Provision Azure services

Background
In order to understand the various Snyk integration points to Azure, we are going to deploy and configure some supporting resources. The objective for these exercises is to demonstrate how Snyk secures your workloads. We will provide basic patterns intended for use in learning environments. For a deeper dive and learning more about Azure, we suggest referencing Microsoft's self-paced training modules.
Deploy Azure Container Registry (ACR)
The following examples are based on an Azure Quickstart for deploying ACR using the CLI. We will deploy an Azure Container Registry instance using the Azure CLI, then tag and push container images into the registry.
Create a resource group
We begin by creating an Azure resource group to logical organize the resources we will deploy and manage. Here, we will also define the location where our resources will run in Azure. In this case, we will deploy to the eastus location. From your terminal, run the following command:
az group create --name mySnykACRResourceGroup --location eastus
When successfully completed, you will see output similar to the following:
{
  "id": "/subscriptions/<guid>/resourceGroups/mySnykACRResourceGroup",
  "location": "eastus",
  "managedBy": null,
  "name": "mySnykACRResourceGroup",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}
You can also validate the creation of the resource group in the Azure portal as illustrate below:
Create the ACR instance
Next, we are going to create a registry named mySnykContainerRegistry in our recently created mySnykACSResourceGroup.
az acr create \
--resource-group mySnykACRResourceGroup \
--name mySnykContainerRegistry \
--sku Basic
Once the deployment completes the CLI will return a lengthy JSON response containing details about your registry. You will want to make a note of the loginServer value as that will be needed later on for authentication.
{- Finished ..
  "adminUserEnabled": false,
  "creationDate": "<timestamp>",
  "dataEndpointEnabled": false,
  "dataEndpointHostNames": [],
  "encryption": {
    "keyVaultProperties": null,
    "status": "disabled"
  },
  "id": "/subscriptions/<guid>/resourceGroups/mySnykACRResourceGroup/providers/Microsoft.ContainerRegistry/registries/mySnykContainerRegistry",
  "identity": null,
  "location": "eastus",
  "loginServer": "mysnykcontainerregistry.azurecr.io",
  "name": "mySnykContainerRegistry",
  "networkRuleSet": null,
  "policies": {
    "quarantinePolicy": {
      "status": "disabled"
    },
    "retentionPolicy": {
      "days": 7,
      "lastUpdatedTime": "<timestamp>",
      "status": "disabled"
    },
    "trustPolicy": {
      "status": "disabled",
      "type": "Notary"
    }
  },
  "privateEndpointConnections": [],
  "provisioningState": "Succeeded",
  "resourceGroup": "mySnykACRResourceGroup",
  "sku": {
    "name": "Basic",
    "tier": "Basic"
  },
  "status": null,
  "storageAccount": null,
  "tags": {},
  "type": "Microsoft.ContainerRegistry/registries"
}
You can also view this within the Azure portal:
Log in to registry
We will need to log in to the registry before performing any operations such as docker push or docker pull. To do so, run the following command:
az acr login --name mySnykContainerRegistry
The command will return Login Succeeded if you provided the correct values.

Securing ACR

Building container images

Last modified 3mo ago

Export as PDF

Copy link

Edit on GitHub

On this page

Background

Deploy Azure Container Registry (ACR)

Create a resource group

Create the ACR instance