"networkRuleSet":{
"defaultAction": "[if(equals(parameters('networkRuleSetStatus'), 'Enabled'), 'Deny', 'Allow')]",
"virtualNetworkRules":[{
"action": "Allow",
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]"
}],
"copy":[{
"name":"ipRules",
"count":"[length(parameters('ip'))]",
"input":{
"action": "Allow",
"value": "[parameters('ip') [copyIndex('ipRules')]]"
}
}]
},
The above lines are part of the ARM to pass the vnetid in the network section.
It's possible to integrate a vnet to the Azure container registry and what you did is right. But there is one thing you may miss. The thing is when you want to allow a subnet to access the container registry, you need to enable the private endpoint for the container registry in that subnet. The example CLI command here:
az network vnet subnet update \
--name myDockerVMSubnet \
--vnet-name myDockerVMVNET \
--resource-group myResourceGroup \
--service-endpoints Microsoft.ContainerRegistry
After this action, then you can add the network rule through the template as you showed.