You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/deployment-environments/how-to-configure-extensibility-generic-container-image.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ In this article, you learn how to build custom container images to deploy your [
17
17
18
18
An environment definition comprises at least two files: a template file, like *azuredeploy.json*, and a manifest file named *environment.yaml*. ADE uses containers to deploy environment definitions, and natively supports the Azure Resource Manager (ARM) and Bicep IaC frameworks.
19
19
20
-
The ADE extensibility model enables you to create custom container images to use with your environment definitions. By using the extensibility model, you can create your own custom container images, and store them in a public container registry like DockerHub, or a private container registry like Azure Container Registry (ACR). You can then reference these images in your environment definitions to deploy your environments.
20
+
The ADE extensibility model enables you to create custom container images to use with your environment definitions. By using the extensibility model, you can create your own custom container images, and store them in a container registry like Azure Container Registry (ACR) or Docker Hub. You can then reference these images in your environment definitions to deploy your environments.
21
21
22
22
The ADE team provides a selection of images to get you started, including a core image, and an Azure Resource Manager (ARM)/Bicep image. You can access these sample images in the [Runner-Images](https://aka.ms/deployment-environments/runner-images) folder.
In order to use custom images, you need to store them in a registry. You can use a public container registry like DockerHub, or the Azure Container Registry (ACR), which is a private registry.
137
+
In order to use custom images, you need to store them in a registrylike Azure Container Registry (ACR) or Docker Hub.
138
138
139
139
To use a custom image stored in a public registry, you need to enable anonymous image pull. This way, Azure Deployment Environments can access your custom image to execute in our container.
140
140
141
141
> [!Caution]
142
142
> Enabling anonymous (unauthenticated) pull access makes all registry content publicly available for read (pull) actions.
143
143
144
-
To use a custom image stored in the ACR, you need to ensure that ADE has appropriate permissions to access your image. When you create an ACR instance, it's secure by default and only allows authenticated users to gain access. With this configuration, you don't have to enable anonymous pull access.
144
+
To use a custom image stored in ACR, you need to ensure that ADE has appropriate permissions to access your image. Anonymous pull access is disabled by default in ACR.
By default, access to pull or push content from an Azure container registry is only available to authenticated users. You can further secure access to ACR by limiting access from certain networks and assigning specific roles.
164
+
By default, access to pull or push content from an Azure Container Registry is only available to authenticated users. You can further secure access to ACR by limiting access from certain networks and assigning specific roles.
165
165
166
166
##### Limit network access
167
167
168
-
To secure network access to your ACR, you can limit access to your own networks, or disable public network access entirely. If you limit network access, you must enable the firewall exception *Allow trusted Microsoft services to access this container registry*. ADE uses the Azure Container Instances service, which is a trusted Microsoft service.
168
+
To secure network access to your ACR, you can limit access to your own networks, or disable public network access entirely. If you limit network access, you must enable the firewall exception *Allow trusted Microsoft services to access this container registry*.
0 commit comments