EES-4765 Provision container registry

dfe-analytical-services · Dec 15, 2023 · 16d359a · 16d359a
1 parent 20fb137
commit 16d359a
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 2 deletions.
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -53,5 +53,18 @@ module keyVault './shared/keyvault.bicep' = {
   scope: rg
 }
 
+// Container registry
+module containerRegistry './shared/container-registry.bicep' = {
+  name: 'container-registry'
+  params: {
+    location: location
+    tags: tags
+    name: '${replace(resourceGroupName,'-','')}${abbrs.containerRegistryRegistries}01'
+  }
+  scope: rg
+}
+
 output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name
-output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint
+output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint
+output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerRegistry.outputs.loginServer
+output AZURE_CONTAINER_REGISTRY_NAME string = containerRegistry.outputs.name
diff --git a/infra/shared/container-registry.bicep b/infra/shared/container-registry.bicep
@@ -0,0 +1,51 @@
+metadata description = 'Creates an Azure Container Registry.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@description('Indicates whether admin user is enabled')
+param adminUserEnabled bool = false
+
+@description('Indicates whether anonymous pull is enabled')
+param anonymousPullEnabled bool = false
+
+@description('Indicates whether data endpoint is enabled')
+param dataEndpointEnabled bool = false
+
+@description('Encryption settings')
+param encryption object = {
+  status: 'disabled'
+}
+
+@description('Options for bypassing network rules')
+param networkRuleBypassOptions string = 'AzureServices'
+
+@description('Public network access setting')
+param publicNetworkAccess string = 'Enabled'
+
+@description('SKU settings')
+param sku object = {
+  name: 'Basic'
+}
+
+@description('Zone redundancy setting')
+param zoneRedundancy string = 'Disabled'
+
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    adminUserEnabled: adminUserEnabled
+    anonymousPullEnabled: anonymousPullEnabled
+    dataEndpointEnabled: dataEndpointEnabled
+    encryption: encryption
+    networkRuleBypassOptions: networkRuleBypassOptions
+    publicNetworkAccess: publicNetworkAccess
+    zoneRedundancy: zoneRedundancy
+  }
+}
+
+output loginServer string = containerRegistry.properties.loginServer
+output name string = containerRegistry.name
diff --git a/infra/shared/keyvault.bicep b/infra/shared/keyvault.bicep
@@ -1,3 +1,4 @@
+metadata description = 'Creates an Azure Key Vault.'
 param name string
 param location string = resourceGroup().location
 param tags object = {}
@@ -28,4 +29,4 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
 }
 
 output endpoint string = keyVault.properties.vaultUri
-output name string = keyVault.name
+output name string = keyVault.name