feat: Decouple container registry zone redundancy from private networking and make flexible

[Copilot]

zone_redundancy_enabled was hardcoded to var.use_private_networking, making it impossible to use private networking (Premium SKU) in regions without availability zone support (e.g., Jio India West). Setting agent_container_zone_support: false only affected container instance placement, not the registry.

Changes

• modules/azure/container_registry.tf — Zone redundancy is now independently controllable when using Premium SKU:

  # Before
  zone_redundancy_enabled = var.use_private_networking
  # After
  zone_redundancy_enabled = var.use_private_networking && var.container_registry_zone_redundancy_enabled

• modules/azure/variables.tf — New container_registry_zone_redundancy_enabled variable (default true, backward compatible)

• alz/azuredevops/ and alz/github/ — Expose container_registry_zone_redundancy_enabled (default null) as an independent override. Falls back to agent/runner zone support via coalesce():

  container_registry_zone_redundancy_enabled = coalesce(var.container_registry_zone_redundancy_enabled, var.agent_container_zone_support)

Usage

# Disable all zone support (container instances + registry)
agent_container_zone_support: false

# Or: keep container instance AZ support, disable only registry zone redundancy
agent_container_zone_support: true
container_registry_zone_redundancy_enabled: false

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature Request]: Separate variable for the zone redundancy parameter is needed to disable Container Registry Zone Redundancy</issue_title>
<issue_description>### Which product(s) are you raising for?

ALZ Terraform (AVM)

What is the feature request?

Zone redundancy (ZRS) is not supported in Jio Region, which caused bootstrap execution failures for storage accounts and container registries. For storage accounts, we resolved this by setting storage_account_replication_type: "LRS" in the Input.yaml file.

In the container registry module (modules/azure/container_registry.tf), zone_redundancy_enabled is set to var.use_private_networking, but a separate variable for the zone redundancy parameter is needed, since we are looking for agent resources (container instances and storage account to be created with private networking and container registry with zone redundancy disabled.

We proceeded by setting use_private_networking to false. (Container Instances and Storage account got created with public access)

Potential implementation/configuration

```</issue_description>

<agent_instructions>lets fix this by introducing either another variable for both ADO and GitHub as we have done already today - or re-use the existing variable to set resources that can utilize Availability Zones (Zones) to be able to not use them as an override</agent_instructions>

## Comments on the Issue (you are @copilot in this section)

<comments>
<comment_new><author>@jtracey93</author><body>
@mabhavsar23  Please use the `agent_container_zone_support: false` in the `inputs.yaml` file to achieve this outcome as per https://azure.github.io/Azure-Landing-Zones/accelerator/troubleshooting/#error-creating-container-group

</body></comment_new>
<comment_new><author>@jtracey93</author><body>
Report from customer when `agent_container_zone_support: false` in the `inputs.yaml` the below error still occurs @jaredfholgate 

Error: creating Registry (Subscription: "9fe35ee1-67c4-4c3b-a2db-96f5ef602a76"

│ Resource Group Name: "rg-slz-mgmt-agents-jioindiawest-001"

│ Registry Name: "acrslzmgmtjio001uhab"): performing Create: unexpected status 400 (400 Bad Request) with error: ZoneRedundancyNotSupported: Zone redundancy is not supported for the selected location jioindiawest.. For more information on availability zone, please visit https://aka.ms/acr/az.

│

│ with module.azure.azurerm_container_registry.alz[0],

│ on ....\modules\azure\container_registry.tf line 1, in resource "azurerm_container_registry" "alz":

│ 1: resource "azurerm_container_registry" "alz" {

</comments>

• Fixes [Feature Request]: Separate variable for the zone redundancy parameter is needed to disable Container Registry Zone Redundancy Azure-Landing-Zones#4011

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[jaredfholgate]

LGTM, linting failure appears unrelated to this PR and must have been introduced in an ealier commit.

[jaredfholgate]

LGTM