How to configure ACR with only Private network & Private SSL Certificate.

Hello @Atul Vishwakarma

To elaborate further on steps what is needed to do, there are multiple steps here.

1. Prepare your existing registry: Enable data endpoints and managed identities
2. Prepare your Azure Key Vault: This involves managing your certificates. Note that ACR custom domains are currently not supported where key vault access is restricted, but this is work in progress and will be available with system managed identities only.
3. Prepare your DNS zone: You would need to configure your DNS settings appropriately.

Please note that these are high-level steps and the actual process might involve more detailed steps. Also, keep in mind that this feature is in private preview and might not be available for all users.

Please note that using custom domains with Azure services often involves additional considerations around SSL/TLS certificates, DNS configuration, and potentially other Azure services like Azure Key Vault.

I hope this helps! If you have any other questions, feel free to ask.

If this answers your question, please mark this as answered.

Hello @Atul Vishwakarma !

Please follow these instructions

Those Public Endpoints remain as the DNS name of the ACR , more like a reference , but access is not possible

The link below has everything you need !

https://learn.microsoft.com/en-us/azure/container-registry/container-registry-private-link

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Hello Atul

To configure your Azure Container Registry (ACR) with a private network and expose it with private endpoints using a private DNS zone, you can follow these steps:

1. Set up a private endpoint: You can set up a private endpoint for your registry using the Azure portal or the Azure CLI. This feature is available in the Premium container registry service tier.
2. Disable public access: Navigate to your container registry in the Azure portal and select Settings > Networking. On the Public access tab, in Allow public network access, select Disabled. Then select Save.
3. Configure DNS settings for the registry’s private endpoints: This allows the settings to resolve to the registry’s allocated private IP address. With DNS configuration, clients and services in the network can continue to access the registry at the registry’s fully qualified domain name.
4. Configure access to ACR using Private Endpoint: This can be done by setting up a connection between the VM and ACR, and between the AKS and ACR.

Please note that once the public network access is disabled, instances of certain Azure services including Azure DevOps Services are currently unable to access the container registry. Private endpoints are not currently supported with Azure DevOps managed agents. You will need to use a self-hosted agent with network line of sight to the private endpoint.

If the registry has an approved private endpoint and public network access is disabled, repositories and tags can’t be listed outside the virtual network using the Azure portal, Azure CLI, or other tools.

If you still see public endpoints after following these steps, it might be due to some misconfiguration or delay in the update. Please double-check your settings and wait for a few minutes for the changes to take effect.

i hope this information helps you further.