Sharing Bicep files within your organization using a private registry

8 mins read

Learn how to publish modules in a private registry and give access to users who need to deploy Bicep files as modules.

ūüí™Sharing Bicep files within your organization using a private¬†registry

This article will review how you can share Bicep files to be consumed as modules within your organization using a private registry.

It is finally here! The support for the Private Module registry is available as of October 15th, 2021!

Why should you consider using private registries?

This comes down to reusability and modularization. When working with more complex or more extensive environments in Azure, we can break our solution into different templates.

In ARM templates, we were able to break our solution into many related templates using linked or nested templates. Then, we deployed the solution through the main template and referenced linked or nested templates.

In Bicep, a module is defined as a set of one or more resources to be deployed together. A module only exposes parameters and outputs and hide details on how internal resources are defined.

To deploy complex solutions, you can break your Bicep template into many smaller Bicep templates and then deploy them together through the main template. Each template can be consumed as a module.

A module is a Bicep file that is consumed from another Bicep file. With modules, you improve the readability of your Bicep files by encapsulating complex details of your deployment.

This way, you can easily reuse modules for different deployments.

I organized my deployments into modules, now what?

The next step is to enable collaboration by reusing and sharing your Bicep templates across your organization.

You can leverage a Bicep private registry to publish Bicep modules that deploy resources pre-configured for your organization’s requirements. You will have control access and safely update the modules by using versions.

Bicep private registry

A Bicep registry is hosted on Azure Container Registry, a managed, private Docker registry service based on the open-source Docker Registry 2.0.

Think of a Bicep registry as a private repository to store and manage your Bicep modules and related artifacts.

How can we work with private registries?

To share Bicep modules within your organization, we can use a private registry. We will perform the following tasks:

Create a container registry by using a Bicep file

2. Configure a private registry

3. Publish a module in the private registry

Pre-requisites:

Azure Bicep and Azure PowerShell installed in your local machineAn active Azure subscriptionA user with the owner/contributor role enabledA resource group

Ensure you have at least the Bicep version 0.4.1008. You can verify the current Bicep installation using the command below:

bicep –version

1. Create a Container Registry using a Bicep file

The Bicep file below creates an Azure container registry:

@minLength(5)
@maxLength(50)
@description(‘Provide a globally unique name of your Azure Container Registry’)
param acrName string = ‘acr${uniqueString(resourceGroup().id)}’@description(‘Provide a location for the registry.’)
param location string = resourceGroup().location@description(‘Provide a tier of your Azure Container Registry.’)
param acrSku string = ‘Basic’resource acrResource ‘Microsoft.ContainerRegistry/registries@2021-06-01-preview’ = {
name: acrName
location: location
sku: {
name: acrSku
}
properties: {
adminUserEnabled: false
}
}

You can refer to the following URL to verify the Azure container registry template format:

Microsoft.ContainerRegistry/registries – Bicep & ARM template reference

We will deploy the above Bicep file using the command below:

$date = Get-Date -Format “MM-dd-yyyy”
$deploymentName = “AzInsiderDeployment”+”$date”New-AzResourceGroupDeployment -ResourceGroupName azinsidercr -TemplateFile .container-registry.bicep -acrName “azinsidercr” -c

Note we use the flag -c to have a preview of the deployment before executing it.

The image below shows the preview of the deployment:

Azure Container Registry‚Ää‚ÄĒ‚ÄäDeployment preview

Now we will execute the deployment. The image below shows the output from the deployment:

Deployment output

The next step is to configure a Bicep private registry

2. Configuring a private registry

First, we will get the login server name. You can get the login server name using Azure PowerShell or from the Azure Portal in the container registry we just deployed:

Container registry‚Ää‚ÄĒ‚ÄäLogin¬†Server

The command below shows how to get the login server name using PowerShell:

Get-AzContainerRegistry -ResourceGroupName “<resource-group-name>” -Name “<registry-name>”

To publish modules to a registry, you must have permission to push an image.

To deploy a module from a registry, you must have permission to pull the image.

Now let’s publish a Bicep module to the private registry.

3. Publishing a Bicep module to the private registry.

We will use the publish command and provide the Bicep files below that will be used as a module. Specify the target location for the module in your registry.

Copy the code below and save it as ‚ÄėappPlan.bicep‚Äô in your local¬†machine.

param appPlanPrefix string
param sku string = ‘F1’
param location string = ‘eastus’resource appServicePlan ‘Microsoft.Web/serverfarms@2021-01-15’ = {
//interpolate param
name: ‘${appPlanPrefix}AppPlan’
//pass on location param
location: location
kind: ‘linux’
sku: {
//pass on sku param
name: sku
}
properties:{
reserved: true
}

}
// Set an output which can be accessed by the module consumer
output appServicePlanId string = appServicePlan.id

Now we will publish the above Bicep file to the registry using the command below:

bicep publish appServicePlan.bicep –target ‘br:azinsidercr.azurecr.io/bicep/modules/app-service-plan:v1.0’

Notes:

Each module name path segment must be a lowercase alphanumeric string optionally separated by a ‚Äú.‚ÄĚ, ‚Äú_‚Ä̬†, or¬†‚Äú-‚ÄĚ.Valid characters are alphanumeric, ‚Äú_‚ÄĚ, or¬†‚Äú-‚ÄĚ.Bicep publish a module to a private¬†registry

Now you can go to the Azure Portal to your container registry, and under the repositories section, you will see the module published as shown below:

Bicep Module in a private registry

We can now reference the file in the registry from a Bicep file!

Check the complete update on the Bicep v. 0.4.1008 here: https://github.com/Azure/bicep/releases/tag/v0.4.1008

Join the AzInsider email list here.

-Dave R.

ūüí™Sharing Bicep files within your organization using a private registry was originally published in CodeX on Medium, where people are continuing the conversation by highlighting and responding to this story.

Leave a Reply

Your email address will not be published.

Follow Us