> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nuon.co/llms.txt
> Use this file to discover all available pages before exploring further.
> JSON Schema reference for container-image configuration
# Container Image
# Container Image
## Properties
| Property | Description | Values | Example |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| **`type`**
string | component type Type of component to deploy. Determines which configuration block is required (helm\_chart, terraform\_module, docker\_build, container\_image, kubernetes\_manifest, or job) | **✅ Required** | `"terraform_module"`, `"helm_chart"`, `"docker_build"`, `"container_image"`, `"kubernetes_manifest"`, `"pulumi"` |
| **`name`**
string | component name Unique identifier for the component within the app. Used for referencing in dependencies and templates | **✅ Required** | `"database"`, `"api-server"`, `"frontend"` |
| **`var_name`**
string | variable name for component output Optional name to use when storing component outputs as variables. If not specified, uses the component name | **Optional** | `"db_endpoint"`, `"api_host"` |
| **`labels`**
object | Key/value labels used to organize and filter components. Metadata only; does not affect deployment | **Optional** | - |
| **`dependencies`**
array | component dependencies List of other components that must be deployed before this component. Automatically extracted from template references | **Optional** | `"database"`, `"infrastructure"` |
| **`operation_roles`**
[array](#operation_roles) | operation-specific IAM role assignments Map of component operations to IAM role names. Allows using different roles for different operations (provision, deprovision, update). Roles must be defined ... | **Optional** | - |
| **`toggleable`**
boolean | - | **Optional** | - |
| **`default_enabled`**
boolean | - | **Optional** | - |
| **`aws_ecr`**
[AWSECRConfig](#aws_ecr) | AWS ECR image configuration Configuration for pulling images from AWS Elastic Container Registry. Use when deploying images from private ECR repositories | **Optional** | - |
| **`gcp_gar`**
[GCPGARConfig](#gcp_gar) | GCP Artifact Registry image configuration Configuration for pulling images from Google Artifact Registry. Use when deploying images from private GAR repositories | **Optional** | - |
| **`azure_acr`**
[AzureACRConfig](#azure_acr) | Azure Container Registry image configuration Configuration for pulling images from Azure Container Registry. Use when deploying images from private ACR repositories | **Optional** | - |
| **`public`**
[PublicImageConfig](#public) | public registry image configuration Configuration for pulling images from public container registries (Docker Hub, Quay.io, GCR, etc) | **Optional** | - |
| **`build_timeout`**
string | build operation timeout Duration string for build operations (e.g., "30m", "1h"). Default: 15m. Max: 1h | **Optional**
Default: `"15m"` | `"30m"`, `"1h"` |
| **`deploy_timeout`**
string | deploy operation timeout Duration string for deploy operations (e.g., "30m", "1h"). Default: 5m. Max: 1h | **Optional**
Default: `"5m"` | `"30m"`, `"1h"` |
### `operation_roles`
| Property | Description | Values | Example |
| --------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------ |
| **`operation`**
string | operation type Type of operation: provision, deprovision, update, reprovision, or trigger | **✅ Required** | `"provision"`, `"deploy"`, `"deprovision"` |
| **`role`**
string | IAM role name Name of the IAM role to use for this operation (not ARN). Role must exist in install stack outputs | **✅ Required** | `"{{.nuon.install.id}}-maintenance"`, `"{{.nuon.install.id}}-provision"` |
### `aws_ecr`
| Property | Description | Values | Example | | |
| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------- | - | ------- |
| **`iam_role_arn`**
string | IAM role ARN for ECR access ARN of the IAM role with permissions to pull images from the ECR repository | **✅ Required** | `"arn:aws:iam::123456789012:role/ecr-pull-role"` | | |
| **`region`**
string | AWS region for the ECR repository AWS region where the ECR repository is located | **✅ Required** | `"us-east-1"`, `"us-west-2"`, `"eu-west-1"` | | |
| **`image_url`**
string | ECR image URL Full URL to the ECR image (without tag). Format: \.dkr.ecr.\.amazonaws.com/\/\ | **✅ Required** | `"123456789012.dkr.ecr.us-east-1.amazonaws.com/myapp/api"`, `"123456789012.dkr.ecr.us-west-2.amazonaws.com/myapp/worker"` | | |
| **`tag`**
string | image tag Tag or version of the container image to deploy. Either tag or update\_policy must be set. Supports templating (e.g., \{\{.nuon.install.id}}) | **Optional** | `"v1.0.0"`, `"latest"`, `"{{.nuon.install.id}}"` | | |
| **`update_policy`**
string | semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa... | **Optional** | `"~1.25.0"`, `"^2.0.0"`, `"\u003e=1.0.0,\u003c2.0.0"`, `"1.x"`, \`"^1.0 | | ^2.0"\` |
### `gcp_gar`
| Property | Description | Values | Example | | |
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------- | - | ------- |
| **`gcp_project_id`**
string | GCP project ID Google Cloud project ID where the Artifact Registry repository is located | **✅ Required** | `"my-gcp-project"` | | |
| **`region`**
string | GCP region for the GAR repository Google Cloud region where the Artifact Registry repository is located | **✅ Required** | `"us-central1"`, `"us-east1"`, `"europe-west1"` | | |
| **`image_url`**
string | GAR image URL Full URL to the GAR image (without tag). Format: \-docker.pkg.dev/\/\/\ | **✅ Required** | `"us-central1-docker.pkg.dev/my-project/my-repo/my-image"` | | |
| **`tag`**
string | image tag Tag or version of the container image to deploy. Either tag or update\_policy must be set. Supports templating (e.g., \{\{.nuon.install.id}}) | **Optional** | `"v1.0.0"`, `"latest"`, `"{{.nuon.install.id}}"` | | |
| **`service_account_email`**
string | GCP service account for impersonation Optional service account email to impersonate when pulling from GAR. If not set, uses application default credentials | **Optional** | `"my-sa@my-project.iam.gserviceaccount.com"` | | |
| **`workload_identity_provider`**
string | - | **Optional** | - | | |
| **`update_policy`**
string | semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa... | **Optional** | `"~1.25.0"`, `"^2.0.0"`, `"\u003e=1.0.0,\u003c2.0.0"`, `"1.x"`, \`"^1.0 | | ^2.0"\` |
### `azure_acr`
| Property | Description | Values | Example | | |
| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------- | - | ------- |
| **`image_url`**
string | ACR image URL Full URL to the ACR image (without tag). Format: \.azurecr.io/\/\ | **✅ Required** | `"myregistry.azurecr.io/myapp/api"` | | |
| **`registry_url`**
string | ACR login server Azure Container Registry login server. Format: \.azurecr.io | **✅ Required** | `"myregistry.azurecr.io"` | | |
| **`tag`**
string | image tag Tag or version of the container image to deploy. Either tag or update\_policy must be set. Supports templating (e.g., \{\{.nuon.install.id}}) | **Optional** | `"v1.0.0"`, `"latest"`, `"{{.nuon.install.id}}"` | | |
| **`tenant_id`**
string | Azure tenant ID for service principal auth Optional Azure AD tenant ID. If set with client\_id, the runner uses service principal credentials; otherwise it uses default Azure credentials | **Optional** | `"00000000-0000-0000-0000-000000000000"` | | |
| **`client_id`**
string | Azure client ID for service principal auth Optional Azure AD client (application) ID. If set with tenant\_id, the runner uses service principal credentials; otherwise it uses default Azure credentials | **Optional** | `"00000000-0000-0000-0000-000000000000"` | | |
| **`update_policy`**
string | semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa... | **Optional** | `"~1.25.0"`, `"^2.0.0"`, `"\u003e=1.0.0,\u003c2.0.0"`, `"1.x"`, \`"^1.0 | | ^2.0"\` |
### `public`
| Property | Description | Values | Example | | |
| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------- | - | ------- |
| **`image_url`**
string | container image URL Full URL to the container image from a public registry (Docker Hub, Quay.io, etc). Format: \[registry/]\/\ | **✅ Required** | `"nginx:latest"`, `"docker.io/library/postgres"`, `"quay.io/myorg/myapp"`, `"gcr.io/myproject/myapp"` | | |
| **`tag`**
string | image tag Tag or version of the container image to deploy. Either tag or update\_policy must be set. Supports templating (e.g., \{\{.nuon.install.id}}) | **Optional** | `"v1.0.0"`, `"latest"`, `"{{.nuon.install.id}}"` | | |
| **`update_policy`**
string | semver constraint for tag resolution Semver constraint for picking a tag at build time. When set, at each build the runner lists tags from the registry, filters to those that parse as semver and sa... | **Optional** | `"~1.25.0"`, `"^2.0.0"`, `"\u003e=1.0.0,\u003c2.0.0"`, `"1.x"`, \`"^1.0 | | ^2.0"\` |