https://github.com/padok-team/terraform-azurerm-acr

https://github.com/padok-team/terraform-azurerm-acr

acr azure azurerm container module registry

Last synced: 5 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/padok-team/terraform-azurerm-acr
• Owner: padok-team
• License: apache-2.0
• Created: 2022-04-01T12:26:19.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2023-10-06T13:39:24.000Z (almost 2 years ago)
• Last Synced: 2023-10-07T13:45:42.706Z (almost 2 years ago)
• Topics: acr, azure, azurerm, container, module, registry
• Language: HCL
• Homepage:
• Size: 70.3 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          


**Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*

- [Azure Container Registry Terraform module](#azure-container-registry-terraform-module)

  - [User Stories for this module](#user-stories-for-this-module)

  - [Usage](#usage)

  - [Examples](#examples)

  - [Modules](#modules)

  - [Inputs](#inputs)

  - [Outputs](#outputs)

# Azure Container Registry Terraform module

Terraform module which creates **Container Registry** resources on **Azure**. This module provides some useful recommandations about encryption and redondancy.

## User Stories for this module

- AAOps I can store my images into a secure registry.

- AAOps I still can access my images after a disaster.

## Usage

```hcl

module "acr" {

  source = "https://github.com/padok-team/terraform-azurerm-acr"

  name                = "test-acr"

  resource_group_name = "test-acr"

  location            = "francecentral"

  # Encryption at rest

  encryption_key_vault_id     = "my-keyvault"

  encryption_key_vault_key_id = "my-key"

}

```

## Examples

- [Simple example of use case](examples/basic/main.tf)

- [With georeplication around the world](examples/georeplication-around-the-world/main.tf)

- [Secured with ip whitelisting](examples/secured_by_ip_filtering/main.tf)

## Modules

No modules.

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [encryption\_key\_vault\_id](#input\_encryption\_key\_vault\_id) | The key vault id of the key used to encrypt container registry. | `string` | n/a | yes |

|  [encryption\_key\_vault\_key\_id](#input\_encryption\_key\_vault\_key\_id) | The ID of the encryption Key in the key vault. | `string` | n/a | yes |

|  [name](#input\_name) | ACR Name | `string` | n/a | yes |

|  [resource\_group](#input\_resource\_group) | Resource group configuration. | 
object({
    name     = string
    location = string
  })
 | n/a | yes |

|  [admin\_enabled](#input\_admin\_enabled) | Specifies whether the admin user is enabled. Defaults to false. | `bool` | `false` | no |

|  [encryption\_identity](#input\_encryption\_identity) | The identity to assign to the container registry. | 
object({
    id        = string
    client_id = string
  })
 | `null` | no |

|  [encryption\_tenant\_id](#input\_encryption\_tenant\_id) | The tenant id of the identity used to access KeyVault. | `string` | `null` | no |

|  [georeplications](#input\_georeplications) | A georeplications block as documented below. | 
map(object({
    regional_endpoint_enabled = bool
    zone_redundancy_enabled   = bool
    tags                      = map(string)
  }))
 | `{}` | no |

|  [identity\_ids](#input\_identity\_ids) | The list of identities to assign to the container registry. | `list(string)` | `[]` | no |

|  [ip\_addresses](#input\_ip\_addresses) | The CIDR block from which requests will match the rule. | `list(string)` | `[]` | no |

|  [keyvault\_iam\_authorization](#input\_keyvault\_iam\_authorization) | Enable iam authorization to access keyvault resources. | `bool` | `true` | no |

|  [network\_default\_action](#input\_network\_default\_action) | The behaviour for requests matching no rules. Either Allow or Deny. Defaults to Deny. | `string` | `"Deny"` | no |

|  [private\_endpoint](#input\_private\_endpoint) | The private endpoint configuration. | 
object({
    enable              = bool,
    subnet_id           = string
    private_dns_zone_id = string,
  })
 | 
{
  "enable": false,
  "private_dns_zone_id": null,
  "subnet_id": null
}
 | no |

|  [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Whether public network access is allowed for the container registry. Defaults to false. | `bool` | `false` | no |

|  [retention\_duration](#input\_retention\_duration) | The number of days to retain the logs. Defaults to 30. | `string` | `"90"` | no |

|  [sku](#input\_sku) | The SKU name of the container registry. Possible values are Basic, Standard and Premium. | `string` | `"Premium"` | no |

|  [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `{}` | no |

|  [virtual\_network](#input\_virtual\_network) | The list of subnet ids to associate with the container registry. | `list(string)` | `[]` | no |


## Outputs

| Name | Description |

|------|-------------|

|  [this](#output\_this) | The Azure container registry created. |

## License

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)