diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 217804d..5c2503a 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -3,7 +3,7 @@ name: GH-Page Publish
on:
push:
branches:
- - master
+ - main
- test-pages
jobs:
diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
index eabcbce..ecf779d 100644
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -28,7 +28,7 @@ module.exports = {
{
title: 'Tasks',
collapsible: true,
- children: ['/tasks/container-registry-tasks-overview', '/tasks/run-as-deployment/', '/tasks/agentpool']
+ children: ['/tasks/container-registry-tasks-overview', '/tasks/run-as-deployment/', '/tasks/agentpool/']
},
{
title: 'Authentication',
@@ -40,13 +40,8 @@ module.exports = {
title: 'Integration',
collapsable: true,
sidebarDepth : 1,
- children : ['/integration/change-analysis/', ]
- },
- {
- title: 'Encryption',
- collapsable: true,
- children: ['/CMK/'],
- },
+ children : ['/integration/change-analysis/']
+ }
]
}
}
diff --git a/docs/blog/dedicated-data-endpoints.md b/docs/blog/dedicated-data-endpoints.md
deleted file mode 100644
index 1437ec9..0000000
--- a/docs/blog/dedicated-data-endpoints.md
+++ /dev/null
@@ -1,134 +0,0 @@
-# Azure Container Registry: Dedicated Data Endpoints – Mitigating Data Exfiltration
-
-Azure Container Registry announces dedicated data-endpoints, enabling tightly scoped client firewall rules to specific registries, minimizing data exfiltration concerns.
-
-Pulling content from a registry involves two endpoints:
-
-- **Registry endpoint**, often refereed as the *login url*, used for authentication and content discovery.
- A command like `docker pull contoso.azurecr.io/hello-world` makes a REST request which authenticates and negotiates the layers which represent the requested artifact.
-- **Data-endpoints** serve blobs representing content layers.
-
-
-
-## Registry Managed Storage Accounts
-
-Azure Container Registry is a multi-tenant service, where the data-endpoint storage accounts are managed by the registry service. There are many benefits for managed storage, such as load balancing, contentious content splitting, multiple copies for higher concurrent content delivery, and multi-region support with [geo-replication](https://aka.ms/acr/geo-replicatin).
-
-## Azure Private Link VNet Support
-
-Azure Container Registry recently announced [Private Link support](https://aka.ms/acr/privatelink), enabling private endpoints from Azure VNets to be placed on the managed registry service. In this case, both the registry and data-endpoints are accessible from within the VNet, using private IPs.
-
-The public endpoint can then be removed, securing the managed registry and storage accounts to access from within the VNet.
-
-
-
-Unfortunately, VNet connectivity isn’t always an option.
-
-## Client Firewall Rules & Data Exfiltration Risks
-
-When connecting to a registry from on-prem hosts, IoT devices, custom build agents, or when Private Link may not be an option, client firewall rules may be applied, limiting access to specific resources.
-
-
-
-As customers locked down their client firewall configurations, they realized they must create a rule with a wildcard for all storage accounts, raising concerns for data-exfiltration. A bad actor could deploy code that would be capable of writing to their storage account.
-
-To mitigate data-exfiltration concerns, Azure Container Registry is making dedicated data-endpoints available.
-
-
-
-## Dedicated Data-endpoints
-
-When dedicated data-endpoints are enabled, layers are retrieved from the Azure Container Registry service, with fully qualified domain names representing the registry domain. As any registry may become geo-replicated, a regional pattern is used:
-
-**[registry]**`.`**[region]**`.data.azurecr.io`.
-
-For the Contoso example, multiple regional data-endpoints are added supporting the local region with a nearby replica.
-
-With dedicated data-endpoints, the bad actor is blocked from writing to other storage accounts.
-
-
-
-## Enabling Dedicated Data-endpoints
-
-**Note:** Switching to dedicated data-endpoints will impact clients that have configured firewall access to the existing `*.blob.core.windows.net` endpoints, causing pull failures. To assure clients have consistent access, add the new data-endpoints to the client firewall rules. Once completed, existing registries can enable dedicated data-endpoints through the `az cli`, or the Azure portal.
-
-### Private Preview Configuration
-
-Until the Portal and az cli are enabled, customers can use the `az rest` api to enable dedicated data-endpoints.
-
-- Set the registry default
-
- ```sh
- az configure --defaults acr=demo42
- ```
-
-- Export the resource id of the registry
-
- ```sh
- export RESOURCE_ID=$(az acr show --query id -o tsv)
- ```
-
-- Execute the REST api with the `az rest` command
-
- ```sh
- az rest --method patch --uri "$RESOURCE_ID?api-version=2019-12-01-preview" --body "{ \"properties\":{\"dataEndpointEnabled\":true}}" -o json
- ```
-
- Look for:
-
- ```json
- "dataEndpointEnabled": true,
- "dataEndpointHostNames": [
- "demo42.eastus.data.azurecr.io",
- "demo42.westus.data.azurecr.io"
- ```
-
-### az CLI
-
-Using [az cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) version 2.4.0 or greater, run the [az acr update](https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-update) command:
-
-```sh
-az acr update --name contoso --data-endpoint-enabled
-```
-
-To view the data-endpoints, including regional endpoints for geo-replicated registries, use the az acr show-endpoints cli:
-
-```sh
-az acr show-endpoints --name contoso
-```
-
-outputs:
-
-```json
-{
- "loginServer": "contoso.azurecr.io",
- "dataEndpoints": [
- {
- "region": "eastus",
- "endpoint": "contoso.eastus.data.azurecr.io",
- },
- {
- "region": "westus",
- "endpoint": "contoso.westus.data.azurecr.io",
- }
- ]
-}
-```
-
-### Azure Portal
-
-> **NOTE**: The acr portal update `--data-endpoint-enabled` has not yet been released. Please use [Private Preview Configuration](#private-preview-configuration). This content will be updated when the portal is updated.
-
-Within the Azure Portal, select the Networking topic. Then, select the Data-endpoints tab to enable **dedicated data-endpoints**.
-
-
-
-## Summary
-
-[Private Link](https://aka.ms/acr/privatelink) is the most secure way to control network access between clients and the registry as network traffic is limited to the Azure network, using private IPs. When Private Link isn’t an option, dedicated data-endpoints can provide secure knowledge in what resources are accessible from each client.
-
-## Pricing
-
-Dedicated data-endpoints are a feature of premium registries.
-
-For more [information on dedicated data-endpoints](https://aka.ms/acr/dedicated-data-endpoints).
diff --git a/docs/dedicated-data-endpoints/dedicated-data-endpoints.md b/docs/dedicated-data-endpoints/dedicated-data-endpoints.md
deleted file mode 100644
index d28bc55..0000000
--- a/docs/dedicated-data-endpoints/dedicated-data-endpoints.md
+++ /dev/null
@@ -1,134 +0,0 @@
-# Azure Container Registry: Dedicated Data Endpoints – Mitigating Data Exfiltration
-
-Azure Container Registry announces dedicated data-endpoints, enabling tightly scoped client firewall rules to specific registries, minimizing data exfiltration concerns.
-
-Pulling content from a registry involves two endpionts:
-
-- **Registry endpoint**, often refereed as the *login url*, used for authentication and content discovery.
- A command like `docker pull contoso.azurecr.io/hello-world` makes a REST request which authenticates and negotiates the layers which represent the requested artifact.
-- **Data-endpoints** serve blobs representing content layers.
-
-
-
-## Registry Managed Storage Accounts
-
-Azure Container Registry is a multi-tenant service, where the data-endpoint storage accounts are managed by the registry service. There are many benefits for managed storage, such as load balancing, contentious content splitting, multiple copies for higher concurrent content delivery, and multi-region support with [geo-replication](https://aka.ms/acr/geo-replicatin).
-
-## Azure Private Link VNet Support
-
-Azure Container Registry recently announced [Private Link support](https://aka.ms/acr/privatelink), enabling private endpoints from Azure VNets to be placed on the managed registry service. In this case, both the registry and data-endpoints are accessible from within the VNet, using private IPs.
-
-The public endpoint can then be removed, securing the managed registry and storage accounts to access from within the VNet.
-
-
-
-Unfortunately, VNet connectivity isn’t always an option.
-
-## Client Firewall Rules & Data Exfiltration Risks
-
-When connecting to a registry from on-prem hosts, IoT devices, custom build agents, or when Private Link may not be an option, client firewall rules may be applied, limiting access to specific resources.
-
-
-
-As customers locked down their client firewall configurations, they realized they must create a rule with a wildcard for all storage accounts, raising concerns for data-exfiltration. A bad actor could deploy code that would be capable of writing to their storage account.
-
-To mitigate data-exfiltration concerns, Azure Container Registry is making dedicated data-endpoints available.
-
-
-
-## Dedicated Data-endpoints
-
-When dedicated data-endpoints are enabled, layers are retrieved from the Azure Container Registry service, with fully qualified domain names representing the registry domain. As any registry may become geo-replicated, a regional pattern is used:
-
-**[registry]**`.`**[region]**`.data.azurecr.io`.
-
-For the Contoso example, multiple regional data-endpoints are added supporting the local region with a nearby replica.
-
-With dedicated data-endpoints, the bad actor is blocked from writing to other storage accounts.
-
-
-
-## Enabling Dedicated Data-endpoints
-
-**Note:** Switching to dedicated data-endpoints will impact clients that have configured firewall access to the existing `*.blob.core.windows.net` endpoints, causing pull failures. To assure clients have consistent access, add the new data-endpoints to the client firewall rules. Once completed, existing registries can enable dedicated data-endpoints through the `az cli`, or the Azure portal.
-
-### Private Preview Configuration
-
-Until the Portal and az cli are enabled, customers can use the `az rest` api to enable dedicated data-endpoints.
-
-- Set the registry default
-
- ```sh
- az configure --defaults acr=demo42
- ```
-
-- Export the resource id of the registry
-
- ```sh
- export RESOURCE_ID=$(az acr show --query id -o tsv)
- ```
-
-- Execute the REST api with the `az rest` command
-
- ```sh
- az rest --method patch --uri "$RESOURCE_ID?api-version=2019-12-01-preview" --body "{ \"properties\":{\"dataEndpointEnabled\":true}}" -o json
- ```
-
- Look for:
-
- ```json
- "dataEndpointEnabled": true,
- "dataEndpointHostNames": [
- "demo42.eastus.data.azurecr.io",
- "demo42.westus.data.azurecr.io"
- ```
-
-### az CLI
-
-Using [az cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) version 2.4.0 or greater, run the [az acr update](https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-update) command:
-
-```sh
-az acr update --name contoso --data-endpoint-enabled
-```
-
-To view the data-endpoints, including regional endpoints for geo-replicated registries, use the az acr show-endpoints cli:
-
-```sh
-az acr show-endpoints --name contoso
-```
-
-outputs:
-
-```json
-{
- "loginServer": "contoso.azurecr.io",
- "dataEndpoints": [
- {
- "region": "eastus",
- "endpoint": "contoso.eastus.data.azurecr.io",
- },
- {
- "region": "westus",
- "endpoint": "contoso.westus.data.azurecr.io",
- }
- ]
-}
-```
-
-### Azure Portal
-
-> **NOTE**: The acr portal update `--data-endpoint-enabled` has not yet been released. Please use [Private Preview Configuration](#private-preview-configuration). This content will be updated when the portal is updated.
->
-Within the Azure Portal, select the Networking topic. Then, select the Data-endpoints tab to enable **dedicated data-endpoints**.
-
-
-
-## Summary
-
-[Private Link](https://aka.ms/acr/privatelink) is the most secure way to control network access between clients and the registry as network traffic is limited to the Azure network, using private IPs. When Private Link isn’t an option, dedicated data-endpoints can provide secure knowledge in what resources are accessible from each client.
-
-## Pricing
-
-Dedicated data-endpoints are a feature of premium registries.
-
-For more [information on dedicated data-endpoints](https://aka.ms/acr/dedicated-data-endpoints).
diff --git a/docs/dedicated-data-endpoints/media/portal-dedicated-data-endpoints.png b/docs/dedicated-data-endpoints/media/portal-dedicated-data-endpoints.png
deleted file mode 100644
index f46deb4..0000000
Binary files a/docs/dedicated-data-endpoints/media/portal-dedicated-data-endpoints.png and /dev/null differ
diff --git a/docs/dedicated-data-endpoints/media/registry-client-rules-all-storage.png b/docs/dedicated-data-endpoints/media/registry-client-rules-all-storage.png
deleted file mode 100644
index ac8752e..0000000
Binary files a/docs/dedicated-data-endpoints/media/registry-client-rules-all-storage.png and /dev/null differ
diff --git a/docs/dedicated-data-endpoints/media/registry-data-exfiltration.png b/docs/dedicated-data-endpoints/media/registry-data-exfiltration.png
deleted file mode 100644
index d354a4c..0000000
Binary files a/docs/dedicated-data-endpoints/media/registry-data-exfiltration.png and /dev/null differ
diff --git a/docs/dedicated-data-endpoints/media/registry-dedicated-data-endpoint.png b/docs/dedicated-data-endpoints/media/registry-dedicated-data-endpoint.png
deleted file mode 100644
index 806bd6d..0000000
Binary files a/docs/dedicated-data-endpoints/media/registry-dedicated-data-endpoint.png and /dev/null differ
diff --git a/docs/dedicated-data-endpoints/media/registry-dual-endpoints.png b/docs/dedicated-data-endpoints/media/registry-dual-endpoints.png
deleted file mode 100644
index bed0581..0000000
Binary files a/docs/dedicated-data-endpoints/media/registry-dual-endpoints.png and /dev/null differ
diff --git a/docs/dedicated-data-endpoints/media/registry-private-link.png b/docs/dedicated-data-endpoints/media/registry-private-link.png
deleted file mode 100644
index be48471..0000000
Binary files a/docs/dedicated-data-endpoints/media/registry-private-link.png and /dev/null differ
diff --git a/docs/tasks/agentpool/README.md b/docs/tasks/agentpool/README.md
index 837248d..73daa72 100644
--- a/docs/tasks/agentpool/README.md
+++ b/docs/tasks/agentpool/README.md
@@ -1,3 +1,7 @@
+---
+title: Agent Pools
+---
+
# Running ACR Tasks on Dedicated Agent Pools
## Introduction
diff --git a/docs/tasks/run-as-deployment/README.md b/docs/tasks/run-as-deployment/README.md
index 229a51a..daa2354 100644
--- a/docs/tasks/run-as-deployment/README.md
+++ b/docs/tasks/run-as-deployment/README.md
@@ -6,9 +6,9 @@ title: Deploy with ARM templates
The following set of samples show how to use an ARM template to execute various Task workflows.
-1. [Deploy a docker build on an existing registry](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/quickdockerbuild-on-existing-registry)
-1. [Deploy a docker build on an existing registry using identity and keyvault](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/quickdockerbuildusingidentitykeyvault)
-1. [Create a Registry and perform a docker build from a GitHub repository](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/quickdockerbuild)
-1. [Create a Registry and perform a docker build from a GitHub repository with a Managed Identity](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/quickdockerbuild)
-1. [Create a registry and schedule a quick task with task definition as an argument](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/quickrun)
-1. [Create a registry and schedule a predefined task](https://github.com/Azure/acr/tree/master/docs/tasks/run-as-deployment/taskrun)
\ No newline at end of file
+1. [Deploy a docker build on an existing registry](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/quickdockerbuild-on-existing-registry)
+1. [Deploy a docker build on an existing registry using identity and keyvault](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/quickdockerbuildusingidentitykeyvault)
+1. [Create a Registry and perform a docker build from a GitHub repository](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/quickdockerbuild)
+1. [Create a Registry and perform a docker build from a GitHub repository with a Managed Identity](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/quickdockerbuild)
+1. [Create a registry and schedule a quick task with task definition as an argument](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/quickrun)
+1. [Create a registry and schedule a predefined task](https://github.com/Azure/acr/tree/main/docs/tasks/run-as-deployment/taskrun)
\ No newline at end of file