Azure – Content Trust in ACR and Roles

Security and Authentication method – Content Trust

You need a container registry to start with


Content trust in Azure Container Registry

“Azure Container Registry implements Docker’s content trust model, enabling pushing and pulling of signed images.”
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust

Signing Role

ACRImageSigner     ( role is used for signing permissions)

AcrPush     ( role is used for ACR push)

For a list if built in roles and descriptions see here

Container registry roles see here


Azure CLI command to assign the ACRImageSigner role

az role assignment create –scope <registry ID> –role AcrImageSigner –assignee <user name>

ACR Tasks

Automate Container Image builds and ACR tasks info. An example use, for automating the build cycle. How “By executing az login with a service principal, your CI/CD solution could then issue az acr build commands to kick off image builds.”

Manage Resource Groups CLI

Azure CLI manage resource groups available here

Azure and Containers

What is a container?
A container is a live and running copy of an image which may have been customised.
An image is a read only copy of an image before it was running as a container

How do you implement containers in Azure

Two options, containers we deploy ourselves and containers Microsoft manage
Container can be running on Windows 2016 or Linux OS
CPU and Ram assigned to each individual container

Containers Limited security risk?
Microsoft offers Hyper-V running containers for those concerned
Azure container covers this way.
Others offer shared application containers.

Notes around Docker?
A docker file is like a script to build the container which takes a source and makes an app on an image, which makes a container as its running.

Docker has other tools: Docker toolbox, Docker client and Kitematic (GUI client)

How to Install Docker for Windows

https://docs.docker.com/docker-for-windows/install/

Quick install guide :
1) Navigate to https://docs.docker.com/docker-for-windows/install/#download-docker-for-windows
2) 
On the Install Docker for Windows page, click Get Docker for Windows (Stable).
3) When prompted whether to run or save Docker for Windows Installer.exe, click Run.
4) Once the installation completed, click Close and log out.
<https://github.com/MicrosoftLearning/20533-ImplementingMicrosoftAzureInfrastructureSolutions/blob/master/Instructions/20533D_LAB_AK_07.md>

Note
When you make a mistake deploying a docker-machine .. Ie.. Forget to enter a region… But the machine builds and you enter an error state.
Start again by removing the docker-machine

Launch CMD as admin : docker-machine rm “machine name”

 

Kubernetes
Kubernetes a management tools to for Docker. An alternative Docker Swarm for large scale
Deploy Kubernetes cluster for Linux containers

From <https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-walkthrough>

https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes

DCOS getting started with Kubernetes

https://kubernetes.io/docs/getting-started-guides/dcos/