Azure Hands-On - Build and store container images with Azure Container Registry (ACR)
Azure Learning Path for Cloud and DevOps Engineers
Table of contents
- 📝Introduction
- 📝Log in to the Azure Management Console
- 📝Prerequisites:
- 📝Setting an Azure Storage Account to Load Bash or PowerShell
- 📝Create an Azure container registry
- 📝Create a container image using Azure Container Registry Tasks
- 📝Deploy images from Azure Container Registry
- 📝Replicate a container image to different Azure regions
- 📝Clean up resources
📝Introduction
In this hands-on lab, we walked through the use of Azure Container Registry(ACR) which is private, and hosted in Azure, allowing us to build, store, and manage images for all types of container deployments.
Learning objectives:
Deploy an Azure container registry.
Build a container image using Azure Container Registry Tasks and deploy it to an Azure container instance.
Replicate the container image to multiple Azure regions.
📝Log in to the Azure Management Console
Using your credentials, make sure you're using the right Region. In my case, I am using the region eastus
in my Cloud Playground Sandbox.
📌Note: You can also use the VSCode tool or from your local Terminal to connect to Azure CLI
More information on how to set it up is at the link.
📝Prerequisites:
Update to PowerShell 5.1, if needed.
Install .NET Framework 4.7.2 or later.
Visual Code
Web Browser (Chrome, Edge)
Azure CLI installed
Azure subscription
Docker installed
📝Setting an Azure Storage Account to Load Bash or PowerShell
- Click the Cloud Shell icon
(>_)
at the top of the page.
- Click PowerShell.
- Click Show Advanced Settings. Use the combo box under Cloud Shell region to select the Region. Under Resource Group and Storage account(It's a globally unique name), enter a name for both. In the box under File Share, enter a name. Click ***Create storage (***if you don't have any yet).
📝Create an Azure container registry
Launch Azure Cloud Shell and sign in to your Azure account using the
az login
command.az login
Create a resource group <name_your_rg> to hold the resources for this module using the
az group create
command.Azure CLICopyOpen Cloud Shell
az group create --name <name_your_rg> --location <your_region>
It's a good practice define an environment variable, ACR_NAME, to hold your container registry name using the following command. The name must be unique within Azure and contain 5-50 alphanumeric characters. For more information, see Naming conventions for Azure resources.
ACR_NAME=<unique-acr-name>
Create an Azure container registry using the
az acr create
command.📌Note1: In this example, we deploy a premium registry SKU.
The premium SKU is required for geo-replication. I am using the credits of my Trial Subscription for that, so be aware of being charged.
📌Note2: Be aware of will not be able to use the az acr create comm
az acr create --resource-group <name_your_rg> --name $ACR_NAME --sku Premium
📝Create a container image using Azure Container Registry Tasks
Open the Cloud Shell editor and create a new file named Dockerfile using the
code
command. You can also fork from this repo.
code Dockerfile
Paste the following Dockerfile contents into the file.
This Dockerfile uses the
nginx:alpine
image as its base image. It configures the container to serve a custom Nginx default webpage on port 80 via the EXPOSE instruction.FROM nginx:alpine COPY index.html /usr/share/nginx/html EXPOSE 80
Save the file and close the editor.
Build the container image from the Dockerfile using the
az acr build
command.📌Note1: Make sure you add the period
(.)
to the end of the command. It represents the source directory containing the Dockerfile. Because we didn't specify the name of the file using the--file
parameter, the command looks for a file called Dockerfile in our current directory.📌Note2: Be aware that will not be able to use the
az acr build
command using the Trial Subscription. So, due to it I used the docker command to create my image and push to the ACRaz acr build --registry $ACR_NAME --image <image_name>:v1 . #Using Docker commands to build the image, tag and push to ACR docker build -t <image_name>:v1 . docker tag <image_name>:v1 $ACR_NAME.azurecr.io/<image_name>:v1 #Login on ACR to push the image docker login <acr_name>.azurecr.io docker push <acr_name>.azurecr.io/<image_name>:v1
Verify that the image has been created and stored in the registry using the
az acr repository list
command.az acr repository list --name $ACR_NAME --output table
Your output should look similar to the following example output:
Result ------------- <image_name>
📝Deploy images from Azure Container Registry
You can pull container images from Azure Container Registry using various container management platforms, such as Azure Container Instances, Azure Kubernetes Service, or Docker for Windows or Mac.
Registry authentication
Azure Container Registry doesn't support unauthenticated access and requires authentication for all operations. Registries support two types of identities:
Microsoft Entra identities, including both user and service principals. Access to a registry with a Microsoft Entra identity is role-based and you can assign identities one of three roles: reader (pull access only), contributor (push and pull access), or owner (pull, push, and assign roles to other users).
The admin account included with each registry. The admin account is disabled by default.
📌Note: The admin account provides a quick option to try a new registry. You can enable the account and use the username and password in workflows and apps that need access. After you've confirmed the registry works as expected, you should disable the admin account and use Microsoft Entra identities to ensure the security of your registry. Do not share the admin account credentials with others.
Enable the registry admin account
Enable the admin account on your registry using the
az acr update
command.az acr update -n $ACR_NAME --admin-enabled true
Retrieve the username and password for the admin account using the
az acr credential show
command.az acr credential show --name $ACR_NAME
Take note of the
username
andpassword
values in the output for use in future commands.
Deploy a container with Azure CLI
Deploy a container instance using the
az container create
command. Make sure you replace<admin-username>
and<admin-password>
with your admin username and password from the previous command.az container create --resource-group <name_your_rg> --name <container_name> --image $ACR_NAME.azurecr.io/<image_name>:v1 --registry-login-server $ACR_NAME.azurecr.io --ip-address Public --location <region> --registry-username <admin-username> --registry-password <admin-password>
Get the IP address of the Azure container instance using the
az container show
command.az container show --resource-group <name_your_rg> --name <container_name> --query ipAddress.ip --output table
In a separate browser tab, navigate to the IP address of the container. If everything is configured correctly, you should see the following web page:
📝Replicate a container image to different Azure regions
You can use Azure Container Registry to place a container registry in each region where images run.
Geo-replication enables a container registry to function as a single registry that serves several regions with multi-master regional registries.
A geo-replicated registry provides the following benefits:
Use single registry/image/tag names across multiple regions.
Network-close registry access from regional deployments.
No extra egress fees, as images are pulled from a local, replicated registry in the same region as the container host.
Single management of a registry across multiple regions.
Create a replicated region for an Azure Container Registry
Replicate your registry to another region using the
az acr replication create
command. In this example, we replicate to thefrancecentral
region.az acr replication create --registry $ACR_NAME --location <other_region>
Your output should look similar to the following condensed example output:
View all the container image replicas using the
az acr replication list
command.az acr replication list --registry $ACR_NAME --output table
Your output should look similar to the following example output:
You can also use the Azure portal to view your container images by navigating to your container registry and selecting
Replications
:📝Clean up resources
Remove the resources you created in this module to avoid incurring charges. Deleting the resource group also deletes all its associated resources.
Navigate to the Azure Cloud Shell.
Delete the resource group using the
az group delete
command.Azure CLICopyOpen Cloud Shell
az group delete --name <name_your_rg> --yes --no-wait
📌Note - At the end of each hands-on Lab, always clean up all resources previously created to avoid being charged.
Congratulations — you have completed this hands-on lab covering the basics of Build and store container images with Azure Container Registr(ACR) and use replication across other regions.
Thank you for reading. I hope you understood and learned something helpful from my blog.
Please follow me on Cloud&DevOpsLearn and LinkedIn, franciscojblsouza