Azure Container Registry

Prior to Azure Container Registry, Docker Hub was the most well-known registry service for Docker images.

Azure Container Registry is an alternative repository to Docker Hub. A registry is a location on the internet that provides listings of images, along with facilities to upload and download the images on demand. There are two types of registries:

A public repository, as the name suggests, is public in nature and images from it can be downloaded and used by anyone. However, the upload of images to a public repository is discretionary and, depending on the provider, may or may not allow the upload of images.

On the other hand, private repositories are meant only for people who have access to the repository. They need to authenticate before they can upload or download images.

Docker Hub provides the ability to create user accounts, and these accounts can have public as well as private repositories.

In fact, Microsoft has accounts on Docker Hub as well, where all well-known Windows images are available. You can find all Microsoft images by executing the docker search Microsoft command, as shown in the following screenshot:

As mentioned before, Microsoft also provides an alternate registry as an Azure service, known as Azure Container Registry. It provides similar functionality to that of Docker Hub.

One advantage of using Azure Container Registry over Docker Hub is that if you are using an image from Azure Container Registry that is in the same Azure location that is hosting containers based on the image, the image can be downloaded faster using the Microsoft backbone network instead of going through the internet. For example, hosting a container on Azure Kubernetes Service whose source image is within Azure Container Registry will be much faster than Docker Hub.

Azure Container Registry is a managed service that will take care of all operational needs concerning images, such as storage and availability. Users do not have to bother with providing access URLs and can instead manage these images as blobs. It is the responsibility of Azure to take care of these images and their layers.

The beauty of Azure Container Registry is that it works with the Azure CLI, PowerShell, and the Azure portal. And it does not stop there: it also has high fidelity with the Docker command line. You can use Docker commands to upload and download images from Azure Container Registry instead of Docker Hub.

Let's now focus on how to work with Azure Container Registry using the Azure CLI:

  1. Obviously, the first task is to log into Azure using the az login command:
  1. If you have multiple subscriptions associated with the same login, select an appropriate subscription for working with Azure Container Registry:
  1. Create a new resource group for hosting a new instance of Azure Container Registry:
  1. The Azure CLI provides acr commands. Create a new instance of Azure Container Registry using the command:
az acr create
  1. You need to provide the SKU of Azure Container Registry, a name, and the name of a resource group. It can also optionally enable admin privileges.
  1. The SKUs available for Azure Container Registry are as follows:
    • Basic: This is not recommended for production scenarios and is more suitable for dev/test work. This is because the amount of resources available for storage and bandwidth is constrained compared to higher SKUs.
    • Standard: This has all features of Basic along with higher configuration and availability of resources. This is suitable for production deployments.
    • Premium: This, again, has all the features of the Standard SKU along with higher resource availability. This has additional features such as geo-replication.
    • Classic: This is not a managed service and the images stored using this SKU are stored on user-provided storage accounts. Users need to actively manage these storage accounts in terms of security, administration, and governance.
  1. The output from the following contains important information that is used quite frequently for uploading and downloading images. These include the loginServer and name properties. The username of Azure Container Registry is the same as its name:
  1. The service on the portal is configured as shown in the following screenshot:
  1. If admin is enabled, the credentials for the admin can be fetching using a command as shown in the following screenshot. There are two passwords generated, which can be used to swap when necessary. Login is needed for pushing images and is not required for pulling images from Azure Container Registry:
  1. Using the username and password data (which we have by now), it is possible to log into Azure Container Registry:
  1. You will need to log into Azure Container Registry if it is protected by password. The next task is to prepare local images such that they can be uploaded to Azure Container Registry. This preparation needs to tag the local images with the server name of the registry.
  2. The following screenshot shows a command in which a sample image named samplewebapp is tagged using the tag command to sampleappbooacr.azurecr.io/samplewebapp:latest. Here, sampleappbooacr.azurecr.io refers to the server name that was created earlier as part of the creation of the registry. Note that Docker commands are used for tagging the images:
  1. After tagging using the docker push command, the image can be pushed to Azure Container Registry:
  1. From now, it is possible to consume this image by anyone who has knowledge about the sampleappbookacr registry.

The registry on the portal is shown in the following screenshot:

  1. Create a container from the image that was just uploaded to Azure Container Registry. For this exercise, create a new virtual machine based on Windows Server 2016 or Windows 10 that has containers enabled, and execute the command, as shown in the following screenshot, to create a new container using the samplewebapp image from the samplewebappbookacr registry:
  1. It is important to note that even if the image is not locally available, the command will download the images while executing the command and then create a container out of it. The output from running the container is shown in the following screenshot:
  1. The result shown in the following screenshot displays that the web application is currently running:

The Dockerfile, and solution file used to create the local image, are available as part of the source code. It is also possible to upload the same image to Docker Hub.

  1. The first step is to have an account on Docker Hub. For this, a new account or an existing account can be used.
  2. After creating the account, log into your account.
  1. Create a new repository by selecting Create a Repository, as shown in the following screenshot:
  1. Provide a name and select a public repository:
  1. The next screenshot shows the command to be executed for pushing images to this repository:
  1. From your virtual machine containing the local image for samplewebapp, create a new tag. This is a similar exercise to that which we did for Azure Container Registry; however, this time, it is for Docker Hub:
  1. Using the Docker CLI, log into the Docker Hub:
  1. Finally, push the newly tagged image to Docker Hub using the docker push command:

Now this new image can be used at different hosts, including Azure App Services.