diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 00000000..a34b2b20
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,2 @@
+All the examples for CAF modules.
+#
diff --git a/examples/container_registry.tfvars b/examples/container_registry.tfvars
new file mode 100644
index 00000000..f7369d56
--- /dev/null
+++ b/examples/container_registry.tfvars
@@ -0,0 +1,63 @@
+container_registries = {
+  acr_test_1 = {
+    resource_group_ref = "rg_test"
+    name               = "acrtestdevne01"
+    sku                = "Premium"
+
+    georeplications = {
+      georeplication_test_1 = {
+        location                = "West Europe"
+        zone_redundancy_enabled = true
+        tags                    = { Owner = "prod" }
+      }
+    }
+
+    private_endpoint = {
+      name       = "pe-acrtestdevne01"
+      subnet_ref = "vnet_test/snet_private_endpoint_1"
+
+      # This block is needed only if you need name different than the default
+      private_service_connection = {
+        name = "test-privateserviceconnection"
+      }
+
+      private_dns_zone_group_ref = "container_registries"
+    }
+  }
+}
+
+# pre-requisites
+resource_groups = {
+  rg_test = {
+    name     = "rg-test-dv-ne-01"
+    location = "northeurope"
+  }
+}
+
+private_dns_zones = {
+  container_registries = {
+    resource_kind      = "container_registries"
+    resource_group_ref = "rg_test"
+    vnet_ref           = ["vnet_test"]
+  }
+}
+
+virtual_networks = {
+  vnet_test = {
+    name               = "vnet-test-dv-ne-01"
+    resource_group_ref = "rg_test"
+    cidr               = ["10.10.10.0/24"]
+    subnets = {
+      snet_private_endpoint_1 = {
+        name              = "snet-private-endpoint_1"
+        cidr              = ["10.10.10.0/25"]
+        service_endpoints = ["Microsoft.ContainerRegistry"]
+      }
+      snet_private_endpoint_2 = {
+        name              = "snet-private-endpoint_2"
+        cidr              = ["10.10.10.128/25"]
+        service_endpoints = ["Microsoft.ContainerRegistry"]
+      }
+    }
+  }
+}
diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf
index 34f47380..184854a2 100644
--- a/src/_variables.resources.tf
+++ b/src/_variables.resources.tf
@@ -26,4 +26,6 @@ variable "kubernetes_clusters" { default = {} }
 
 variable "role_assignments" { default = {} }
 
+variable "container_registries" { default = {} }
+
 variable "managed_disks" { default = {} }
diff --git a/src/container_registry.tf b/src/container_registry.tf
new file mode 100644
index 00000000..eebcb974
--- /dev/null
+++ b/src/container_registry.tf
@@ -0,0 +1,13 @@
+module "container_registries" {
+  source   = "./modules/container_registry"
+  for_each = var.container_registries
+
+  settings        = each.value
+  global_settings = local.global_settings
+
+  resources = {
+    resource_groups   = module.resource_groups
+    virtual_networks  = module.virtual_networks
+    private_dns_zones = module.private_dns_zones
+  }
+}
diff --git a/src/modules/_networking/local_network_gateway/_variables.tf b/src/modules/_networking/local_network_gateway/_variables.tf
index 315edc56..6f1524d4 100644
--- a/src/modules/_networking/local_network_gateway/_variables.tf
+++ b/src/modules/_networking/local_network_gateway/_variables.tf
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/_networking/local_network_gateway/local_network_gateway.tf b/src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf
similarity index 100%
rename from src/modules/_networking/local_network_gateway/local_network_gateway.tf
rename to src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf
diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf
index 53c86680..d5dd2830 100644
--- a/src/modules/_networking/private_dns_zone/_locals.tf
+++ b/src/modules/_networking/private_dns_zone/_locals.tf
@@ -1,13 +1,8 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
-  tags = merge(
-    var.global_settings.tags,
-    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
-    try(var.settings.tags, {})
-  )
+
   vnet_ids = {
     for vnet in var.settings.vnet_ref :
     vnet => {
@@ -15,15 +10,23 @@ locals {
       id   = var.resources.virtual_networks[vnet].id
     }
   }
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
 }
+
 locals {
   # local object used to map possible private dns zoone names
   zone_names = {
-    "storage_blob"   = "privatelink.blob.core.windows.net"
-    "storage_tables" = "privatelink.table.core.windows.net"
-    "storage_queues" = "privatelink.queue.core.windows.net"
-    "storage_files"  = "privatelink.file.core.windows.net"
-    "function_apps"  = "privatelink.azurewebsites.net"
-    "keyvaults"      = "privatelink.vaultcore.azure.net"
+    "storage_blob"         = "privatelink.blob.core.windows.net"
+    "storage_tables"       = "privatelink.table.core.windows.net"
+    "storage_queues"       = "privatelink.queue.core.windows.net"
+    "storage_files"        = "privatelink.file.core.windows.net"
+    "function_apps"        = "privatelink.azurewebsites.net"
+    "keyvaults"            = "privatelink.vaultcore.azure.net"
+    "container_registries" = "privatelink.azurecr.io"
   }
 }
diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf
index 0d4f3d12..86b619a2 100644
--- a/src/modules/_networking/private_dns_zone/_outputs.tf
+++ b/src/modules/_networking/private_dns_zone/_outputs.tf
@@ -1,3 +1,7 @@
 output "id" {
   value = azurerm_private_dns_zone.main.id
 }
+
+output "name" {
+  value = azurerm_private_dns_zone.main.name
+}
diff --git a/src/modules/_networking/private_dns_zone/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf
index 4ee12d7c..6f1524d4 100644
--- a/src/modules/_networking/private_dns_zone/_variables.tf
+++ b/src/modules/_networking/private_dns_zone/_variables.tf
@@ -7,9 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups  = map(any)
-    virtual_networks = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/_networking/public_ip/_variables.tf b/src/modules/_networking/public_ip/_variables.tf
index 315edc56..6f1524d4 100644
--- a/src/modules/_networking/public_ip/_variables.tf
+++ b/src/modules/_networking/public_ip/_variables.tf
@@ -7,8 +7,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    resource_groups = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/_networking/vnet_peering/_variables.tf b/src/modules/_networking/vnet_peering/_variables.tf
index cc077015..4e8c0d49 100644
--- a/src/modules/_networking/vnet_peering/_variables.tf
+++ b/src/modules/_networking/vnet_peering/_variables.tf
@@ -11,8 +11,5 @@ variable "settings" {
 }
 
 variable "resources" {
-  type = object({
-    virtual_networks = map(any)
-  })
   description = "All required resources"
 }
diff --git a/src/modules/container_registry/_locals.tf b/src/modules/container_registry/_locals.tf
new file mode 100644
index 00000000..f6c460f6
--- /dev/null
+++ b/src/modules/container_registry/_locals.tf
@@ -0,0 +1,21 @@
+locals {
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+
+  dns_zone_group       = try(var.resources.private_dns_zones[var.settings.private_endpoint.private_dns_zone_group_ref], null)
+  dns_zone_group_name  = try(local.dns_zone_group.name, null)
+  private_dns_zone_ids = try([local.dns_zone_group.id], null)
+
+  subnet_id = try(var.resources.virtual_networks[
+    split("/", var.settings.private_endpoint.subnet_ref)[0]
+    ].subnets[
+    split("/", var.settings.private_endpoint.subnet_ref)[1]
+  ].id, null)
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
+}
diff --git a/src/modules/container_registry/_outputs.tf b/src/modules/container_registry/_outputs.tf
new file mode 100644
index 00000000..ffcc4613
--- /dev/null
+++ b/src/modules/container_registry/_outputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_container_registry.main.id
+}
diff --git a/src/modules/container_registry/_variables.tf b/src/modules/container_registry/_variables.tf
new file mode 100644
index 00000000..23af81a0
--- /dev/null
+++ b/src/modules/container_registry/_variables.tf
@@ -0,0 +1,11 @@
+variable "global_settings" {
+  description = "Global settings for tinycaf"
+}
+
+variable "settings" {
+  description = "All the configuration for a azure container registry"
+}
+
+variable "resources" {
+  description = "All required resources"
+}
diff --git a/src/modules/container_registry/container_registry.tf b/src/modules/container_registry/container_registry.tf
new file mode 100644
index 00000000..f45bf231
--- /dev/null
+++ b/src/modules/container_registry/container_registry.tf
@@ -0,0 +1,20 @@
+resource "azurerm_container_registry" "main" {
+  name                = var.settings.name
+  resource_group_name = local.resource_group_name
+  location            = local.location
+  tags                = local.tags
+  sku                 = var.settings.sku
+
+  public_network_access_enabled = try(var.settings.public_network_access_enabled, false)
+  admin_enabled                 = try(var.settings.admin_enabled, false)
+
+  dynamic "georeplications" {
+    for_each = try(var.settings.georeplications, null)
+
+    content {
+      location                = try(georeplications.value.location, null)
+      zone_redundancy_enabled = try(georeplications.value.zone_redundancy_enabled, false)
+      tags                    = try(georeplications.value.tags, null)
+    }
+  }
+}
diff --git a/src/modules/container_registry/private_endpoint.tf b/src/modules/container_registry/private_endpoint.tf
new file mode 100644
index 00000000..3d9521e1
--- /dev/null
+++ b/src/modules/container_registry/private_endpoint.tf
@@ -0,0 +1,20 @@
+resource "azurerm_private_endpoint" "main" {
+  name                = "pe-${var.settings.name}"
+  resource_group_name = local.resource_group_name
+  location            = local.location
+  subnet_id           = local.subnet_id
+
+  tags = local.tags
+
+  private_service_connection {
+    name                           = try(var.settings.private_endpoint.private_service_connection.name, "psc-${var.settings.name}")
+    private_connection_resource_id = azurerm_container_registry.main.id
+    is_manual_connection           = try(var.settings.private_endpoint.private_service_connection.is_manual_connection, false)
+    subresource_names              = ["registry"]
+  }
+
+  private_dns_zone_group {
+    name                 = local.dns_zone_group_name
+    private_dns_zone_ids = local.private_dns_zone_ids
+  }
+}