Provision Azure services
Background
In order to understand the various Snyk integration points to Azure, we are going to deploy and configure some supporting resources. The objective for these exercises is to demonstrate how Snyk secures your workloads. We will provide basic patterns intended for use in learning environments. For a deeper dive and learning more about Azure, we suggest referencing Microsoft's self-paced training modules.
Deploy Azure Container Registry (ACR)
The following examples are based on an Azure Quickstart for deploying ACR using the CLI. We will deploy an Azure Container Registry instance using the Azure CLI, then tag and push container images into the registry.
Create a resource group
We begin by creating an Azure resource group to logical organize the resources we will deploy and manage. Here, we will also define the location where our resources will run in Azure. In this case, we will deploy to the
eastus location. From your terminal, run the following command:1
az group create --name mySnykACRResourceGroup --location eastus
Copied!
When successfully completed, you will see output similar to the following:
1
{
2
"id": "/subscriptions/<guid>/resourceGroups/mySnykACRResourceGroup",
3
"location": "eastus",
4
"managedBy": null,
5
"name": "mySnykACRResourceGroup",
6
"properties": {
7
"provisioningState": "Succeeded"
8
},
9
"tags": null,
10
"type": "Microsoft.Resources/resourceGroups"
11
}
Copied!
You can also validate the creation of the resource group in the Azure portal as illustrate below:
Create the ACR instance
Next, we are going to create a registry named
mySnykContainerRegistry in our recently created mySnykACSResourceGroup.1
az acr create \
2
--resource-group mySnykACRResourceGroup \
3
--name mySnykContainerRegistry \
4
--sku Basic
Copied!
Once the deployment completes the CLI will return a lengthy JSON response containing details about your registry. You will want to make a note of the
loginServer value as that will be needed later on for authentication.1
{- Finished ..
2
"adminUserEnabled": false,
3
"creationDate": "<timestamp>",
4
"dataEndpointEnabled": false,
5
"dataEndpointHostNames": [],
6
"encryption": {
7
"keyVaultProperties": null,
8
"status": "disabled"
9
},
10
"id": "/subscriptions/<guid>/resourceGroups/mySnykACRResourceGroup/providers/Microsoft.ContainerRegistry/registries/mySnykContainerRegistry",
11
"identity": null,
12
"location": "eastus",
13
"loginServer": "mysnykcontainerregistry.azurecr.io",
14
"name": "mySnykContainerRegistry",
15
"networkRuleSet": null,
16
"policies": {
17
"quarantinePolicy": {
18
"status": "disabled"
19
},
20
"retentionPolicy": {
21
"days": 7,
22
"lastUpdatedTime": "<timestamp>",
23
"status": "disabled"
24
},
25
"trustPolicy": {
26
"status": "disabled",
27
"type": "Notary"
28
}
29
},
30
"privateEndpointConnections": [],
31
"provisioningState": "Succeeded",
32
"resourceGroup": "mySnykACRResourceGroup",
33
"sku": {
34
"name": "Basic",
35
"tier": "Basic"
36
},
37
"status": null,
38
"storageAccount": null,
39
"tags": {},
40
"type": "Microsoft.ContainerRegistry/registries"
41
}
Copied!
You can also view this within the Azure portal:
Log in to registry
We will need to log in to the registry before performing any operations such as
docker push or docker pull. To do so, run the following command:1
az acr login --name mySnykContainerRegistry
Copied!
The command will return
Login Succeeded if you provided the correct values.Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub