While Azure Container Registry (ACR) supports user and headless-service account authentication, customers have expressed their requirements for limiting public endpoint access. Customers can now limit registry access within an Azure Virtual Network (VNet), as well as whitelist IP addresses and ranges for on-premises services.
VNet and Firewall rules are supported with virtual machines (VM) and Azure Kubernetes Services (AKS).
Choosing between private and PaaS registries
As customers move into production, their security teams have a checklist they apply to production workloads, one of which is limiting all public endpoints. Without VNet support, customers had to choose between standalone products, or OSS projects they could run and manage themselves. This puts a larger burden on the customers to manage the storage, security, scalability, and reliability a production registry requires.
With VNet and Firewall rules, customers can achieve their security requirements, while benefiting from integrated security, secured at rest, geo-redundant, and geo-replicated PaaS Container Registry. Thus, freeing up their resources to focus on the unique business problems they face.
Azure Container Registry PaaS, enabling registry products
The newest VNet and Firewall rule capabilities of ACR are just the latest set of capabilities in container lifecycle management. ACR provides core primitives that other registry or CI/CD products may build upon. Our goal with ACR isn’t to compete with our partners, rather enable them with core cloud capabilities, allow them to focus on the higher level, unique capabilities each offer.
Getting started
Using the Azure CLI, or the Azure portal, customers can follow our documentation for configuring VNet and Firewall rules.
VNet and Firewall rules preview pricing
During preview, VNet and Firewall rules will be included in the Azure Container Registry’s Premium Tier.
Preview and general availability dates
As of March 18, 2019, VNet and Firewall rules are available for public preview in all 25 public cloud regions. General availability (GA) will be based on a curve of usage and feedback.