Renumbering tabbed content

RoseHJM · RoseHJM · commit 556d1268b081 · 2024-09-23T19:55:58.000-04:00
diff --git a/articles/deployment-environments/how-to-configure-extensibility-model-custom-image.md b/articles/deployment-environments/how-to-configure-extensibility-model-custom-image.md
@@ -40,7 +40,7 @@ An [environment definition](configure-environment-definition.md) comprises at le
 ::: zone-end
 
 ::: zone pivot="pulumi"
-An [environment definition](configure-environment-definition.md) comprises at least two files: a Pulumi project file, Pulumi.yaml, and a manifest file named environment.yaml. It may also contain a user program written in your preferred programming language: C#, TypeScript, Python, etc. ADE uses containers to deploy environment definitions.
+An [environment definition](configure-environment-definition.md) comprises at least two files: a Pulumi project file, Pulumi.yaml, and a manifest file named environment.yaml. It might also contain a user program written in your preferred programming language: C#, TypeScript, Python, etc. ADE uses containers to deploy environment definitions.
 ::: zone-end
 
 ## Prerequisites
@@ -103,8 +103,6 @@ Creating a custom container image allows you to customize your deployments to fi
 
 After you complete the image customization, you must build the image and push it to your container registry. 
 
-### Create and customize a container image
-
 The ADE CLI is a tool that allows you to build custom images by using ADE base images. You can use the ADE CLI to customize your deployments and deletions to fit your workflow. The ADE CLI is preinstalled on the sample images. To learn more about the ADE CLI, see the [CLI Custom Runner Image reference](https://aka.ms/deployment-environments/ade-cli-reference).
 
 In this example, you learn how to build a Docker image to utilize ADE deployments and access the ADE CLI, basing your image off of one of the ADE authored images.
@@ -133,7 +131,7 @@ To create an image configured for ADE, follow these steps:
 1. Create operation shell scripts that use the Pulumi CLI.
 ::: zone-end
 
-#### 1. Create a custom image based on a sample image
+**1. Create a custom image based on a sample image**
 
 Create a DockerFile that includes a FROM statement pointing to a sample image hosted on Microsoft Artifact Registry. 
 
@@ -145,7 +143,7 @@ FROM mcr.microsoft.com/deployment-environments/runners/core:latest
 
 This statement pulls the most recently published core image, and makes it a basis for your custom image.
 
-#### 2. Install required packages
+**2. Install required packages**
 ::: zone pivot="arm-bicep"
 In this step, you install any packages you require in your image, including Bicep. You can install the Bicep package with the Azure CLI by using the RUN statement, as shown in the following example:
 
@@ -180,7 +178,7 @@ RUN curl -fsSL https://get.pulumi.com | sh
 ENV PATH="${PATH}:/root/.pulumi/bin"
 ```
 
-Depending on which programming language you intend to use for Pulumi programs, you might need to install one or more corresponding runtime. The Python runtime is already available in the base image.
+Depending on which programming language you intend to use for Pulumi programs, you might need to install one or more corresponding runtimes. The Python runtime is already available in the base image.
 
 Here's an example of installing Node.js and TypeScript:
 
@@ -195,7 +193,7 @@ The ADE sample images are based on the Azure CLI image, and have the ADE CLI and
 
 To install any more packages you need within your image, use the RUN statement.
 
-#### 3. Configure operation shell scripts
+**3. Configure operation shell scripts**
 
 Within the sample images, operations are determined and executed based on the operation name. Currently, the two operation names supported are *deploy* and *delete*.
 
@@ -211,7 +209,7 @@ RUN find /scripts/ -type f -iname "*.sh" -exec chmod +x {} \;
 
 ::: zone pivot="arm-bicep"
 
-#### 4. Create operation shell scripts to deploy ARM or Bicep templates
+**4. Create operation shell scripts to deploy ARM or Bicep templates**
 
 To ensure you can successfully deploy ARM or Bicep infrastructure through ADE, you must:
 1. Convert ADE parameters to ARM-acceptable parameters
@@ -319,7 +317,7 @@ echo "{\"outputs\": $deploymentOutput}" > $ADE_OUTPUTS
 
 ::: zone pivot="terraform"
 
-#### 4. Create operation shell scripts that use the Terraform CLI
+**4. Create operation shell scripts that use the Terraform CLI**
 
 There are three steps to deploy infrastructure via Terraform: 
 1. `terraform init` - initializes the Terraform CLI to perform actions within the working directory
@@ -407,7 +405,7 @@ export PULUMI_CONFIG_PASSPHRASE=
 pulumi login file://$ADE_STORAGE
 ```
 
-To log in to Pulumi Cloud instead, set your Pulumi access token as an environment variable, and run the following commands:
+To sign in to Pulumi Cloud instead, set your Pulumi access token as an environment variable, and run the following commands:
 
 ```bash
 export PULUMI_ACCESS_TOKEN=YOUR_PULUMI_ACCESS_TOKEN
@@ -459,18 +457,26 @@ echo "{\"outputs\": ${stackout:-{\}}}" > $ADE_OUTPUTS
 ```
 ::: zone-end
 
-## Make the custom image accessible to ADE
+## Make the custom image available to ADE
+
+In order to use custom images, you need to store them in a container registry. You can use a public container registry or a private container registry. Azure Container Registry (ACR) is highly recommended, due to its tight integration with ADE, the image can be published without allowing public anonymous pull access. You must build your custom container image and push it to a container registry to make it available for use in ADE. 
+
+It's also possible to store the image in a different container registry such as Docker Hub, but in that case it needs to be publicly accessible.
 
-You must build your custom container image and push it to a container registry to make it available for use in ADE.  
+> [!Caution]
+> Storing your container image in a registry with anonymous (unauthenticated) pull access makes it publicly accessible. Don't do that if your image contains any sensitive information. Instead, store it in Azure Container Registry (ACR) with anonymous pull access disabled. 
+
+To use a custom image stored in ACR, you need to ensure that ADE has appropriate permissions to access your image. When you create an ACR instance, it's secure by default and only allows authenticated users to gain access. 
 
 ::: zone pivot="arm-bicep,terraform"
-You can build your image using the Docker CLI, or by using a script provided by ADE.
 
 Select the appropriate tab to learn more about each approach.
 
-### [Build the image with Docker CLI](#tab/build-the-image-with-docker-cli/)
+### [Public registry](#tab/public-registry/)
 
-Before you build the image to be pushed to your registry, ensure the [Docker Engine is installed](https://docs.docker.com/desktop/) on your computer. Then, navigate to the directory of your Dockerfile, and run the following command:
+**1. Build the image**
+
+You can build your image using the Docker CLI. Ensure the [Docker Engine is installed](https://docs.docker.com/desktop/) on your computer. Then, navigate to the directory of your Dockerfile, and run the following command:
 
 ```docker
 docker build . -t {YOUR_REGISTRY}.azurecr.io/{YOUR_REPOSITORY}:{YOUR_TAG}
@@ -482,20 +488,7 @@ For example, if you want to save your image under a repository within your regis
 docker build . -t {YOUR_REGISTRY}.azurecr.io/customImage:1.0.0
 ```
 
-### Push the Docker image to a registry
-
-In order to use custom images, you need to store them in a container registry. You can use a public container registry or a private container registry. Azure Container Registry (ACR) is highly recommended for that. Due to its tight integration with ADE, the image can be published without allowing public anonymous pull access. 
-
-It's also possible to store the image in a different container registry such as Docker Hub, but in that case it needs to be publicly accessible.
-
-> [!Caution]
-> Storing your container image in a registry with anonymous (unauthenticated) pull access makes it publicly accessible. Don't do that if your image contains any sensitive information. Instead, store it in Azure Container Registry (ACR) with anonymous pull access disabled. 
-
-To use a custom image stored in ACR, you need to ensure that ADE has appropriate permissions to access your image. When you create an ACR instance, it's secure by default and only allows authenticated users to gain access. 
-
-To create  an instance of ACR, which can be done through the Azure CLI, the Azure portal, PowerShell commands, and more, follow one of the [quickstarts](/azure/container-registry/container-registry-get-started-azure-cli).
-
-#### Use a public registry with anonymous pull
+**2. Use a public registry with anonymous pull**
 
 To set up your registry to have anonymous image pull enabled, run the following commands in the Azure CLI:
 
@@ -511,12 +504,29 @@ When you're ready to push your image to your registry, run the following command
 ```docker
 docker push {YOUR_REGISTRY}.azurecr.io/{YOUR_IMAGE_LOCATION}:{YOUR_TAG}
 ```
+### [Private registry](#tab/private-registry/)
 
-#### Use ACR with secured access
+**1. Build the image**
+
+You can build your image using the Docker CLI. Ensure the [Docker Engine is installed](https://docs.docker.com/desktop/) on your computer. Then, navigate to the directory of your Dockerfile, and run the following command:
+
+```docker
+docker build . -t {YOUR_REGISTRY}.azurecr.io/{YOUR_REPOSITORY}:{YOUR_TAG}
+```
+
+For example, if you want to save your image under a repository within your registry named `customImage`, and upload with the tag version of `1.0.0`, you would run:
+
+```docker
+docker build . -t {YOUR_REGISTRY}.azurecr.io/customImage:1.0.0
+```
+
+**2. Use a private registry with secured access**
 
 By default, access to pull or push content from an Azure Container Registry is only available to authenticated users. You can further secure access to ACR by limiting access from certain networks and assigning specific roles.
 
-##### Limit network access
+To create  an instance of ACR, which can be done through the Azure CLI, the Azure portal, PowerShell commands, and more, follow one of the [quickstarts](/azure/container-registry/container-registry-get-started-azure-cli).
+
+**2.1 Limit network access**
 
 To secure network access to your ACR, you can limit access to your own networks, or disable public network access entirely. If you limit network access, you must enable the firewall exception *Allow trusted Microsoft services to access this container registry*.
 
@@ -533,7 +543,7 @@ To disable access from public networks:
 
    :::image type="content" source="media/how-to-configure-extensibility-bicep-container-image/container-registry-network-disable-public.png" alt-text="Screenshot of the ACR network settings, with Allow trusted Microsoft services to access this container registry and Save highlighted.":::
 
-##### Assign the AcrPull role
+**2.2 Assign the AcrPull role**
 
 Creating environments by using container images uses the ADE infrastructure, including projects and environment types. Each project has one or more project environment types, which need read access to the container image that defines the environment to be deployed. To access the images within your ACR securely, assign the AcrPull role to each project environment type. 
 
@@ -564,13 +574,14 @@ When you're ready to push your image to your registry, run the following command
 ```docker
 docker push {YOUR_REGISTRY}.azurecr.io/{YOUR_IMAGE_LOCATION}:{YOUR_TAG}
 ```
-
+---
 
 ## [Build a container image with a script](#tab/build-a-container-image-with-a-script/)
 
+Rather than building your custom image and pushing it to a container registry yourself, you can use a script to build and push it to a specified container registry. 
+
 [!INCLUDE [custom-image-script](includes/custom-image-script.md)]
 
----
 ::: zone-end
 
 ::: zone pivot="pulumi"
@@ -588,7 +599,7 @@ For example, if you want to save your image under a repository within your regis
 docker build . -t {YOUR_REGISTRY}.azurecr.io/customImage:1.0.0
 ```
 
-### Push the Docker image to a registry
+### Push the custom image to a registry
 
 In order to use custom images, you need to set up a publicly accessible image registry with anonymous image pull enabled. This way, Azure Deployment Environments can access your custom image to execute in our container.
 
@@ -600,7 +611,7 @@ You can use Pulumi to create an Azure Container Registry and publish your image
 
 #### Create an Azure Container Registry and publish your image manually via CLI
 
-In order to use custom images, you need to store them in a container registry. Azure Container Registry (ACR) is highly recommended for that. Due to its tight integration with ADE, the image can be published without allowing public anonymous pull access.
+In order to use custom images, you need to store them in a container registry. Azure Container Registry (ACR) is highly recommended, due to its tight integration with ADE, the image can be published without allowing public anonymous pull access.
 
 It's also possible to store the image in a different container registry such as Docker Hub, but in that case it needs to be publicly accessible.
 
diff --git a/articles/deployment-environments/includes/custom-image-script.md b/articles/deployment-environments/includes/custom-image-script.md
@@ -6,7 +6,7 @@ ms.author: rosemalcolm
 ms.date: 05/23/2024
 ---
 
-Microsoft provides a quickstart script to help you get started. The script builds your image and pushes it to a specified Azure Container Registry (ACR) under the repository `ade` and the tag `latest`. 
+Microsoft provides a quickstart script to help you build your custom image and push it to a registry. The script builds your image and pushes it to a specified Azure Container Registry (ACR) under the repository `ade` and the tag `latest`. 
 
 To use the script, you must:
 
