#azure (2022-02)

azure

Archive: https://archive.sweetops.com/azure/

2022-02-01

SomberWolf avatar
SomberWolf
01:12:20 PM

Hopefully this is not a silly question but, I am fairly new to Azure and basically I have a Resource Group with a VNet, subnet and default NSG. I have deployed a Vuln Scanner VM into this VNet. The thing I am confused by is that there is NO public IP or NAT Gateway associated with the VM, the VNet or any network interface associated with said VNet. However the Vuln Scanner VM can go outbound directly to the internet. My one thought is that because the VNet is peered with another VNet that does have outbound access that it is routing through that… However when I look at “Effective Routes” in the Network Interface it shows all traffic going directly to the internet instead of through the VNet Peering. Does anyone have any thoughts on how my VM is getting outbound?

geertn avatar
geertn
01:38:00 PM

That’s the default outbound method, you get NAT outbound a random IP

geertn avatar
geertn
01:38:06 PM

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access

Default outbound access in Azure - Azure Virtual Network

Learn about default outbound access in Azure.

geertn avatar
geertn
01:38:56 PM

This gives a good overview: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

SomberWolf avatar
SomberWolf
01:41:01 PM

Ah ok, that seems crazy to me but hey it seems like the answer. I really appreciate it! Im going to put up something better now like the NAT Gateway.

1

2022-02-16

75devendrasahu avatar
75devendrasahu
01:51:56 PM

Hi Team,

I want to create Azure Container Registry, how should I design it for organization so it will be at best and easy to handle

Thanks

geertn avatar
geertn
01:54:34 PM

What are your requirements?

75devendrasahu avatar
75devendrasahu
01:56:55 PM

We have some images and chart that need to be pushed thier and use them through private endpoint. My confusion us that I didn’t use private repo, so looking for structure I would organize it. As SP or ad user and authentication

geertn avatar
geertn
01:59:13 PM

From where will you consume the images

75devendrasahu avatar
75devendrasahu
02:00:09 PM

We will use azure devop for pushing images and charts, pulling OCP

geertn avatar
geertn
02:11:31 PM

Unless you have other specific requirements, for AZDO I’d setup a service connection to the ACR and use that in your pipeline. Alternatively create a SP and use that to login to the ACR and upload your artifacts.

From OCP (Openshift I assume) you use a pull secret as described here https://docs.microsoft.com/en-us/azure/openshift/howto-use-acr-with-aro

Use Azure Container Registry with Azure Red Hat OpenShift

Learn how to pull and run a container from Azure Container Registry in your Azure Red Hat OpenShift cluster.

75devendrasahu avatar
75devendrasahu
02:33:30 PM

Also want to do content trust and signing We will using ado for pipelines And how we can use sp one for developer that they can push only, and other for devops team for pull push and delete and other

geertn avatar
geertn
02:38:36 PM

I haven’t worked with Content trust.

For AZDO service connection you can grant access per pipeline. For humans you will create role assignments per group or user:

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli

Registry roles and permissions - Azure Container Registry

Use Azure role-based access control (Azure RBAC) and identity and access management (IAM) to provide fine-grained permissions to resources in an Azure container registry.

75devendrasahu avatar
75devendrasahu
02:39:09 PM

Okay

2022-02-23

Gavin Stevens avatar
Gavin Stevens
09:59:46 PM

wave Hello, Azure!

wave1
wave2
    keyboard_arrow_up