You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/container-registry-service-tag.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: "Service tags for Azure Container Registry"
3
-
description: "Learn and understand the service tags for Azure Container Registry. Service tags are used to define network access controls for Azure resources.."
3
+
description: "Learn and understand the service tags for Azure Container Registry. Service tags are used to define network access controls for Azure resources."
4
4
author: tejaswikolli-web
5
5
ms.author: tejaswikolli
6
6
ms.service: container-registry
@@ -13,13 +13,13 @@ ms.date: 04/30/2024
13
13
14
14
Service tags help set rules to allow or deny traffic to a specific Azure service. A service tag represents a group of IP address prefixes from a given Azure service. Service tags in Azure Container Registry (ACR), represents a group of IP address prefixes that can be used to access the service either globally or per Azure region. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules.
15
15
16
-
Azure Container Registry (ACR) generate network traffic originating from the ACR service tag for features such as Image import, Webhook, and ACR Tasks.
16
+
Azure Container Registry (ACR) generates network traffic originating from the ACR service tag for features such as Image import, Webhook, and ACR Tasks.
17
17
18
18
## Import container images to Azure Container Registry
19
19
20
-
ACR sends requests to the external registry service through service tag IP addresses to download the images. If the external registry service runs behind firewall, it needs to have inbound rule to allow ACR service tag IP addresses. These IPs are part of the AzureContainerRegistry service tag, which encompasses IP ranges necessary for importing images from public or Azure registries and is automatically updated by Azure. This is a security measure to maintain the registry's integrity and accessibility.
20
+
ACR sends requests to the external registry service through service tag IP addresses to download the images. If the external registry service runs behind firewall, it needs to have inbound rule to allow ACR service tag IP addresses. These IPs are part of the AzureContainerRegistry service tag, which encompasses IP ranges necessary for importing images from public or Azure registries automatically updates Azure. Configuring a security measure to maintain the registry's integrity and accessibility.
21
21
22
-
When configuring a firewall for an Azure registry, ACR server sends requests on its service tag IP addresses. For the scenarios mentioned in [Firewall access rules](container-registry-firewall-access-rules.md), customers can configure the firewall outbound rule to allow access to ACR service tag IP addresses.
22
+
When you configure a firewall for a registry, ACR server sends requests on its service tag IP addresses. For the scenarios mentioned in [Firewall access rules](container-registry-firewall-access-rules.md), customers can configure the firewall outbound rule to allow access to ACR service tag IP addresses.
23
23
24
24
Learn about [registry endpoints](container-registry-firewall-access-rules.md#about-registry-endpoints) to configure network security rules and allow traffic from the ACR service tag for image import in ACR.
25
25
@@ -35,13 +35,13 @@ For detailed steps on creating a webhook setup, refer to the [Azure Container Re
35
35
36
36
## ACR Tasks
37
37
38
-
ACR Tasks, such as when you’re building container images or automating workflows, the service tag represents the group of IP address prefixes that ACR uses. During the execution of tasks, Tasks send requests to external resources through service tag IP addresses. If the external resource runs behind firewall, it needs to have inbound rule to allow ACR service tag IP addresses. This is a common practice to ensure security and proper access management in cloud environments.
38
+
ACR Tasks, such as when you’re building container images or automating workflows, the service tag represents the group of IP address prefixes that ACR uses. During the execution of tasks, Tasks send requests to external resources through service tag IP addresses. If the external resource runs behind firewall, it needs to have inbound rule to allow ACR service tag IP addresses. Applying these inbound rules is a common practice to ensure security and proper access management in cloud environments.
39
39
40
40
Learn more about [ACR Tasks](container-registry-tasks.md) and how to use the service tag to set up [firewall access rules](container-registry-firewall-access-rules.md) for ACR Tasks.
41
41
42
42
## Best practices
43
43
44
-
* Configure and customize the network security rules to allow traffic from the AzureContainerRegistry service tag for features like image import, webhooks, and ACR Tasks specific to ACR feature, such as port numbers and protocols.
44
+
* Configure and customize the network security rules to allow traffic from the AzureContainerRegistry service tag for features like image import, webhooks, and ACR Tasks, such as port numbers and protocols.
45
45
46
46
* Set up firewall rules to permit traffic solely from IP ranges associated with ACR service tags for each feature.
0 commit comments