Azure Container Registry (ACR) - Part 1

This is the first post in a series of articles where I will show you how to manage an Azure Container Registry (ACR) with Azure PowerShell. In this first post, I want to show you how to create an ACR and use basic Docker commands with your ACR.

The Azure Container Registry (ACR) is a managed Docker registry service based on the open source Docker Registry. Using an ACR is useful for controlling where your images are stored and keeping them close to the application infrastructure.

Prerequisites>

Prerequisites #

This tutorial assumes that you already have a Microsoft Azure account configured.
You created a Resource Group for these resources, and the new ones deployed in this tutorial will join that group. If you want to know how to create a Resource Group, check out this link.
You must also have Docker installed locally. If you want to know how to install Docker on the Windows server, check out this link.

Azure PowerShell Workaround>

Azure PowerShell Workaround #

If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment and the resource’s properties.

$resourceGroupName = 'RG-DEMO-WE'
$location = 'westeurope'
$azcRegName = 'acrdemowe'

Check the name availability for the ACR>

Check the name availability for the ACR #

Before creating an ACR, you must first verify the availability of the desired container registry name. As this will be part of the URL (.azurecr.io) to access the service, it must be unique. To check availability, use the Test-AzContainerRegistryNameAvailability cmdlet with the following syntax.

Test-AzContainerRegistryNameAvailability -Name $azcRegName

Test-AzContainerRegistryNameAvailability

#

Create an Azure Container Registry>

Create an Azure Container Registry #

Once you have verified that the name is available, you can create the ACR using the New-AzContainerRegistry cmdlet with the following syntax.

New-AzContainerRegistry `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName `
    -Location $location `
    -Sku "Basic" `
    -EnableAdminUser `
    -Tag @{Environment="DEMO"}

#

The -SKU parameter allows the following values: Basic, Standard, and Premium.

Get the details of an Azure Container Registry>

Get the details of an Azure Container Registry #

To know the current ACR configuration, you should use the Get-AzContainerRegistry cmdlet with the following syntax.

Get-AzContainerRegistry `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName `
    -IncludeDetail

Update an Azure Container Registry>

Update an Azure Container Registry #

If you need to change your ACR settings, you should use the Update-AzContainerRegistry cmdlet as shown below. The following example changes the SKU of an ACR.

Update-AzContainerRegistry `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName `
    -Sku Premium

#

Azure Container Registry Credentials>

Azure Container Registry Credentials #

When creating an ACR instance, we have a user (the name of the ACR) and two passwords generated at creation. To obtain the credentials, you must use the Get-AzContainerRegistryCredential cmdlet with the following syntax.

$azcReg = Get-AzContainerRegistry `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName \
    -IncludeDetail

Get-AzContainerRegistryCredential -Registry $azcReg

#

Regenerates a login credential #

Suppose you want to generate new passwords, either because they are compromised or simply want to change them. You can perform this operation using the Update-AzContainerRegistryCredential cmdlet with the following syntax.

Update-AzContainerRegistryCredential `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName `
    -PasswordName "Password","Password2"

#

Docker Workaround>

Docker Workaround #

The method used in this demo to log in to the ACR instance is through the username and password. It is recommended to use an individual identity or a service principal for access to the ACR in production scenarios.

$azcReg = Get-AzContainerRegistry `
    -Name $azcRegName `
    -ResourceGroupName $resourceGroupName `
    -IncludeDetail

$creds = Get-AzContainerRegistryCredential -Registry $azcReg

Then run Docker login to log in using the stored credentials.

$creds.Password | docker login $azcReg.LoginServer -u $creds.Username --password-stdin

Once this is done, you can use the ACR instance just like an on-premises Docker Registry.

Docker tag>

Docker tag #

To push an image to an Azure container registry and not the central Docker registry, you must tag it with the registry hostname. In this example, I use an image from Nginx, and my (ACR) server name is: acrdemowe.azurecr.io

docker tag nginx acrdemowe.azurecr.io/nginx:v1

#

Docker push>

Docker push #

Now, push the image to the ACR instance.

docker push acrdemowe.azurecr.io/nginx:v1

#

Docker run>

Docker run #

Finally, you can pull and run the container image from your ACR using the Docker run command.

docker run -it --rm -p 8080:80 acrdemowe.azurecr.io/nginx:v1

In the next post, I will show you how to enable geo-replication on an Azure container registry. Thanks for reading my post. I hope you find it useful. If you want to know more about Azure Container Registry, check out this link: https://docs.microsoft.com/en-us/azure/container-registry/