Docker's popularity has caused top public cloud providers to create container registries to store, manage and deploy...
Docker images. Microsoft Azure has jumped on the bandwagon with Azure Container Registry.
Azure provides many options to run containers in the cloud. The Azure Container Service, for example, enables you to scale and orchestrate containers across a fleet of managed VMs with Kubernetes, DC/OS or Docker Swarm. Azure Service Fabric provides a platform to build microservices powered by containers. Even the Azure App Service can host and run containers.
All of these services make it easier for teams to run containers on Azure, but there's another core dependency. Containers are based on images, and those images need a place to live. Azure Container Registry, a cloud-based repository built on the open source Docker Registry 2.0, gives Azure users a place to store container images inside a private registry close to their deployments.
Other key features of Azure Container Registry
When a container host needs to spin up a container, and the image doesn't exist locally, it pulls it from a container registry. Unfortunately, this pull operation can create network latency.
If you run Docker containers in Azure, you can reduce this latency, since the Azure Container Registry uses Azure storage under the hood. Provision your entire container infrastructure in the same Azure region to ensure your image repositories are in the same data center as the container hosts.
In addition to registry-specific admin accounts, the Azure Container Registry supports Azure Active Directory (AD) authentication. Teams can set up an Azure AD service principal to use with the docker login command to push and pull images to the registry. A service principal is essentially an Azure AD application that can access a service based on the explicit permissions that Azure admins define. As different team members come and go, you won't have to change individual administrator permissions.
Start using Azure Container Registry
In the Azure Portal, click on + New and search the marketplace for Azure Container Registry.
Select Azure Container Registry and click Create. You'll see the Azure Container Registry blade.
As you can see in Figure 2, you need to provide a globally unique registry name. Select a subscription and resource group. As shown in Figure 2, you can enable an admin to create a registry-specific admin account, which is required if you do not want to set up an Azure AD service principal.
You can also create a managed registry. This feature is currently in preview, and it's similar to the managed disks feature for VMs. If you enable a managed registry, you do not have to create and maintain the Azure storage account where your images live.
Finally, the pricing tier determines the available storage capacity and costs. The standard offering provides 100 GB of available storage, along with a daily cost that varies per region. In this example, the standard tier would run $0.334 per day in the West Central U.S. region.
How to work with Azure Container Registry
Once you provision the Azure Container Registry, use the docker login command to authenticate and to push and pull container images. For this example, we'll use a registry-specific admin account instead of an Azure AD service principal.
To find the admin user details, go to your resource group and click on the Azure Container Registry instance. Under settings, click on access keys. You'll see a screen like the one in Figure 3.
In this example, the username is SearchCloudComputing. The system generates two passwords that you can change if you click on the regenerate button just to the right of the password. Also, note the Login server. The host portion of the fully qualified domain name is the name of your Azure Container Registry instance.
First, as an example, run the following command using the Docker client:
docker login searchcloudcomputing.azurecr.io -u SearchCloudComputing -p 7=sIcX79QTjf=5OuROzQEQX51C=Bt=QJ
Next, pull down an image from the Docker hub. In this example, we're using Docker on Windows Server, so pull down the nano server image with the following command:
docker pull microsoft/nanoserver
From there, you can build your own image and push it to your Azure Container Registry instance. Alternatively, you can create a new tag for this base image with the following command:
docker tag microsoft/nanoserver searchcloudcomputing.azurecr.io/myimages/nanoserver
This command creates an alias for the existing image that contains your Azure Container Registry login server name, a repository name -- which is called myimages in this case -- and the image name.
Now, use the docker push command to upload your first container image into a new repository called myimages in your Azure Container Registry instance.
docker push searchcloudcomputing.azurecr.io/myimages/nanoserver
After you run this command, navigate to the Repositories section of your Azure Container Registry resource in the Azure Portal to see your image.
From now on, you can pull this image down to any container host.
First, you need to authenticate with the docker login command. To pull down the image, use the docker pull command.
docker pull searchcloudcomputing.azurecr.io/myimages/nanoserver
There are concurrency limits for push and pull operations. Currently, Azure Container Registry supports 10 concurrent pulls and five concurrent pushes per registry.
Learn key terminology for containers in the cloud
Take a peek at emerging Azure services
Dive deeper into Docker with this essential guide