Skip to main content

Container Image

Properties

PropertyDescriptionValuesExample
type
string		component type Type of component to deploy. Determines which configuration block is required (helm_chart, terraform_module, docker_build, container_image, kubernetes_manifest, or job)✅ Required"terraform_module", "helm_chart", "docker_build", "container_image", "kubernetes_manifest", "pulumi"
name
string		component name Unique identifier for the component within the app. Used for referencing in dependencies and templates✅ Required"database", "api-server", "frontend"
var_name
string		variable name for component output Optional name to use when storing component outputs as variables. If not specified, uses the component nameOptional"db_endpoint", "api_host"
labels
object		Key/value labels used to organize and filter components. Metadata only; does not affect deploymentOptional-
dependencies
array		component dependencies List of other components that must be deployed before this component. Automatically extracted from template referencesOptional"database", "infrastructure"
operation_roles
array		operation-specific IAM role assignments Map of component operations to IAM role names. Allows using different roles for different operations (provision, deprovision, update). Roles must be defined …Optional-
aws_ecr
AWSECRConfig		AWS ECR image configuration Configuration for pulling images from AWS Elastic Container Registry. Use when deploying images from private ECR repositoriesOptional-
gcp_gar
GCPGARConfig		GCP Artifact Registry image configuration Configuration for pulling images from Google Artifact Registry. Use when deploying images from private GAR repositoriesOptional-
public
PublicImageConfig		public registry image configuration Configuration for pulling images from public container registries (Docker Hub, Quay.io, GCR, etc)Optional-
build_timeout
string		build operation timeout Duration string for build operations (e.g., “30m”, “1h”). Default: 15m. Max: 1hOptional
Default: "15m"		"30m", "1h"
deploy_timeout
string		deploy operation timeout Duration string for deploy operations (e.g., “30m”, “1h”). Default: 5m. Max: 1hOptional
Default: "5m"		"30m", "1h"

operation_roles

PropertyDescriptionValuesExample
operation
string		operation type Type of operation: provision, deprovision, update, reprovision, or trigger✅ Required"provision", "deploy", "deprovision"
role
string		IAM role name Name of the IAM role to use for this operation (not ARN). Role must exist in install stack outputs✅ Required"{{.nuon.install.id}}-maintenance", "{{.nuon.install.id}}-provision"

aws_ecr

PropertyDescriptionValuesExample
iam_role_arn
string		IAM role ARN for ECR access ARN of the IAM role with permissions to pull images from the ECR repository✅ Required"arn:aws:iam::123456789012:role/ecr-pull-role"
region
string		AWS region for the ECR repository AWS region where the ECR repository is located✅ Required"us-east-1", "us-west-2", "eu-west-1"
image_url
string		ECR image URL Full URL to the ECR image (without tag). Format: <account-id>.dkr.ecr.<region>.amazonaws.com/<repository-name>/<image-name>✅ Required"123456789012.dkr.ecr.us-east-1.amazonaws.com/myapp/api", "123456789012.dkr.ecr.us-west-2.amazonaws.com/myapp/worker"
tag
string		image tag Tag or version of the container image to deploy. Either tag or update_policy must be set. Supports templating (e.g., {{.nuon.install.id}})Optional"v1.0.0", "latest", "{{.nuon.install.id}}"
update_policy
string		semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa…Optional"~1.25.0", "^2.0.0", "\u003e=1.0.0,\u003c2.0.0", "1.x", `“^1.0^2.0”`

gcp_gar

PropertyDescriptionValuesExample
gcp_project_id
string		GCP project ID Google Cloud project ID where the Artifact Registry repository is located✅ Required"my-gcp-project"
region
string		GCP region for the GAR repository Google Cloud region where the Artifact Registry repository is located✅ Required"us-central1", "us-east1", "europe-west1"
image_url
string		GAR image URL Full URL to the GAR image (without tag). Format: <region>-docker.pkg.dev/<project>/<repository>/<image>✅ Required"us-central1-docker.pkg.dev/my-project/my-repo/my-image"
tag
string		image tag Tag or version of the container image to deploy. Either tag or update_policy must be set. Supports templating (e.g., {{.nuon.install.id}})Optional"v1.0.0", "latest", "{{.nuon.install.id}}"
service_account_email
string		GCP service account for impersonation Optional service account email to impersonate when pulling from GAR. If not set, uses application default credentialsOptional"my-sa@my-project.iam.gserviceaccount.com"
workload_identity_provider
string		-Optional-
update_policy
string		semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa…Optional"~1.25.0", "^2.0.0", "\u003e=1.0.0,\u003c2.0.0", "1.x", `“^1.0^2.0”`

public

PropertyDescriptionValuesExample
image_url
string		container image URL Full URL to the container image from a public registry (Docker Hub, Quay.io, etc). Format: [registry/]<repository>/<image-name>✅ Required"nginx:latest", "docker.io/library/postgres", "quay.io/myorg/myapp", "gcr.io/myproject/myapp"
tag
string		image tag Tag or version of the container image to deploy. Either tag or update_policy must be set. Supports templating (e.g., {{.nuon.install.id}})Optional"v1.0.0", "latest", "{{.nuon.install.id}}"
update_policy
string		semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa…Optional"~1.25.0", "^2.0.0", "\u003e=1.0.0,\u003c2.0.0", "1.x", `“^1.0^2.0”`