Azure Container Registry
Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages private Docker container images and related artifacts. It enables you to build, store, and manage container images and artifacts, and to use them with all your container deployment solutions.
Key Features
- Private registry: Securely store and manage your container images.
- Geo-replication: Replicate registries across Azure regions for faster access and improved availability.
- Integration: Seamless integration with Azure services like Azure Kubernetes Service (AKS), Azure App Service, and Azure Container Instances (ACI).
- Security: Leverage Azure Active Directory (Azure AD) for authentication and role-based access control (RBAC).
- Image scanning: Integrated vulnerability scanning with Microsoft Defender for Cloud.
- Content trust: Sign container images using Docker Content Trust.
Getting Started
To get started with Azure Container Registry, you first need to create a registry instance. You can do this using the Azure portal, Azure CLI, or other Azure tools.
Using Azure CLI
Here's an example of how to create a basic ACR instance using the Azure CLI:
az acr create --resource-group myResourceGroup --name myContainerRegistry --sku Basic --location eastus
Replace myResourceGroup, myContainerRegistry, and eastus with your desired values.
--sku parameter determines the features and pricing tier of your registry. Options include Basic, Standard, and Premium.
Common Operations
Once your registry is created, you can perform various operations:
Log in to your registry
Before you can push or pull images, you need to log in:
az acr login --name myContainerRegistry
Tagging and pushing an image
Tag your local Docker image with your ACR login server name and then push it:
# Example: Tagging an image named 'my-app'
docker tag my-app myContainerRegistry.azurecr.io/my-app:v1.0
# Push the tagged image
docker push myContainerRegistry.azurecr.io/my-app:v1.0
Pulling an image
Pull an image from your registry:
docker pull myContainerRegistry.azurecr.io/my-app:v1.0
Geo-replication
Geo-replication allows you to replicate your ACR across multiple Azure regions. This improves performance for users in different locations and provides higher availability.
You can configure geo-replication through the Azure portal or the Azure CLI.
# Example: Replicate to West US
az acr replication create --registry myContainerRegistry --location westus
Standard or Premium SKU for enhanced performance, storage, and features like geo-replication and private link.
Use cases
- Storing custom container images for applications deployed on AKS, App Service, or ACI.
- Centralizing Docker images for CI/CD pipelines.
- Distributing containerized software securely.