-
-
Notifications
You must be signed in to change notification settings - Fork 16
/
main.tf
82 lines (70 loc) · 2.73 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Azurerm Provider configuration
provider "azurerm" {
features {}
}
resource "azurerm_user_assigned_identity" "example" {
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
name = "registry-uai"
}
data "azurerm_key_vault_key" "example" {
name = "super-secret"
key_vault_id = data.azurerm_key_vault.existing.id
}
module "container-registry" {
source = "kumarvna/container-registry/azurerm"
version = "1.0.0"
# By default, this module will not create a resource group. Location will be same as existing RG.
# proivde a name to use an existing resource group, specify the existing resource group name,
# set the argument to `create_resource_group = true` to create new resrouce group.
resource_group_name = "rg-shared-westeurope-01"
location = "westeurope"
# Azure Container Registry configuration
# The `Classic` SKU is Deprecated and will no longer be available for new resources
container_registry_config = {
name = "containerregistrydemoproject01"
admin_enabled = true
sku = "Premium"
}
# The georeplications is only supported on new resources with the Premium SKU.
# The georeplications list cannot contain the location where the Container Registry exists.
georeplications = [
{
location = "northeurope"
zone_redundancy_enabled = true
},
{
location = "francecentral"
zone_redundancy_enabled = true
},
{
location = "uksouth"
zone_redundancy_enabled = true
}
]
identity_ids = [azurerm_user_assigned_identity.example.client_id]
encryption = {
key_vault_key_id = data.azurerm_key_vault_key.example.id
identity_client_id = azurerm_user_assigned_identity.example.client_id
}
# Set a retention policy with care--deleted image data is UNRECOVERABLE.
# A retention policy for untagged manifests is currently a preview feature of Premium container registries
# The retention policy applies only to untagged manifests with timestamps after the policy is enabled. Default is `7` days.
retention_policy = {
days = 10
enabled = true
}
# Content trust is a feature of the Premium service tier of Azure Container Registry.
enable_content_trust = true
# (Optional) To enable Azure Monitoring for Azure MySQL database
# (Optional) Specify `storage_account_name` to save monitoring logs to storage.
log_analytics_workspace_name = "loganalytics-we-sharedtest2"
# Adding TAG's to your Azure resources
tags = {
ProjectName = "demo-internal"
Env = "dev"
Owner = "user@example.com"
BusinessUnit = "CORP"
ServiceClass = "Gold"
}
}