edits from the feedback

tejaswikolli-web · tejaswikolli-web · commit 0045f9b28fa1 · 2023-02-13T11:57:09.000-08:00
diff --git a/articles/container-registry/tutorial-enable-registry-cache-auth.md b/articles/container-registry/tutorial-enable-registry-cache-auth.md
@@ -6,7 +6,7 @@ ms.date: 04/19/2022
 ms.author: tejaswikolli
 ---
 
-# Enable Registry Cache
+# # Enable Caching for ACR with authentication - Azure portal
 
 This article is part three of a four-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. In [part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. 
 
@@ -16,7 +16,8 @@ This article walks you through the steps of enabling Caching for ACR with authen
 
 * Sign in to the [Azure portal](https://ms.portal.azure.com/). 
 
-## Configure Registry Cache - Azure portal
+
+## Configure Caching for ACR with authentication - Azure portal
 
 Follow the steps to create cache rule in the [Azure portal](https://portal.azure.com). 
 
@@ -42,7 +43,7 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 
 5. Enter the **Rule name**.
 
-6. Select **Source** Registry from the dropdown menu. Currently ACR supports **Docker Hub** and **Microsoft Artifact Registry**. 
+6. Select **Source** Registry from the dropdown menu. Currently, Caching for ACR only supports **Docker Hub** and **Microsoft Artifact Registry**. 
 
 7. Enter the **Repository Path** to the artifacts you want to cache.
 
@@ -52,15 +53,21 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 
 10. If you have the credentials ready, **Select credentials** from the drop-down menu.
 
-11. Under the **Destination**, Enter the name of the **New ACR repository path** to store cached artifacts.
+11. Under the **Destination**, Enter the name of the **New ACR Repository Namespace** to store cached artifacts.
 
 
     :::image type="content" source="./media/container-registry-registry-cache/save-cache-rule-04.png" alt-text="Screenshot to save Cache Rule.":::
 
 
 12. Select on **Save** 
 
-13. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
+13. Run the [az keyvault set-policy][az-keyvault-set-policy] command to assign access to the Key Vault, before pulling the image.
+
+```azurecli-interactive
+az keyvault set-policy --name myKeyVaultName --object-id myObjID --secret-permissions get
+```
+
+14. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
 
 ### Create new credentials
 
@@ -88,4 +95,5 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 * Advance to the [next article](tutorial-troubleshoot-registry-cache.md) to walk through the troubleshoot guide for Registry Cache.
 
 <!-- LINKS - External -->
-[create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
+[create-and-store-keyvault-credentials]: ../key-vault/secrets/quick-create-portal.md
+[az-keyvault-set-policy]: ../azure/key-vault/general/assign-access-policy.md#assign-an-access-policy
diff --git a/articles/container-registry/tutorial-enable-registry-cache.md b/articles/container-registry/tutorial-enable-registry-cache.md
@@ -14,7 +14,7 @@ This article is part two of a four-part tutorial series. [Part one](tutorial-reg
 
 * Sign in to the [Azure portal](https://ms.portal.azure.com/). 
 
-## Configure Registry Cache - Azure portal
+## Configure Caching for ACR - Azure portal
 
 Follow the steps to create cache rule in the [Azure portal](https://portal.azure.com). 
 
@@ -40,25 +40,32 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 
 5. Enter the **Rule name**.
 
-6. Select **Source** Registry from the dropdown menu. Currently ACR supports **Docker Hub** and **Microsoft Artifact Registry**. 
+6. Select **Source** Registry from the dropdown menu. Currently, Caching for ACR only supports **Docker Hub** and **Microsoft Artifact Registry**. 
 
 7. Enter the **Repository Path** to the artifacts you want to cache.
 
 8. You can skip **Authentication**, if you aren't accessing a private repository or performing an authenticated pull.
 
-9. Under the **Destination**, Enter the name of the **New ACR repository path** to store cached artifacts.
+9. Under the **Destination**, Enter the name of the **New ACR Repository Namespace** to store cached artifacts.
 
 
     :::image type="content" source="./media/container-registry-registry-cache/save-cache-rule-04.png" alt-text="Screenshot to save Cache Rule.":::
 
 
 10. Select on **Save** 
 
-11. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
+11. Run the [az keyvault set-policy][az-keyvault-set-policy] command to assign access to the Key Vault, before pulling the image.
+
+```azurecli-interactive
+az keyvault set-policy --name myKeyVaultName --object-id myObjID --secret-permissions get
+```
+
+12. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
 
 ## Next steps
 
 * Advance to the [next article](tutorial-enable-registry-cache-auth.md) to enable the Caching for ACR with authentication using Azure portal.
 
 <!-- LINKS - External -->
-[create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
+[create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
+[az-keyvault-set-policy]: ../azure/key-vault/general/assign-access-policy.md#assign-an-access-policy
diff --git a/articles/container-registry/tutorial-registry-cache.md b/articles/container-registry/tutorial-registry-cache.md
@@ -19,50 +19,53 @@ This article is part one in a four-part tutorial series. The tutorial covers:
 
 ## Caching for ACR
 
-Caching for ACR enables you to cache container images from public registries. 
+Caching for ACR enables you to cache container images from public and private repositories. 
 
 Implementing Caching for ACR provides the following benefits:
 
 ***High-speed pull operations:*** Faster pulls of container images are achievable by caching the container images in ACR. Since Microsoft manages the Azure network, pull operations are faster by providing Geo-Replication and Availability Zone support to the customers.
 
 ***Private networks:*** Cached registries are available on private networks. Therefore, users can configure their firewall to meet compliance standards. 
 
-***Docker Rate Limit:***  Docker has updated their terms of services. The new limits allow anonymous users to 100 pull operations every six hours. Free Docker account users have 200 pull operations limit for every six hours. The Docker subscription users have 5000 pull operations limit for every 24 hours. Caching for ACR allows users to pull images from the cache. Container images pulled from the cache ***do not*** count toward Docker's pull limit. Learn more docker hub rate limit [here][docker-rate-limit]. 
-
-## Preview Limitations
-
-- Quarantine functions like signing, scanning, and manual compliance approval are on the roadmap but aren't included in this release.
-
-- Caching will only occur after the container image is requested at least once. For every new image available, a new pull request must be made. Caching for ACR doesn't automatically pull new version of images when a new version is available. This is on the roadmap but isn't supported in this release. 
-
--  Caching for ACR only supports Docker Hub and Microsoft Artifact Registry. Multiple other registries  including self-hosted registries are on the roadmap but aren't included in this release.
-
-- Caching for ACR is only available by using the Azure portal. The Azure CLI is released in the coming weeks.   
+***Docker Rate Limit:***  Docker has updated their terms of services to rate limit pulls for customers. The rate limit of the pull depends on the  type of account in use. Caching for ACR allows users to pull images from the cache. Container images pulled from the cache ***do not*** count toward Docker's pull limit. Learn more docker hub rate limit [here][docker-rate-limit]. 
 
+ 
 ## Terminology 
 
 - Cache Rule
-    - Cache Rules are a set of rules you can create to pull artifacts from a supported registry into your cache. A cache rule contains four parts:
+    -  A Cache Rule is a rule you can create to pull artifacts from a supported repository into your cache. A cache rule contains four parts:
         
-        1. A Rule Name - The name of your cache rule. For example, `Hello-World-Cache`.
+        1. Rule Name - The name of your cache rule. For example, `Hello-World-Cache`.
 
-        2. A Source - The name of the Source Registry. Currently, we only support **Docker Hub** and **Microsoft Artifact Registry**. 
+        2. Source - The name of the Source Registry. Currently, we only support **Docker Hub** and **Microsoft Artifact Registry**. 
 
-        3. A Repository Path - The source path of the repository to find and retrieve artifacts you want to cache. For example, `docker.io/library/hello-world`.
+        3. Repository Path - The source path of the repository to find and retrieve artifacts you want to cache. For example, `docker.io/library/hello-world`.
 
-        4. An ACR Repository Path - The name of the new repository path to store artifacts. For example, `hello-world`. The Repository can't already exist inside the ACR instance. 
+        4. New ACR Repository Namespace - The name of the new repository path to store artifacts. For example, `hello-world`. The Repository can't already exist inside the ACR instance. 
 
-- Credential Set
-    - A credential set is a username and password for the source registry. A credential set is needed if you wish to authenticate with a public or private repository. A credential set contains four parts
+- Credentials
+    - Credentials are a set of username and password for the source registry. Credentials are needed if you wish to authenticate with a public or private repository. Credentials contains four parts
 
-        1. A Credential Set Name - The name of your credential set.
+        1. Credentials  - The name of your credentials.
 
-        2. A Source registry Login Server - The login server of your source registry. Only `docker.io` is supported. 
+        2. Source registry Login Server - The login server of your source registry. Only `docker.io` is supported. 
 
-        3. A Source Authentication - The key vault locations to store credentials. 
+        3. Source Authentication - The key vault locations to store credentials. 
         
         4. Username and Password secrets- The secrets containing the username and password. 
 
+## Preview Limitations
+
+- Quarantine functions like signing, scanning, and manual compliance approval are on the roadmap but aren't included in this release.
+
+- Caching will only occur after the container image is requested at least once. For every new image available, a new pull request must be made. Caching for ACR doesn't automatically pull new version of images when a new version is available. This is on the roadmap but isn't supported in this release. 
+
+-  Caching for ACR only supports Docker Hub and Microsoft Artifact Registry. Multiple other registries  including self-hosted registries are on the roadmap but aren't included in this release.
+
+- Caching for ACR only supports 50 cache rules.
+
+- Caching for ACR is only available by using the Azure portal. The Azure CLI is released in the coming weeks.  
+
 ## Next steps
 
 * To enable Caching for ACR using the Azure portal advance to the next article: [Enable Caching for ACR](tutorial-enable-registry-cache.md).
diff --git a/articles/container-registry/tutorial-troubleshoot-registry-cache.md b/articles/container-registry/tutorial-troubleshoot-registry-cache.md
@@ -6,35 +6,25 @@ ms.date: 04/19/2022
 ms.author: tejaswikolli
 ---
 
-# Troubleshoot guide for Registry Cache
+# Troubleshoot guide for Caching for ACR
 
 This article is part four in a four-part tutorial series. [Part one](tutorial-registry-cache.md) provides information about the Caching for ACR feature, its limitations, and benefits of the implementation in your registry. In [part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. In [part three](tutorial-enable-registry-cache-auth.md), you learn how to enable Caching for ACR feature with authentication by using the Azure portal.
 
 This article helps you troubleshoot problems you might encounter when attempting to use Caching for ACR.
 
-## Symptoms
+## Symptoms and Causes
 
 May include one or more of the following issues: 
 
-- Cached images don't appear in a live repository 
-
-- Unable to create a Credential set
+- Cached images don't appear in a real repository 
+  - [Cached images don't appear in a live repository](tutorial-troubleshoot-registry-cache.md#cached-images-dont-appear-in-a-live-repository) 
 
 - Credential set has an unhealthy status
+  - [Unhealthy Credential Set](tutorial-troubleshoot-registry-cache.md#unhealthy-credential-set)
 
 - Unable to create a cache rule
-
-## Causes 
-
-- Cache rule doesn't point to a real repository
-
-- URI of secrets is empty 
-
-- Credential set secret is invalid
-
-- The cache rule is trying to pull from an unsupported registry
-
-- 50 cache rules have been created
+  - [Unsupported Registries](tutorial-troubleshoot-registry-cache.md#unsupported-registries)
+  - [Cache rule Limit](tutorial-troubleshoot-registry-cache.md#cache-rule-limit)
 
 ## Potential Solutions
 
@@ -47,23 +37,22 @@ If you're having an issue with cached images not showing up in your repository i
 
 The Azure portal autofills these fields for you. However, many Docker repositories begin with `library/` in their path. For example, in-order to cache the `hello-world` repository, the correct Repository Path is `docker.io/library/hello-world`. 
 
-## Unable to create a Credential set
-
-We recommend before creating a credential set inside the Azure portal, ensure both the Username and Password secrets are associated with a Key Vault or secret URIs.
-
-- Credential sets can be stored using Azure Key Vault.
-- When using Azure Key vault, you must have a Key Vault name and Secret for both the Username and Password secrets. 
-
-Caching for ACR allows you to cache images from private Docker Hub repositories. In-order to store the credentials needed to access the private repository. You must create a credential set. 
-
 ## Unhealthy Credential Set
 
 Credential sets are a set of Key Vault secrets that operate as a Username and Password for private repositories. Unhealthy Credential sets are often a result of these secrets no longer being valid. Inside the Azure portal you can select the credential set, to edit and apply changes.
 
 - Verify the secrets in Azure Key Vault haven't expired. 
 - Verify the secrets in Azure Key Vault are valid.
+- Verify the access to the Azure Key Vault is assigned.
+
+To assign the access to Azure Key Vault:
+
+```azurecli-interactive
+az keyvault set-policy --name myKeyVaultName --object-id myObjID --secret-permissions get
+```
 
 Learn more about [Key Vaults][create-and-store-keyvault-credentials].
+Learn more about [Assigning the access to Azure Key Vault][az-keyvault-set-policy].
 
 ## Unable to create a Cache rule
 
@@ -83,4 +72,5 @@ If you're facing issues while creating a Cache rule, we recommend verifying if y
 We recommend deleting any unwanted cache rules to avoid hitting the limit. 
 
 <!-- LINKS - External -->
-[create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
+[create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
+[az-keyvault-set-policy]: ../azure/key-vault/general/assign-access-policy.md#assign-an-access-policy
