Introduction to Azure Container Registry (ACR)

by Tom Vaidyanin Azure, Containerization, DevOps, Docker, Microsofton Posted on

As containerized applications continue to dominate modern software development, managing and distributing container images efficiently has become crucial. Azure Container Registry (ACR) is Microsoft’s fully managed Docker registry service, designed to store and manage container images and artifacts used in Azure-based solutions.

In this blog post, we’ll explore what Azure Container Registry is, its key features, how to set it up, and best practices for using it effectively.

What is Azure Container Registry?

Azure Container Registry is a private container registry that enables you to store and manage container images for Kubernetes, Azure App Services, and other docker container-based solutions. It provides seamless integration with Azure Kubernetes Service (AKS), Azure App Service, Azure Functions, and Azure Container Apps.

  • With ACR, you can:
  • Store and manage docker container images.
  • Automate image builds with ACR Tasks.
  • Use security and compliance features like content trust and scanning.
  • Integrate with CI/CD pipelines to streamline deployments.

Key Features of Azure Container Registry

  1. Private and Secure Registry
    • Unlike public registries (e.g., Docker Hub), ACR allows you to store container images securely with Azure Active Directory (AAD) authentication.
    • Supports role-based access control (RBAC) for fine-grained permissions.
  2. Geo-Replication
    • Multi-region deployment: Syncs images across different Azure regions to reduce latency and improve availability.
    • Useful for global applications that need quick access to container images.
  3. ACR Tasks (Automated Builds and Patch Updates)
    • Automate container image builds and updates with triggers for GitHub, Azure DevOps, or Dockerfile changes.
    • Automatically rebuild images when base images are updated.
  4. Helm Chart Repository
    • ACR also supports Helm charts, enabling you to store, manage, and deploy Kubernetes applications.
  5. Content Trust and Security Scanning
    • Microsoft Defender for Containers can scan container images for vulnerabilities.
    • Content trust ensures only verified images are pulled and deployed.
  6. Integration with Azure Services
    • Works seamlessly with Azure Kubernetes Service (AKS), Azure Functions, Azure App Service, and Azure DevOps.

Setting Up an Azure Container Registry

Step 1: Create an ACR Instance

You can create an ACR instance via the Azure Portal, Azure CLI, or Terraform.

Using Azure CLI:

az acr create --resource-group myResourceGroup --name myContainerRegistry --sku Standard
  • Replace myResourceGroup with your Azure Resource Group.
  • Replace myContainerRegistry with a unique registry name.
  • Choose an SKU (Basic, Standard, Premium).

Step 2: Log In to ACR

Once the registry is created, authenticate using Azure CLI:

az acr login --name myContainerRegistry

Step 3: Push a Docker Image to ACR

Tag your local Docker image with the ACR registry name:

docker tag myapp:latest mycontainerregistry.azurecr.io/myapp:v1

Push the image to ACR:

docker push mycontainerregistry.azurecr.io/myapp:v1

Step 4: Pull the Image

To pull the image from ACR, use:

docker pull mycontainerregistry.azurecr.io/myapp:v1

Integrating ACR with Kubernetes (AKS)

To allow Azure Kubernetes Service (AKS) to pull images from ACR, you need to grant access:
Attach ACR to AKS Cluster

az aks update -n myAKSCluster -g myResourceGroup --attach-acr myContainerRegistry

Deploy a Pod Using an ACR Image

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: mycontainerregistry.azurecr.io/myapp:v1
        ports:
        - containerPort: 80

Apply the deployment: 

kubectl apply -f myapp-deployment.yaml

Best Practices for Using Azure Container Registry

Use Premium SKU for Production: The Premium SKU offers geo-replication and better performance for enterprise workloads.

Enable Content Trust & Security Scanning: Microsoft Defender for Containers can automatically scan container images for vulnerabilities.

Use ACR Tasks for Automated Builds: Avoid manually pushing images and instead use ACR Tasks to build and update images automatically.

Leverage Azure RBAC for Access Control: Grant fine-grained access using Azure Role-Based Access Control (RBAC) to ensure only authorized users can push/pull images.

Clean Up Old Images: Use ACR Retention Policies to delete unused images and reduce storage costs.

az acr repository delete --name myContainerRegistry --repository myapp --tag v1

Closing Thoughts

Azure Container Registry is a powerful and secure solution for managing container images in the cloud. Whether you’re running Kubernetes, serverless workloads, or CI/CD pipelines, ACR provides a seamless, scalable, and cost-effective way to store and manage container images.

By integrating ACR with AKS, Azure DevOps, and CI/CD pipelines, you can automate deployments, enhance security, and optimize performance.

If you’re working with containers in Azure, ACR is a must-have service to streamline your container workflows.

Leave a Comment

Your email address will not be published. Required fields are marked *