass_option str: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
network_rule_set RegistryNetworkRuleSetArgs: A network_rule_set block as documented below.
public_network_access_enabled bool: Whether public network access is allowed for the container registry. Defaults to true.
quarantine_policy_enabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
retention_policy RegistryRetentionPolicyArgs: A retention_policy block as documented below.
sku str: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storage_account_id str: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Mapping[str, str]: A mapping of tags to assign to the resource.
trust_policy RegistryTrustPolicyArgs: A trust_policy block as documented below.
zone_redundancy_enabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

resourceGroupName String: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
adminEnabled Boolean: Specifies whether the admin user is enabled. Defaults to false.
anonymousPullEnabled Boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled Boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption Property Map: An encryption block as documented below.
exportPolicyEnabled Boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations List<String>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications List<Property Map>: A georeplications block as documented below.
identity Property Map: An identity block as defined below.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption String: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet Property Map: A network_rule_set block as documented below.
publicNetworkAccessEnabled Boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled Boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
retentionPolicy Property Map: A retention_policy block as documented below.
sku String: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId String: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Map<String>: A mapping of tags to assign to the resource.
trustPolicy Property Map: A trust_policy block as documented below.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the Registry resource produces the following output properties:

AdminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
AdminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
Id string: The provider-assigned unique ID for this managed resource.
LoginServer string: The URL that can be used to log into the container registry.

AdminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
AdminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
Id string: The provider-assigned unique ID for this managed resource.
LoginServer string: The URL that can be used to log into the container registry.

adminPassword String: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername String: The Username associated with the Container Registry Admin account - if the admin account is enabled.
id String: The provider-assigned unique ID for this managed resource.
loginServer String: The URL that can be used to log into the container registry.

adminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
id string: The provider-assigned unique ID for this managed resource.
loginServer string: The URL that can be used to log into the container registry.

admin_password str: The Password associated with the Container Registry Admin account - if the admin account is enabled.
admin_username str: The Username associated with the Container Registry Admin account - if the admin account is enabled.
id str: The provider-assigned unique ID for this managed resource.
login_server str: The URL that can be used to log into the container registry.

adminPassword String: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername String: The Username associated with the Container Registry Admin account - if the admin account is enabled.
id String: The provider-assigned unique ID for this managed resource.
loginServer String: The URL that can be used to log into the container registry.

Look up Existing Registry Resource

Get an existing Registry resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RegistryState, opts?: CustomResourceOptions): Registry

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_enabled: Optional[bool] = None,
        admin_password: Optional[str] = None,
        admin_username: Optional[str] = None,
        anonymous_pull_enabled: Optional[bool] = None,
        data_endpoint_enabled: Optional[bool] = None,
        encryption: Optional[RegistryEncryptionArgs] = None,
        export_policy_enabled: Optional[bool] = None,
        georeplication_locations: Optional[Sequence[str]] = None,
        georeplications: Optional[Sequence[RegistryGeoreplicationArgs]] = None,
        identity: Optional[RegistryIdentityArgs] = None,
        location: Optional[str] = None,
        login_server: Optional[str] = None,
        name: Optional[str] = None,
        network_rule_bypass_option: Optional[str] = None,
        network_rule_set: Optional[RegistryNetworkRuleSetArgs] = None,
        public_network_access_enabled: Optional[bool] = None,
        quarantine_policy_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        retention_policy: Optional[RegistryRetentionPolicyArgs] = None,
        sku: Optional[str] = None,
        storage_account_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        trust_policy: Optional[RegistryTrustPolicyArgs] = None,
        zone_redundancy_enabled: Optional[bool] = None) -> Registry

func GetRegistry(ctx *Context, name string, id IDInput, state *RegistryState, opts ...ResourceOption) (*Registry, error)

public static Registry Get(string name, Input<string> id, RegistryState? state, CustomResourceOptions? opts = null)

public static Registry get(String name, Output<String> id, RegistryState state, CustomResourceOptions options)

resources:  _:    type: azure:containerservice:Registry    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdminEnabled bool: Specifies whether the admin user is enabled. Defaults to false.
AdminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
AdminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
AnonymousPullEnabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
DataEndpointEnabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
Encryption RegistryEncryption: An encryption block as documented below.
ExportPolicyEnabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
GeoreplicationLocations List<string>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
Georeplications List<RegistryGeoreplication>: A georeplications block as documented below.
Identity RegistryIdentity: An identity block as defined below.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
LoginServer string: The URL that can be used to log into the container registry.
Name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
NetworkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
NetworkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
PublicNetworkAccessEnabled bool: Whether public network access is allowed for the container registry. Defaults to true.
QuarantinePolicyEnabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
ResourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
RetentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
Sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
StorageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TrustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

AdminEnabled bool: Specifies whether the admin user is enabled. Defaults to false.
AdminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
AdminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
AnonymousPullEnabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
DataEndpointEnabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
Encryption RegistryEncryptionArgs: An encryption block as documented below.
ExportPolicyEnabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
GeoreplicationLocations []string: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
Georeplications []RegistryGeoreplicationArgs: A georeplications block as documented below.
Identity RegistryIdentityArgs: An identity block as defined below.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
LoginServer string: The URL that can be used to log into the container registry.
Name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
NetworkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
NetworkRuleSet RegistryNetworkRuleSetArgs: A network_rule_set block as documented below.
PublicNetworkAccessEnabled bool: Whether public network access is allowed for the container registry. Defaults to true.
QuarantinePolicyEnabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
ResourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
RetentionPolicy RegistryRetentionPolicyArgs: A retention_policy block as documented below.
Sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
StorageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
Tags map[string]string: A mapping of tags to assign to the resource.
TrustPolicy RegistryTrustPolicyArgs: A trust_policy block as documented below.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

adminEnabled Boolean: Specifies whether the admin user is enabled. Defaults to false.
adminPassword String: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername String: The Username associated with the Container Registry Admin account - if the admin account is enabled.
anonymousPullEnabled Boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled Boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryption: An encryption block as documented below.
exportPolicyEnabled Boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations List<String>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications List<RegistryGeoreplication>: A georeplications block as documented below.
identity RegistryIdentity: An identity block as defined below.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
loginServer String: The URL that can be used to log into the container registry.
name String: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption String: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
publicNetworkAccessEnabled Boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled Boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
resourceGroupName String: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
retentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
sku String: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId String: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Map<String,String>: A mapping of tags to assign to the resource.
trustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

adminEnabled boolean: Specifies whether the admin user is enabled. Defaults to false.
adminPassword string: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername string: The Username associated with the Container Registry Admin account - if the admin account is enabled.
anonymousPullEnabled boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryption: An encryption block as documented below.
exportPolicyEnabled boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations string[]: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications RegistryGeoreplication[]: A georeplications block as documented below.
identity RegistryIdentity: An identity block as defined below.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
loginServer string: The URL that can be used to log into the container registry.
name string: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption string: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet RegistryNetworkRuleSet: A network_rule_set block as documented below.
publicNetworkAccessEnabled boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
resourceGroupName string: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
retentionPolicy RegistryRetentionPolicy: A retention_policy block as documented below.
sku string: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId string: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags {[key: string]: string}: A mapping of tags to assign to the resource.
trustPolicy RegistryTrustPolicy: A trust_policy block as documented below.
zoneRedundancyEnabled boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

admin_enabled bool: Specifies whether the admin user is enabled. Defaults to false.
admin_password str: The Password associated with the Container Registry Admin account - if the admin account is enabled.
admin_username str: The Username associated with the Container Registry Admin account - if the admin account is enabled.
anonymous_pull_enabled bool: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
data_endpoint_enabled bool: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption RegistryEncryptionArgs: An encryption block as documented below.
export_policy_enabled bool: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplication_locations Sequence[str]: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications Sequence[RegistryGeoreplicationArgs]: A georeplications block as documented below.
identity RegistryIdentityArgs: An identity block as defined below.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
login_server str: The URL that can be used to log into the container registry.
name str: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
network_rule_bypass_option str: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
network_rule_set RegistryNetworkRuleSetArgs: A network_rule_set block as documented below.
public_network_access_enabled bool: Whether public network access is allowed for the container registry. Defaults to true.
quarantine_policy_enabled bool: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
resource_group_name str: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
retention_policy RegistryRetentionPolicyArgs: A retention_policy block as documented below.
sku str: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storage_account_id str: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Mapping[str, str]: A mapping of tags to assign to the resource.
trust_policy RegistryTrustPolicyArgs: A trust_policy block as documented below.
zone_redundancy_enabled bool: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

adminEnabled Boolean: Specifies whether the admin user is enabled. Defaults to false.
adminPassword String: The Password associated with the Container Registry Admin account - if the admin account is enabled.
adminUsername String: The Username associated with the Container Registry Admin account - if the admin account is enabled.
anonymousPullEnabled Boolean: Whether allows anonymous (unauthenticated) pull access to this Container Registry? Defaults to false. This is only supported on resources with the Standard or Premium SKU.
dataEndpointEnabled Boolean: Whether to enable dedicated data endpoints for this Container Registry? Defaults to false. This is only supported on resources with the Premium SKU.
encryption Property Map: An encryption block as documented below.
exportPolicyEnabled Boolean: Boolean value that indicates whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false.
georeplicationLocations List<String>: A list of Azure locations where the container registry should be geo-replicated.
Deprecated: Deprecated in favour of georeplications
georeplications List<Property Map>: A georeplications block as documented below.
identity Property Map: An identity block as defined below.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
loginServer String: The URL that can be used to log into the container registry.
name String: Specifies the name of the Container Registry. Changing this forces a new resource to be created.
networkRuleBypassOption String: Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices.
networkRuleSet Property Map: A network_rule_set block as documented below.
publicNetworkAccessEnabled Boolean: Whether public network access is allowed for the container registry. Defaults to true.
quarantinePolicyEnabled Boolean: Boolean value that indicates whether quarantine policy is enabled. Defaults to false.
resourceGroupName String: The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created.
retentionPolicy Property Map: A retention_policy block as documented below.
sku String: The SKU name of the container registry. Possible values are Basic, Standard and Premium. Classic (which was previously Basic) is supported only for existing resources.
storageAccountId String: Deprecated: this attribute is no longer recognized by the API and is not functional anymore, thus this property will be removed in v3.0
tags Map<String>: A mapping of tags to assign to the resource.
trustPolicy Property Map: A trust_policy block as documented below.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to false.

Supporting Types

RegistryEncryption, RegistryEncryptionArgs

IdentityClientId string: The client ID of the managed identity associated with the encryption key.
KeyVaultKeyId string: The ID of the Key Vault Key.
Enabled bool: Boolean value that indicates whether encryption is enabled.

IdentityClientId string: The client ID of the managed identity associated with the encryption key.
KeyVaultKeyId string: The ID of the Key Vault Key.
Enabled bool: Boolean value that indicates whether encryption is enabled.

identityClientId String: The client ID of the managed identity associated with the encryption key.
keyVaultKeyId String: The ID of the Key Vault Key.
enabled Boolean: Boolean value that indicates whether encryption is enabled.

identityClientId string: The client ID of the managed identity associated with the encryption key.
keyVaultKeyId string: The ID of the Key Vault Key.
enabled boolean: Boolean value that indicates whether encryption is enabled.

identity_client_id str: The client ID of the managed identity associated with the encryption key.
key_vault_key_id str: The ID of the Key Vault Key.
enabled bool: Boolean value that indicates whether encryption is enabled.

identityClientId String: The client ID of the managed identity associated with the encryption key.
keyVaultKeyId String: The ID of the Key Vault Key.
enabled Boolean: Boolean value that indicates whether encryption is enabled.

RegistryGeoreplication, RegistryGeoreplicationArgs

Location string: A location where the container registry should be geo-replicated.
RegionalEndpointEnabled bool: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
Tags Dictionary<string, string>: A mapping of tags to assign to this replication location.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this replication location? Defaults to false.

Location string: A location where the container registry should be geo-replicated.
RegionalEndpointEnabled bool: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
Tags map[string]string: A mapping of tags to assign to this replication location.
ZoneRedundancyEnabled bool: Whether zone redundancy is enabled for this replication location? Defaults to false.

location String: A location where the container registry should be geo-replicated.
regionalEndpointEnabled Boolean: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
tags Map<String,String>: A mapping of tags to assign to this replication location.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this replication location? Defaults to false.

location string: A location where the container registry should be geo-replicated.
regionalEndpointEnabled boolean: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
tags {[key: string]: string}: A mapping of tags to assign to this replication location.
zoneRedundancyEnabled boolean: Whether zone redundancy is enabled for this replication location? Defaults to false.

location str: A location where the container registry should be geo-replicated.
regional_endpoint_enabled bool: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
tags Mapping[str, str]: A mapping of tags to assign to this replication location.
zone_redundancy_enabled bool: Whether zone redundancy is enabled for this replication location? Defaults to false.

location String: A location where the container registry should be geo-replicated.
regionalEndpointEnabled Boolean: Whether regional endpoint is enabled for this Container Registry? Defaults to false.
tags Map<String>: A mapping of tags to assign to this replication location.
zoneRedundancyEnabled Boolean: Whether zone redundancy is enabled for this replication location? Defaults to false.

RegistryIdentity, RegistryIdentityArgs

Type string: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
IdentityIds List<string>: A list of User Managed Identity ID's which should be assigned to the Container Registry.
PrincipalId string: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
TenantId string: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

Type string: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
IdentityIds []string: A list of User Managed Identity ID's which should be assigned to the Container Registry.
PrincipalId string: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
TenantId string: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

type String: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
identityIds List<String>: A list of User Managed Identity ID's which should be assigned to the Container Registry.
principalId String: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
tenantId String: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

type string: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
identityIds string[]: A list of User Managed Identity ID's which should be assigned to the Container Registry.
principalId string: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
tenantId string: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

type str: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
identity_ids Sequence[str]: A list of User Managed Identity ID's which should be assigned to the Container Registry.
principal_id str: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
tenant_id str: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

type String: The type of Managed Identity which should be assigned to the Container Registry. Possible values are SystemAssigned, UserAssigned and SystemAssigned, UserAssigned.
identityIds List<String>: A list of User Managed Identity ID's which should be assigned to the Container Registry.
principalId String: The Principal ID for the Service Principal associated with the Managed Service Identity of this Container Registry.
tenantId String: The Tenant ID for the Service Principal associated with the Managed Service Identity of this Container Registry.

RegistryNetworkRuleSet, RegistryNetworkRuleSetArgs

DefaultAction string: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
IpRules List<RegistryNetworkRuleSetIpRule>: One or more ip_rule blocks as defined below.
VirtualNetworks List<RegistryNetworkRuleSetVirtualNetwork>: One or more virtual_network blocks as defined below.

DefaultAction string: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
IpRules []RegistryNetworkRuleSetIpRule: One or more ip_rule blocks as defined below.
VirtualNetworks []RegistryNetworkRuleSetVirtualNetwork: One or more virtual_network blocks as defined below.

defaultAction String: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
ipRules List<RegistryNetworkRuleSetIpRule>: One or more ip_rule blocks as defined below.
virtualNetworks List<RegistryNetworkRuleSetVirtualNetwork>: One or more virtual_network blocks as defined below.

defaultAction string: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
ipRules RegistryNetworkRuleSetIpRule[]: One or more ip_rule blocks as defined below.
virtualNetworks RegistryNetworkRuleSetVirtualNetwork[]: One or more virtual_network blocks as defined below.

default_action str: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
ip_rules Sequence[RegistryNetworkRuleSetIpRule]: One or more ip_rule blocks as defined below.
virtual_networks Sequence[RegistryNetworkRuleSetVirtualNetwork]: One or more virtual_network blocks as defined below.

defaultAction String: The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Allow
ipRules List<Property Map>: One or more ip_rule blocks as defined below.
virtualNetworks List<Property Map>: One or more virtual_network blocks as defined below.

RegistryNetworkRuleSetIpRule, RegistryNetworkRuleSetIpRuleArgs

Action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
IpRange string: The CIDR block from which requests will match the rule.

Action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
IpRange string: The CIDR block from which requests will match the rule.

action String: The behaviour for requests matching this rule. At this time the only supported value is Allow
ipRange String: The CIDR block from which requests will match the rule.

action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
ipRange string: The CIDR block from which requests will match the rule.

action str: The behaviour for requests matching this rule. At this time the only supported value is Allow
ip_range str: The CIDR block from which requests will match the rule.

action String: The behaviour for requests matching this rule. At this time the only supported value is Allow
ipRange String: The CIDR block from which requests will match the rule.

RegistryNetworkRuleSetVirtualNetwork, RegistryNetworkRuleSetVirtualNetworkArgs

Action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
SubnetId string: The subnet id from which requests will match the rule.

Action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
SubnetId string: The subnet id from which requests will match the rule.

action String: The behaviour for requests matching this rule. At this time the only supported value is Allow
subnetId String: The subnet id from which requests will match the rule.

action string: The behaviour for requests matching this rule. At this time the only supported value is Allow
subnetId string: The subnet id from which requests will match the rule.

action str: The behaviour for requests matching this rule. At this time the only supported value is Allow
subnet_id str: The subnet id from which requests will match the rule.

action String: The behaviour for requests matching this rule. At this time the only supported value is Allow
subnetId String: The subnet id from which requests will match the rule.

RegistryRetentionPolicy, RegistryRetentionPolicyArgs

Days int: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
Enabled bool: Boolean value that indicates whether the policy is enabled.

Days int: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
Enabled bool: Boolean value that indicates whether the policy is enabled.

days Integer: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
enabled Boolean: Boolean value that indicates whether the policy is enabled.

days number: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
enabled boolean: Boolean value that indicates whether the policy is enabled.

days int: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
enabled bool: Boolean value that indicates whether the policy is enabled.

days Number: The number of days to retain an untagged manifest after which it gets purged. Default is 7.
enabled Boolean: Boolean value that indicates whether the policy is enabled.

RegistryTrustPolicy, RegistryTrustPolicyArgs

Enabled bool: Boolean value that indicates whether the policy is enabled.

Enabled bool: Boolean value that indicates whether the policy is enabled.

enabled Boolean: Boolean value that indicates whether the policy is enabled.

enabled boolean: Boolean value that indicates whether the policy is enabled.

enabled bool: Boolean value that indicates whether the policy is enabled.

enabled Boolean: Boolean value that indicates whether the policy is enabled.

Import

Container Registries can be imported using the resource id, e.g.

 $ pulumi import azure:containerservice/registry:Registry example /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/mygroup1/providers/Microsoft.ContainerRegistry/registries/myregistry1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

azure.containerservice.Registry

On this page

On this page

Example Usage

Encryption)

Attaching A Container Registry To A Kubernetes Cluster)

Create Registry Resource

Constructor syntax

Parameters

Constructor example

Registry Resource Properties

Inputs

Outputs

Look up Existing Registry Resource

Supporting Types

RegistryEncryption, RegistryEncryptionArgs

RegistryGeoreplication, RegistryGeoreplicationArgs

RegistryIdentity, RegistryIdentityArgs

RegistryNetworkRuleSet, RegistryNetworkRuleSetArgs

RegistryNetworkRuleSetIpRule, RegistryNetworkRuleSetIpRuleArgs

RegistryNetworkRuleSetVirtualNetwork, RegistryNetworkRuleSetVirtualNetworkArgs

RegistryRetentionPolicy, RegistryRetentionPolicyArgs

RegistryTrustPolicy, RegistryTrustPolicyArgs

Import

Package Details

On this page

On this page