Support private endpoints for Azure Container Registry

[eerhardt]

Description

This requires the Premium SKU, so automatically set it.

Needed to reduce duplication by adding a common ConfigureInfrastructure method for ACR.

NOTE: If you enable private endpoints on a Compute Environment's ACR, aspire deploy won't be able to push images to it, since public network access is disabled (default for any resource that enables private endpoints). You will need to enable network communication with the ACR from the compute that runs aspire deploy - or re-enable public network access. One example is to use Azure DevOps or GitHub Actions self-hosted runners that are in the VNet and can access via private endpoints.

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
• Did you add public API?
  • Yes
• Does the change make any security assumptions or guarantees?
  • No
• Does the change require an update in our Aspire docs?
  • Yes

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16132

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16132"

[Copilot]

Pull request overview

Adds Azure Private Endpoint support for Azure Container Registry (ACR) resources in Aspire’s Azure provisioning model, ensuring the correct ACR SKU/network settings are emitted when private endpoints are used.

Changes:

• Make AzureContainerRegistryResource a private endpoint target by implementing IAzurePrivateEndpointTarget and exposing an Id output reference.
• Update ACR provisioning to auto-select Premium SKU and disable public network access when a private endpoint annotation is present; always emit the id provisioning output.
• Add/refresh snapshot coverage, including a new private-endpoint lockdown snapshot + test.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/Aspire.Hosting.Azure.Tests/Snapshots/ExistingAzureResourceTests.SupportsExistingAzureContainerRegistryInRunMode.verified.bicep	Snapshot updated to include output id for existing ACR in run mode.
tests/Aspire.Hosting.Azure.Tests/Snapshots/ExistingAzureResourceTests.SupportsExistingAzureContainerRegistryInPublishMode.verified.bicep	Snapshot updated to include output id for existing ACR in publish mode.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzurePrivateEndpointLockdownTests.AddAzureContainerRegistry_WithPrivateEndpoint_GeneratesCorrectBicep.verified.bicep	New snapshot validating Premium SKU + public network lockdown + id output for ACR with private endpoint.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerRegistryTests.WithPurgeTask_WithHoursAndMinutesAgo_FormatsCorrectly.verified.bicep	Snapshot updated to include output id.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerRegistryTests.WithPurgeTask_MultipleTasks_GeneratesUniqueNames.verified.bicep	Snapshot updated to include output id.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerRegistryTests.WithPurgeTask_GeneratesCorrectBicep.verified.bicep	Snapshot updated to include output id.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerRegistryTests.WithPurgeTask_CustomTaskName_UsedInBicep.verified.bicep	Snapshot updated to include output id.
tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerRegistryTests.AddAzureContainerRegistry_GeneratesCorrectManifestAndBicep.verified.bicep	Snapshot updated to include output id.
tests/Aspire.Hosting.Azure.Tests/AzurePrivateEndpointLockdownTests.cs	Adds a private-endpoint lockdown verification test for ACR.
src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryResource.cs	Implements IAzurePrivateEndpointTarget, adds Id output reference, and provides group id + DNS zone for ACR private link.
src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryExtensions.cs	Detects private endpoint annotation to set Premium SKU + disable public network access; emits id provisioning output.

[davidfowl]

Approved. Main usability note from reviewing the private-endpoint flow: this works for private-networked deployment environments, but it is not a seamless "deploy from anywhere" feature.

Once an ACR private endpoint is configured and public network access is disabled, the machine running aspire deploy must have network line-of-sight and private DNS to the registry. That means local/public-network deploy hosts won't work unless they're connected via VPN, ExpressRoute, peering, or the deploy runs from a VM/runner inside the VNet.

For CI, GitHub Actions can use Azure private networking for GitHub-hosted runners or self-hosted runners. For Azure DevOps, the clearest documented path today is a self-hosted agent in the VNet.

[sebastienros]

Looks good one deployment bug here. If a Container Apps / App Service / Foundry deployment uses this registry and the caller adds a private endpoint, this code disables public network access during infrastructure provisioning, but the image push pipeline still logs in and pushes from the caller machine (AzureContainerRegistryResource wires acr-login into PushPrereq, and the compute deployment steps in AzureContainerAppResource, AzureAppServiceWebSiteResource, and AzureHostedAgentResource all depend on push steps). That means a normal local machine or hosted CI agent loses reachability to ACR before docker login / docker push runs, so aspire deploy now fails unless the agent already has line-of-sight into the private endpoint. This is a regression from the previous default-registry flow, which stayed publicly reachable for the push phase. Likely fix direction: keep public access available until the image push is complete, or gate this path behind an explicit self-hosted/in-VNet deployment workflow.overall

[eerhardt]

Yep - I called that out in the top comment

NOTE: If you enable private endpoints on a Compute Environment's ACR, aspire deploy won't be able to push images to it, since public network access is disabled (default for any resource that enables private endpoints). You will need to enable network communication with the ACR from the compute that runs aspire deploy - or re-enable public network access. One example is to use Azure DevOps or GitHub Actions self-hosted runners that are in the VNet and can access via private endpoints.

We will have to add a note to docs for this.