{"results":[{"id":"acr-five-authentication-methods","text":"ACR supports five authentication methods: individual Microsoft Entra identity, service principal, managed identity, admin user, and non-Microsoft Entra token-based permissions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-premium-enterprise-feature-gate","text":"ACR gates all enterprise capabilities behind Premium SKU: geo-replication, private link (up to 200 endpoints), content trust, customer-managed keys, and 2.5x higher storage limits (100 TiB vs 40 TiB for Basic/Standard).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-premium-exclusive-features","text":"ACR Premium-exclusive features include: geo-replication, private link, content trust, customer-managed keys, connected registries, artifact streaming, retention policies, dedicated agent pools, IP access rules, export policies, and artifact transfer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-premium-exclusive-features-list","text":"ACR Premium-exclusive features: geo-replication, private link (up to 200 endpoints), content trust, customer-managed keys, connected registries, artifact streaming, retention policies, dedicated agent pools, IP access rules, export policies, artifact transfer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-premium-only-features","text":"ACR Premium-exclusive features include geo-replication, content trust (image tag signing), private endpoints, customer-managed keys, connected registries, artifact streaming, retention policies, dedicated agent pools, IP access rules, export policies, and artifact transfer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-untagged-manifest-retention-policy","text":"Untagged (dangling/orphaned) container images in ACR can be managed via a retention policy for untagged manifests.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-untagged-manifests-retention-policy","text":"Untagged (dangling/orphaned) container images in ACR can be managed via a retention policy for untagged manifests.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-api-server-guard-throttles-non-system","text":"The API Server Guard (`aks-managed-apiserver-guard`) is a FlowSchema and PriorityLevelConfiguration that throttles non-system client requests under high load while allowing system-critical calls (e.g., kubelet) to continue.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-api-server-guard-throttling","text":"The `aks-managed-apiserver-guard` FlowSchema is a last-resort throttling mechanism that throttles non-system client requests to protect the API server under high load; system-critical calls like kubelet continue normally.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apiserver-guard-throttles-non-system","text":"The AKS API server guard (`aks-managed-apiserver-guard`) is a FlowSchema and PriorityLevelConfiguration that throttles non-system client requests under high load while allowing system-critical calls (e.g., kubelet) to continue.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-apiserver-guard-throttling","text":"The aks-managed-apiserver-guard FlowSchema is a last-resort throttling mechanism that throttles non-system client requests to protect the API server under high load; system-critical calls (e.g., kubelet) continue normally.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-control-plane-managed-by-azure","text":"The AKS control plane (kube-apiserver, etcd, kube-scheduler, kube-controller-manager, cloud-controller-manager) is fully managed by Azure; users manage only worker nodes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-default-outbound-access-retirement-march-2026","text":"Default outbound internet access for AKS-managed VNet clusters retires March 31, 2026 (defaultOutboundAccess=false); BYO VNet clusters are unaffected.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-default-storage-class-managed-csi","text":"AKS default storage class is `managed-csi` backed by Standard SSD LRS","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-etcd-secrets-encryption-customer-keys","text":"Secrets stored in etcd can be encrypted at rest using customer-managed keys via AKS KMS etcd encryption.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-istio-service-mesh-addon","text":"AKS offers an Istio-based service mesh add-on as a managed option.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-managed-disks-encrypted-at-rest","text":"AKS node storage uses Azure Managed Disks with automatic encryption at rest.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-managed-helm-prefix","text":"AKS manages Helm releases prefixed with `aks-managed` and labels managed components with `kubernetes.azure.com/managedby: aks`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-managed-helm-releases-prefix","text":"AKS-managed Helm releases use the `aks-managed` prefix; increasing revision counts on these are expected and safe.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aks-managed-os-disk-sizing-by-vcpu","text":"AKS managed OS disk defaults scale by vCPU count: 1-7→P10/128G, 8-15→P15/256G, 16-63→P20/512G, 64+→P30/1024G","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":193,"limit":20,"offset":0}