#azure (2022-02)

azure

Archive: https://archive.sweetops.com/azure/

2022-02-01

SomberWolf avatar
SomberWolf

Hopefully this is not a silly question but, I am fairly new to Azure and basically I have a Resource Group with a VNet, subnet and default NSG. I have deployed a Vuln Scanner VM into this VNet. The thing I am confused by is that there is NO public IP or NAT Gateway associated with the VM, the VNet or any network interface associated with said VNet. However the Vuln Scanner VM can go outbound directly to the internet. My one thought is that because the VNet is peered with another VNet that does have outbound access that it is routing through that… However when I look at “Effective Routes” in the Network Interface it shows all traffic going directly to the internet instead of through the VNet Peering. Does anyone have any thoughts on how my VM is getting outbound?

geertn avatar

That’s the default outbound method, you get NAT outbound a random IP

SomberWolf avatar
SomberWolf

Ah ok, that seems crazy to me but hey it seems like the answer. I really appreciate it! Im going to put up something better now like the NAT Gateway.

1

2022-02-16

75devendrasahu avatar
75devendrasahu

Hi Team,

I want to create Azure Container Registry, how should I design it for organization so it will be at best and easy to handle

Thanks

geertn avatar

What are your requirements?

75devendrasahu avatar
75devendrasahu

We have some images and chart that need to be pushed thier and use them through private endpoint. My confusion us that I didn’t use private repo, so looking for structure I would organize it. As SP or ad user and authentication

geertn avatar

From where will you consume the images

75devendrasahu avatar
75devendrasahu

We will use azure devop for pushing images and charts, pulling OCP

geertn avatar

Unless you have other specific requirements, for AZDO I’d setup a service connection to the ACR and use that in your pipeline. Alternatively create a SP and use that to login to the ACR and upload your artifacts.

From OCP (Openshift I assume) you use a pull secret as described here https://docs.microsoft.com/en-us/azure/openshift/howto-use-acr-with-aro

Use Azure Container Registry with Azure Red Hat OpenShift

Learn how to pull and run a container from Azure Container Registry in your Azure Red Hat OpenShift cluster.

75devendrasahu avatar
75devendrasahu

Also want to do content trust and signing We will using ado for pipelines And how we can use sp one for developer that they can push only, and other for devops team for pull push and delete and other

geertn avatar

I haven’t worked with Content trust.

For AZDO service connection you can grant access per pipeline. For humans you will create role assignments per group or user:

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli

Registry roles and permissions - Azure Container Registry

Use Azure role-based access control (Azure RBAC) and identity and access management (IAM) to provide fine-grained permissions to resources in an Azure container registry.

75devendrasahu avatar
75devendrasahu

Okay

2022-02-23

Gavin Stevens avatar
Gavin Stevens

wave Hello, Azure!

wave1
wave2
    keyboard_arrow_up