azurermContainerGroup

Manages as an Azure Container Group instance.

\~> Note networkProfileId is deprecated by Azure. For users who want to continue to manage existing azurermContainerGroup that rely on networkProfileId, please stay on provider versions prior to v3.16.0. Otherwise, use subnetIds instead.

Example Usage

This example provisions a Basic Container. Other examples of the azurermContainerGroup resource can be found in the /examples/containerInstance directory within the GitHub Repository.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermContainerGroupExample = new azurerm.containerGroup.ContainerGroup(
  this,
  "example_1",
  {
    container: [
      {
        cpu: "0.5",
        image: "mcr.microsoft.com/azuredocs/aci-helloworld:latest",
        memory: "1.5",
        name: "hello-world",
        ports: [
          {
            port: 443,
            protocol: "TCP",
          },
        ],
      },
      {
        cpu: "0.5",
        image: "mcr.microsoft.com/azuredocs/aci-tutorial-sidecar",
        memory: "1.5",
        name: "sidecar",
      },
    ],
    dns_name_label: "aci-label",
    ip_address_type: "Public",
    location: azurermResourceGroupExample.location,
    name: "example-continst",
    os_type: "Linux",
    resource_group_name: azurermResourceGroupExample.name,
    tags: {
      environment: "testing",
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermContainerGroupExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

name - (Required) Specifies the name of the Container Group. Changing this forces a new resource to be created.
resourceGroupName - (Required) The name of the resource group in which to create the Container Group. Changing this forces a new resource to be created.
location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
identity - (Optional) An identity block as defined below.
initContainer - (Optional) The definition of an init container that is part of the group as documented in the initContainer block below. Changing this forces a new resource to be created.
container - (Required) The definition of a container that is part of the group as documented in the container block below. Changing this forces a new resource to be created.
osType - (Required) The OS for the container group. Allowed values are linux and windows. Changing this forces a new resource to be created.

\~> Note: if osType is set to windows currently only a single container block is supported. Windows containers are not supported in virtual networks.

dnsConfig - (Optional) A dnsConfig block as documented below. Changing this forces a new resource to be created.
diagnostics - (Optional) A diagnostics block as documented below. Changing this forces a new resource to be created.
dnsNameLabel - (Optional) The DNS label/name for the container group's IP. Changing this forces a new resource to be created.

\~> Note: DNS label/name is not supported when deploying to virtual networks.

dnsNameLabelReusePolicy - (Optional) The value representing the security enum. noreuse, resourceGroupReuse, subscriptionReuse, tenantReuse or unsecure. Defaults to unsecure.
exposedPort - (Optional) Zero or more exposedPort blocks as defined below. Changing this forces a new resource to be created.

\~> Note: The exposedPort can only contain ports that are also exposed on one or more containers in the group.

ipAddressType - (Optional) Specifies the IP address type of the container. public, private or none. Changing this forces a new resource to be created. If set to private, subnetIds also needs to be set.

\~> Note: dnsNameLabel and osType set to windows are not compatible with private ipAddressType

keyVaultKeyId - (Optional) The Key Vault key URI for CMK encryption. Changing this forces a new resource to be created.
subnetIds - (Optional) The subnet resource IDs for a container group. Changing this forces a new resource to be created.
imageRegistryCredential - (Optional) An imageRegistryCredential block as documented below. Changing this forces a new resource to be created.
restartPolicy - (Optional) Restart policy for the container group. Allowed values are always, never, onFailure. Defaults to always. Changing this forces a new resource to be created.
zones - (Optional) A list of Availability Zones in which this Container Group is located. Changing this forces a new resource to be created.
tags - (Optional) A mapping of tags to assign to the resource.

An identity block supports the following:

type - (Required) Specifies the type of Managed Service Identity that should be configured on this Container Group. Possible values are systemAssigned, userAssigned, systemAssigned,UserAssigned (to enable both).

\~> NOTE: When type is set to systemAssigned, the identity of the Principal ID can be retrieved after the container group has been created. See documentation for more information.

identityIds - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Group.

\~> NOTE: This is required when type is set to userAssigned or systemAssigned,UserAssigned.

\~> NOTE: Currently you can't use a managed identity in a container group deployed to a virtual network.

An initContainer block supports:

name - (Required) Specifies the name of the Container. Changing this forces a new resource to be created.
image - (Required) The container image name. Changing this forces a new resource to be created.
environmentVariables - (Optional) A list of environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created.
secureEnvironmentVariables - (Optional) A list of sensitive environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created.
commands - (Optional) A list of commands which should be run on the container. Changing this forces a new resource to be created.
volume - (Optional) The definition of a volume mount for this container as documented in the volume block below. Changing this forces a new resource to be created.

A container block supports:

name - (Required) Specifies the name of the Container. Changing this forces a new resource to be created.
image - (Required) The container image name. Changing this forces a new resource to be created.
cpu - (Required) The required number of CPU cores of the containers. Changing this forces a new resource to be created.
memory - (Required) The required memory of the containers in GB. Changing this forces a new resource to be created.
gpu - (Optional) A gpu block as defined below. Changing this forces a new resource to be created.

\~> Note: Gpu resources are currently only supported in Linux containers.

cpuLimit - (Optional) The upper limit of the number of CPU cores of the containers.
memoryLimit - (Optional) The the upper limit of the memory of the containers in GB.
gpuLimit - (Optional) A gpuLimit block as defined below.
ports - (Optional) A set of public ports for the container. Changing this forces a new resource to be created. Set as documented in the ports block below.
environmentVariables - (Optional) A list of environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created.
secureEnvironmentVariables - (Optional) A list of sensitive environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created.
readinessProbe - (Optional) The definition of a readiness probe for this container as documented in the readinessProbe block below. Changing this forces a new resource to be created.
livenessProbe - (Optional) The definition of a readiness probe for this container as documented in the livenessProbe block below. Changing this forces a new resource to be created.
commands - (Optional) A list of commands which should be run on the container. Changing this forces a new resource to be created.
volume - (Optional) The definition of a volume mount for this container as documented in the volume block below. Changing this forces a new resource to be created.

An exposedPort block supports:

port - (Optional) The port number the container will expose. Changing this forces a new resource to be created.
protocol - (Optional) The network protocol associated with port. Possible values are tcp & udp. Changing this forces a new resource to be created.

\~> Note: Removing all exposedPort blocks requires setting exposedPort = [].

A diagnostics block supports:

logAnalytics - (Required) A logAnalytics block as defined below. Changing this forces a new resource to be created.

An imageRegistryCredential block supports:

userAssignedIdentityId - (Optional) The identity ID for the private registry. Changing this forces a new resource to be created.
username - (Optional) The username with which to connect to the registry. Changing this forces a new resource to be created.
password - (Optional) The password with which to connect to the registry. Changing this forces a new resource to be created.
server - (Required) The address to use to connect to the registry without protocol ("https"/"http"). For example: "myacr.acr.io". Changing this forces a new resource to be created.

A logAnalytics block supports:

logType - (Optional) The log type which should be used. Possible values are containerInsights and containerInstanceLogs. Changing this forces a new resource to be created.
workspaceId - (Required) The Workspace ID of the Log Analytics Workspace. Changing this forces a new resource to be created.
workspaceKey - (Required) The Workspace Key of the Log Analytics Workspace. Changing this forces a new resource to be created.
metadata - (Optional) Any metadata required for Log Analytics. Changing this forces a new resource to be created.

A ports block supports:

port - (Optional) The port number the container will expose. Changing this forces a new resource to be created.
protocol - (Optional) The network protocol associated with port. Possible values are tcp & udp. Changing this forces a new resource to be created.

\~> Note: Omitting these blocks will default the exposed ports on the group to all ports on all containers defined in the container blocks of this group.

A gpu block supports:

count - (Optional) The number of GPUs which should be assigned to this container. Allowed values are 1, 2, or 4. Changing this forces a new resource to be created.
sku - (Optional) The SKU which should be used for the GPU. Possible values are k80, p100, or v100. Changing this forces a new resource to be created.

A gpuLimit block supports:

count - (Optional) The upper limit of the number of GPUs which should be assigned to this container.
sku - (Optional) The allowed SKU which should be used for the GPU. Possible values are k80, p100, or v100.

A volume block supports:

name - (Required) The name of the volume mount. Changing this forces a new resource to be created.
mountPath - (Required) The path on which this volume is to be mounted. Changing this forces a new resource to be created.
readOnly - (Optional) Specify if the volume is to be mounted as read only or not. The default value is false. Changing this forces a new resource to be created.
emptyDir - (Optional) Boolean as to whether the mounted volume should be an empty directory. Defaults to false. Changing this forces a new resource to be created.
storageAccountName - (Optional) The Azure storage account from which the volume is to be mounted. Changing this forces a new resource to be created.
storageAccountKey - (Optional) The access key for the Azure Storage account specified as above. Changing this forces a new resource to be created.
shareName - (Optional) The Azure storage share that is to be mounted as a volume. This must be created on the storage account specified as above. Changing this forces a new resource to be created.
gitRepo - (Optional) A gitRepo block as defined below. Changing this forces a new resource to be created.
secret - (Optional) A map of secrets that will be mounted as files in the volume. Changing this forces a new resource to be created.

\~> Note: Exactly one of emptyDir volume, gitRepo volume, secret volume or storage account volume (shareName, storageAccountName, and storageAccountKey) must be specified.

\~> Note when using a storage account volume, all of shareName, storageAccountName, and storageAccountKey must be specified.

\~> Note: The secret values must be supplied as Base64 encoded strings, such as by using the Terraform base64encode function. The secret values are decoded to their original values when mounted in the volume on the container.

The gitRepo block supports:

url - (Required) Specifies the Git repository to be cloned. Changing this forces a new resource to be created.
directory - (Optional) Specifies the directory into which the repository should be cloned. Changing this forces a new resource to be created.
revision - (Optional) Specifies the commit hash of the revision to be cloned. If unspecified, the HEAD revision is cloned. Changing this forces a new resource to be created.

The readinessProbe block supports:

exec - (Optional) Commands to be run to validate container readiness. Changing this forces a new resource to be created.
httpGet - (Optional) The definition of the http_get for this container as documented in the httpGet block below. Changing this forces a new resource to be created.
initialDelaySeconds - (Optional) Number of seconds after the container has started before liveness or readiness probes are initiated. Changing this forces a new resource to be created.
periodSeconds - (Optional) How often (in seconds) to perform the probe. The default value is 10 and the minimum value is 1. Changing this forces a new resource to be created.
failureThreshold - (Optional) How many times to try the probe before restarting the container (liveness probe) or marking the container as unhealthy (readiness probe). The default value is 3 and the minimum value is 1. Changing this forces a new resource to be created.
successThreshold - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed. The default value is 1 and the minimum value is 1. Changing this forces a new resource to be created.
timeoutSeconds - (Optional) Number of seconds after which the probe times out. The default value is 1 and the minimum value is 1. Changing this forces a new resource to be created.

The livenessProbe block supports:

exec - (Optional) Commands to be run to validate container readiness. Changing this forces a new resource to be created.
httpGet - (Optional) The definition of the http_get for this container as documented in the httpGet block below. Changing this forces a new resource to be created.
initialDelaySeconds - (Optional) Number of seconds after the container has started before liveness or readiness probes are initiated. Changing this forces a new resource to be created.
periodSeconds - (Optional) How often (in seconds) to perform the probe. The default value is 10 and the minimum value is 1. Changing this forces a new resource to be created.
failureThreshold - (Optional) How many times to try the probe before restarting the container (liveness probe) or marking the container as unhealthy (readiness probe). The default value is 3 and the minimum value is 1. Changing this forces a new resource to be created.
successThreshold - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed. The default value is 1 and the minimum value is 1. Changing this forces a new resource to be created.
timeoutSeconds - (Optional) Number of seconds after which the probe times out. The default value is 1 and the minimum value is 1. Changing this forces a new resource to be created.

The httpGet block supports:

path - (Optional) Path to access on the HTTP server. Changing this forces a new resource to be created.
port - (Optional) Number of the port to access on the container. Changing this forces a new resource to be created.
scheme - (Optional) Scheme to use for connecting to the host. Possible values are http and https. Changing this forces a new resource to be created.
httpHeaders - (Optional) A map of HTTP headers used to access on the container. Changing this forces a new resource to be created.

The dnsConfig block supports:

nameservers - (Required) A list of nameservers the containers will search out to resolve requests. Changing this forces a new resource to be created.
searchDomains - (Optional) A list of search domains that DNS requests will search along. Changing this forces a new resource to be created.
options - (Optional) A list of resolver configuration options. Changing this forces a new resource to be created.

Attributes Reference

The following attributes are exported:

id - The ID of the Container Group.
identity - An identity block as defined below.
ipAddress - The IP address allocated to the container group.
fqdn - The FQDN of the container group derived from dnsNameLabel.

An identity block exports the following:

principalId - The Principal ID associated with this Managed Service Identity.
tenantId - The Tenant ID associated with this Managed Service Identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Container Group.
update - (Defaults to 30 minutes) Used when updating the Container Group.
read - (Defaults to 5 minutes) Used when retrieving the Container Group.
delete - (Defaults to 30 minutes) Used when deleting the Container Group.

Import

Container Group's can be imported using the resourceId, e.g.

terraform import azurerm_container_group.containerGroup1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.ContainerInstance/containerGroups/myContainerGroup1