Azure Container Registry (ACR) - Part 1

Azure Container Registry (ACR) - Part 1

‍

This is the first post in a series of articles where I will show you how to manage an Azure Container Registry (ACR) with Azure PowerShell. In this first post, I want to show you how to create an ACR and how to use basic Docker commands with your ACR.

The Azure Container Registry (ACR) is a managed Docker registry service based on the open source Docker Registry. Using an ACR is useful for controlling where your images are stored and keeping them close to the application infrastructure.

Prerequisites

• This tutorial assumes that you already have a Microsoft Azure account configured.
• You created a Resource Group for these resources and the new ones deployed in this tutorial will join that group. If you want to know how to create a Resource Group, check out this link.
• You must also have Docker installed locally. if you want to know how to install Docker in the Windows server, check out this link.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.

If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you're ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource's properties.

$resourceGroupName = 'RG-DEMO-WE'
$location = 'westeurope'
$azcRegName = 'acrdemowe'

Check the name availability for the ACR

Before creating an ACR, you must first verify the availability of the desired container registry name. As this will be part of the URL (<ACRName>.azurecr.io) to access the service, it must be unique. To check availability, use the Test-AzContainerRegistryNameAvailability cmdlet with the following syntax.

Test-AzContainerRegistryNameAvailability -Name $azcRegName

Create an Azure Container Registry

Once you have verified that the name is available, you can create the ACR using the New-AzContainerRegistry cmdlet with the following syntax.

New-AzContainerRegistry -Name $azcRegName `
                        -ResourceGroupName $resourceGroupName `
                        -Location $location `
                        -Sku "Basic" `
                        -EnableAdminUser `
                        -Tag @{Environment="DEMO"}

The -SKU parameter allows the following values: Basic, Standard, and Premium.

Get the details of an Azure Container Registry

To know the current ACR configuration, you should use the Get-AzContainerRegistry cmdlet with the following syntax.

Get-AzContainerRegistry -Name $azcRegName `
                        -ResourceGroupName $resourceGroupName `
                        -IncludeDetail

Update an Azure Container Registry

If you need to change your ACR settings, you should use the Update-AzContainerRegistry cmdlet as shown below. The following example changes the SKU of an ACR.

Update-AzContainerRegistry -Name $azcRegName `
                          -ResourceGroupName $resourceGroupName `
                          -Sku Premium

Azure Container Registry Credentials

When creating an ACR instance, we have a user (the name of the ACR) and two passwords generated at the time of creation. To obtain the credentials you must use the Get-AzContainerRegistryCredential cmdlet with the following syntax.

$azcReg = Get-AzContainerRegistry -Name $azcRegName `
                        -ResourceGroupName $resourceGroupName `
                        -IncludeDetail

Get-AzContainerRegistryCredential -Registry $azcReg

Regenerates a login credential

If you want to generate new passwords, either because they are compromised, or you simply want to change them. You can perform this operation using the Update-AzContainerRegistryCredential cmdlet with the following syntax.

Update-AzContainerRegistryCredential -Name $azcRegName `
                                -ResourceGroupName $resourceGroupName `
                                -PasswordName "Password","Password2"

Docker Workaround

The method used in this demo to log in to the ACR instance is through the username and password. In production scenarios, it is recommended to use an individual identity or a service principal for access to the ACR.

$azcReg = Get-AzContainerRegistry -Name $azcRegName `
                                -ResourceGroupName $resourceGroupName `
                                -IncludeDetail

$creds = Get-AzContainerRegistryCredential -Registry $azcReg

Then run Docker login to log in using the stored credentials.

$creds.Password | docker login $azcReg.LoginServer -u $creds.Username --password-stdin

Once this is done, you can use the ACR instance just like an on-premises Docker Registry.

Docker tag

To push an image to an Azure container registry and not the central Docker registry you must tag it with the registry hostname. In this example, I use an image from Nginx and my (ACR) server name is: acrdemowe.azurecr.io

docker tag nginx acrdemowe.azurecr.io/nginx:v1

Docker push

Now, push the image to the ACR instance.

docker push acrdemowe.azurecr.io/nginx:v1

Docker run

Finally, you can pull and run the container image from your ACR using the Docker run command

docker run -it --rm -p 8080:80 acrdemowe.azurecr.io/nginx:v1

In the next post, I will show you how to enable geo-replication on an Azure container registry.

Thanks for reading my post. I hope you find it useful.

If you want to know more about Azure Container Registry, check out this link: https://docs.microsoft.com/en-us/azure/container-registry/