Microsoft Azure Insights: Azure Container Registry; Cloud Shell; Accessing Key Vault; Windows Server node pools; Web Apps staging slots

November 24 2019

Azure pros share their insights on getting started with Azure Container Registry, working with Cloud Shell, accessing Key Vault from API Management and more.

Getting Azure Container Registry running

Thorsten Hans, writing on Thorsten's thoughts explained how to get going with Azure Container Registry in a two-part blog. The service is a private Docker Registry founded on Docker 2.0 which centralizes different containerized app architectures and provides flexible CLI commands and integration with Azure Kubernetes Service. A common recommendation is hosting ACR in its own Azure Resource Group to prevent it from getting accidentally deleted. Currently, ACR is split up between Basic, Standard and Premium versions. They have the same integrations with Azure AD and webhooks but vary in storage and bandwidth. Users can also consider geo replication if mission critical hosting is needed across multiple regions. After creating multiple Azure resources, Hans disabled the ACR Administrative Account, switching over to Azure AD for subsequent management and instituted geo replication.

Service Principals and Managed Service Identity both enable headless authentication, and users can apply wide-ranging roles such as AcrDelete, AcrImageSigner or Owner using Identity Access Management. He demonstrated how to let a group of Azure AD users push and pull Docker instances and detailed approaches for Content Trust, which verifies the source and integrity of Docker images.

Using Azure Cloud Shell hybrid features

About MSDW Reporter

More about MSDW Reporter