Azure Hands-On - Build and store container images with Azure Container Registry (ACR)

Azure Hands-On - Build and store container images with Azure Container Registry (ACR)

Azure Learning Path for Cloud and DevOps Engineers

📝Introduction

In this hands-on lab, we walked through the use of Azure Container Registry(ACR) which is private, and hosted in Azure, allowing us to build, store, and manage images for all types of container deployments.

Learning objectives:

  • Deploy an Azure container registry.

  • Build a container image using Azure Container Registry Tasks and deploy it to an Azure container instance.

  • Replicate the container image to multiple Azure regions.

📝Log in to the Azure Management Console

Using your credentials, make sure you're using the right Region. In my case, I am using the region eastus in my Cloud Playground Sandbox.

📌Note: You can also use the VSCode tool or from your local Terminal to connect to Azure CLI

More information on how to set it up is at the link.

📝Prerequisites:

  • Update to PowerShell 5.1, if needed.

  • Install .NET Framework 4.7.2 or later.

  • Visual Code

  • Web Browser (Chrome, Edge)

  • Azure CLI installed

  • Azure subscription

  • Docker installed

📝Setting an Azure Storage Account to Load Bash or PowerShell

  • Click the Cloud Shell icon (>_) at the top of the page.

  • Click PowerShell.

  • Click Show Advanced Settings. Use the combo box under Cloud Shell region to select the Region. Under Resource Group and Storage account(It's a globally unique name), enter a name for both. In the box under File Share, enter a name. Click ***Create storage (***if you don't have any yet).

📝Create an Azure container registry

  1. Launch Azure Cloud Shell and sign in to your Azure account using the az login command.

     az login
    
  2. Create a resource group <name_your_rg> to hold the resources for this module using the az group create command.

    Azure CLICopyOpen Cloud Shell

     az group create --name <name_your_rg> --location <your_region>
    

    It's a good practice define an environment variable, ACR_NAME, to hold your container registry name using the following command. The name must be unique within Azure and contain 5-50 alphanumeric characters. For more information, see Naming conventions for Azure resources.

     ACR_NAME=<unique-acr-name>
    
  3. Create an Azure container registry using the az acr create command.

    📌Note1: In this example, we deploy a premium registry SKU.

    The premium SKU is required for geo-replication. I am using the credits of my Trial Subscription for that, so be aware of being charged.

    📌Note2: Be aware of will not be able to use the az acr create comm

     az acr create --resource-group <name_your_rg> --name $ACR_NAME --sku Premium
    

📝Create a container image using Azure Container Registry Tasks

  1. Open the Cloud Shell editor and create a new file named Dockerfile using the code command. You can also fork from this rep

    o.

     code Dockerfile
    

    Paste the following Dockerfile contents into the file.

    This Dockerfile uses the nginx:alpine image as its base image. It configures the container to serve a custom Nginx default webpage on port 80 via the EXPOSE instruction.

     FROM nginx:alpine
     COPY index.html /usr/share/nginx/html
     EXPOSE 80
    
  2. Save the file and close the editor.

  3. Build the container image from the Dockerfile using the az acr build command.

    📌Note1: Make sure you add the period (.) to the end of the command. It represents the source directory containing the Dockerfile. Because we didn't specify the name of the file using the --file parameter, the command looks for a file called Dockerfile in our current directory.

    📌Note2: Be aware that will not be able to use the az acr build command using the Trial Subscription. So, due to it I used the docker command to create my image and push to the ACR

     az acr build --registry $ACR_NAME --image <image_name>:v1 .
    
     #Using Docker commands to build the image, tag and push to ACR
     docker build -t <image_name>:v1 .
     docker tag <image_name>:v1 $ACR_NAME.azurecr.io/<image_name>:v1
     #Login on ACR to push the image
     docker login <acr_name>.azurecr.io
     docker push <acr_name>.azurecr.io/<image_name>:v1
    
  4. Verify that the image has been created and stored in the registry using the az acr repository list command.

     az acr repository list --name $ACR_NAME --output table
    

    Your output should look similar to the following example output:

     Result
     -------------
     <image_name>
    

📝Deploy images from Azure Container Registry

You can pull container images from Azure Container Registry using various container management platforms, such as Azure Container Instances, Azure Kubernetes Service, or Docker for Windows or Mac.

Registry authentication

Azure Container Registry doesn't support unauthenticated access and requires authentication for all operations. Registries support two types of identities:

  • Microsoft Entra identities, including both user and service principals. Access to a registry with a Microsoft Entra identity is role-based and you can assign identities one of three roles: reader (pull access only), contributor (push and pull access), or owner (pull, push, and assign roles to other users).

  • The admin account included with each registry. The admin account is disabled by default.

📌Note: The admin account provides a quick option to try a new registry. You can enable the account and use the username and password in workflows and apps that need access. After you've confirmed the registry works as expected, you should disable the admin account and use Microsoft Entra identities to ensure the security of your registry. Do not share the admin account credentials with others.

Enable the registry admin account

  1. Enable the admin account on your registry using the az acr update command.

     az acr update -n $ACR_NAME --admin-enabled true
    
  2. Retrieve the username and password for the admin account using the az acr credential show command.

     az acr credential show --name $ACR_NAME
    
  3. Take note of the username and password values in the output for use in future commands.

Deploy a container with Azure CLI

  1. Deploy a container instance using the az container create command. Make sure you replace <admin-username> and <admin-password> with your admin username and password from the previous command.

     az container create --resource-group <name_your_rg> --name <container_name> --image $ACR_NAME.azurecr.io/<image_name>:v1 --registry-login-server $ACR_NAME.azurecr.io --ip-address Public --location <region> --registry-username <admin-username> --registry-password <admin-password>
    

  2. Get the IP address of the Azure container instance using the az container show command.

     az container show --resource-group <name_your_rg> --name <container_name> --query ipAddress.ip --output table
    

  3. In a separate browser tab, navigate to the IP address of the container. If everything is configured correctly, you should see the following web page:

    📝Replicate a container image to different Azure regions

    You can use Azure Container Registry to place a container registry in each region where images run.

    Geo-replication enables a container registry to function as a single registry that serves several regions with multi-master regional registries.

    A geo-replicated registry provides the following benefits:

    • Use single registry/image/tag names across multiple regions.

    • Network-close registry access from regional deployments.

    • No extra egress fees, as images are pulled from a local, replicated registry in the same region as the container host.

    • Single management of a registry across multiple regions.

Create a replicated region for an Azure Container Registry

  1. Replicate your registry to another region using the az acr replication create command. In this example, we replicate to the francecentralregion.

     az acr replication create --registry $ACR_NAME --location <other_region>
    

    Your output should look similar to the following condensed example output:

  2. View all the container image replicas using the az acr replication list command.

     az acr replication list --registry $ACR_NAME --output table
    

    Your output should look similar to the following example output:

  3. You can also use the Azure portal to view your container images by navigating to your container registry and selecting Replications:

    📝Clean up resources

    Remove the resources you created in this module to avoid incurring charges. Deleting the resource group also deletes all its associated resources.

    1. Navigate to the Azure Cloud Shell.

    2. Delete the resource group using the az group delete command.

      Azure CLICopyOpen Cloud Shell

       az group delete --name <name_your_rg> --yes --no-wait
      

📌Note - At the end of each hands-on Lab, always clean up all resources previously created to avoid being charged.

Congratulations — you have completed this hands-on lab covering the basics of Build and store container images with Azure Container Registr(ACR) and use replication across other regions.

Thank you for reading. I hope you understood and learned something helpful from my blog.

Please follow me on Cloud&DevOpsLearn and LinkedIn, franciscojblsouza