Description:
Azure container registries by default accept connections over the internet
from hosts on any network. To protect your registries from potential threats,
allow access from only specific public IP addresses or address ranges. If your
registry doesn't have an IP/firewall rule or a configured virtual network, it
will appear in the unhealthy resources.
Solution/Reference:
To enable VNet/Firewall rules for a registry:
1. In the Azure Portal, navigate to your registry
in the portal
2. Under Networking settings, on the Public access
tab, select allow public access from 'Selected networks' instead of 'All
Networks'
3. Under Firewall, enter a public IP address, such
as the public IP address of a VM in a virtual network. Or, enter an address
range in CIDR notation that contains the VM's IP address
4. Select save.
Learn more about Container Registry network rules here: https://aka.ms/acr/portal/public-network and
here https://aka.ms/acr/vnet.
For more information, see: https://aka.ms/acr/portal/public-network and https://aka.ms/acr/vnet.
No comments:
Post a Comment