Azure Container Registry (ACR) is a platform that enables organizations to manage and deploy containers. It provides a registry for container images, a management interface for container deployments, and an API for managing containers. The Azure Container Registry platform was announced in February of this year and is currently in beta. The goal of the platform is to make it easier for organizations to manage their containers and improve their deployment process. To get started with Azure Container Registry, you first need to create an account and install the Azure Container Registry client on your workstation. After you have installed the client, you can create a new registry instance by using the following command: azure-container-registry create –name myregistry –location “westeurope” Once you have created your registry instance, you can use the following commands to manage your containers: azure-container-registry list –name mycontainer –state “active” azure-container-registry delete mycontainer azure-container-registry add mycontainer azure-container-registry get mycontainer azure-container-registry put myContainer into production


In software development, it seems that no matter where you go, no matter who you talk to, containers are the new normal. If you’re not developing them or migrating your application already, you’re building supporting systems that use them to support a legacy application. Containers are everywhere.

However, this means that as an engineer, you will need to put your containers somewhere. In the old days, this meant building an artifact of some kind, whether a binary or an archive, then writing it to a disc or a file share and distributing it. In the container ecosystem, it’s going to be a container registry, and the artifacts you build are going to be container images.

Ideally, a container registry would be somewhere secure that could automate some of the work for you, such as container scanning and trigger actions on each commit or on a schedule. Fortunately, Azure has you covered with all of the above with the Azure Container Registry, or ACR for short.

Prerequisites

To follow along, you’ll need the following:

An Azure Account A container to push and pull from the repository (Optional) A PowerShell terminal that’s authenticated to Azure or a CloudShell instance

The container doesn’t have to be anything more than hello-world because this is a tutorial about container registries, not containers themselves. If you’re not familiar with Docker or containers, you can learn more about them here.

Creating the Registry

The first thing you’ll need to do is create a registry, first using the Azure Portal, then using Azure PowerShell.

Using the Portal

Go to “Create A Resource,” then look under Containers > Container Registry.

You’ll then be asked to fill out some information about which storage account and subscription to put the registry in. It’s considered a best practice to put the registry in the same region that you’ll be deploying containers to.

Once it’s provisioned, go to the resource page and look for the “Access Keys” tab. From here, make sure to enable the “Admin User” option so you can log in using the CLI later on.

Using Azure PowerShell

With Azure PowerShell, this is done with one line, either on a CloudShell instance or a locally authenticated PowerShell console with the Azure PowerShell module installed.

New-AzContainerRegistry -ResourceGroupName -Name -EnableAdminUser

You can then use the Get-AzContainerRegistry cmdlet to list the registries associated with your tenant. You’ll still need the LoginServer property to push your image to the registry, but you can pull this from Azure PowerShell shown in the rest of the demo.

As long as you included the -EnableAdminUser flag, you’ll also be able to use the Get-AzContainerRegistryCredential cmdlet to get the login credentials for the next step.

Pushing the Image to ACR

Now that the registry and the user for it are set up, it’s time to log in and push an image to it. You can log in by using the docker login command. If you’re using a script, make sure the credentials aren’t displayed in plain text, by passing them like this, or using Azure Key Vault.

If you are doing it manually, then just running docker login and replace “ “with the value from “Login Server” under the Access Keys tab from earlier, then the admin username and password.

Now that you’re logged in, you can push and pull container images from the repository as much as you like. Once you have built or pulled a container locally, use the docker tag command to add the registry URL and version tag to the image, then the docker push command to push it to ACR. It should look something like this:

With the image in ACR, you can use the docker pull from any authenticated device to pull the image down and run it.

Summary

By now, you should be familiar with how to set up a registry in ACR using the Azure portal or Azure PowerShell, as well as how to push and pull containers from it.

From here, you can look into enabling Container vulnerability scanning with Azure Security Center or automation using ACR Tasks.