Friday, April 19, 2024

Mashford's Musings

My thoughts and experiences from working within the Microsoft Cloud.

Azure 

Azure Container Registry: Public preview of Helm Chart Repositories and more

Anthony Mashford 0 Comments

With Azure Container Registry (ACR), you can easily store and manage container images for Azure deployments in a central registry. Today we are excited to add native Helm repository support and validation workflows, with ACR tasks and Docker’s content trust, to provide a more integrated container lifecycle management experience. 

  • ACR Helm Chart Repositories, available for public preview, provides Kubernetes Helm chart storage as an integrated service for container images and their deployment charts.
  • Docker Content Trust support, now in public preview, provides end-to-end validation of container images, from the time they’re built, to the location they’re deployed.
  • ACR OCI image support is now available in public preview, enabling the next generation of container image formats including BuildKit.
  • ACR tasks, previously announced as ACR build, provides a container execution capability enabling management and modification of the container images in ACR across the lifecycle of the container including build, run, push, and patch.

ACR Helm Repositories – Preview

Helm charts have become the common artifacts to define, install, and upgrade Kubernetes-based applications. Today, we are excited to share that Azure is the first public cloud to support ACR Helm Chart Repositories natively with a container registry, providing integrated security where the same credentials are shared between helm charts and container images. Coupled with ACR Geo-replication, Helm Repositories will be replicated together with multi-region Kubernetes deployments, providing network-close deployments with geo-distributed reliability, and with the same authentication used to pull the referenced images.

ACR Helm Repos GIF

Learn more from the ACR Helm Repositories.

Content Trust – Preview

As customers move to production, end-to-end validation of an image's integrity can be assured with ACR preview support of Docker Content Trust. Users can push signed images to ACR, verifying the validity upon pulling to the destined node.

Further enhancing the integrity of your images, ACR supports limiting the users and services who can push signed images to those who are authorized using the AcrImageSigner role.

For more information, see ACR Content Trust.

Open Container Initiative image format support – Preview

ACR now supports Open Container Initiative (OCI) images, enabling further evolution of containers standards and implementation.

ACR tasks

ACR tasks help you run, build, test, validate, and push container images securely and efficiently. ACR tasks can be manually invoked or triggered automatically, supporting rich parallel and sequential workflows to execute jobs defined within the container image, including the ability to patch container images. ACR tasks also provide isolation, enabling potentially conflicting technologies to be used together. Developers control what and how their tasks run with minimal dependency on specific OS versions or application framework versions.

Here are two examples of how ACR tasks can simplify developer experience from the primary phases of container development to operational patching:

  • Inner loop – As developers seek to validate their code changes, before committing to team source control, they can execute the equivalent of docker build within Azure: az acr build -t web:{{.Run.ID}} .

ACR Build GIF

  • Triggered execution – With an ACR task definition, execution can be triggered based on Git commits and Docker base image updates, with webhooks and Azure Event Grid coming soon. Base image triggered execution enables OS and framework patching, a fundamental challenge with how customers think about security in their deployments once code changes cease.

ACR Base Image Updates GIF

ACR tasks supports single-step definitions based on a Dockerfile, as well as multi-step tasks which you can execute concurrent and parallel workflows of build, cmd, and push steps. Single-step tasks based on a Dockerfile are now generally available, enabling OS and framework patching scenarios in production environments. Multi-step tasks, based on an acr-task.yaml file, are available in public preview.

ACR tasks support Windows and Linux images with ARM images available through QEMU.

For more information, see ACR tasks.

Availability and feedback

ACR tasks, Helm Repositories, and Content Trust are just the latest capabilities added to Azure’s commitment to simplifying your container lifecycle management. We continue to seek your feedback on existing features as well as ideas for product roadmap. Here’s a list of resources how you can use to engage with our team and provide feedback:

  • Roadmap – For visibility into our planned work.
  • UserVoice – To vote for existing requests or create a new request.
  • Feedback – To provide feedback, engage in discussion with the community.
  • Issues – To view existing bugs and issues, logging new ones.

Thanks,

Steve and the entire Azure Container Registry Team

Source: Azure Blog Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.