Product DocumentationAppearance
Azure Terraform - ACR and Private Endpoint Configuration
This page details the configuration of the Azure Container Registry (ACR) and its associated private endpoint using Terraform. The ACR is used to store and manage container images, while the private endpoint ensures secure access to the registry from within the virtual network.
The reference includes:
- Setting up the ACR with
PremiumSKU for advanced features, including enabling the data endpoint and administrative access. - Creating a private endpoint for the ACR to ensure secure, internal access to the registry from within the subnet.
- Configuring the private DNS zone group to map the private endpoint to the corresponding DNS zone for seamless internal resolution.
This setup ensures secure access to container images while keeping network traffic within Azure's private network infrastructure.
resource "azurerm_container_registry" "this" {
name = local.azure_registry_name
resource_group_name = local.azure_resource_group
location = var.azure_location
admin_enabled = var.azure_registry_admin_enabled
data_endpoint_enabled = true
public_network_access_enabled = true
sku = "Premium"
tags = local.tags
}
resource "azurerm_private_endpoint" "registry" {
name = "${local.fingerprint}-registry"
location = var.azure_location
resource_group_name = local.azure_resource_group
subnet_id = azurerm_subnet.default.id
private_service_connection {
name = "${local.fingerprint}-registry"
private_connection_resource_id = azurerm_container_registry.this.id
subresource_names = ["registry"]
is_manual_connection = false
}
private_dns_zone_group {
name = "${local.fingerprint}-registry"
private_dns_zone_ids = [
azurerm_private_dns_zone.privatelink_acr.id
]
}
}