When planning your transition and adoption to a cloud platform, the modernization of your current applications using container technology is going to be part of the discussions, if not the main topic of your strategy. Microsoft Azure is a good place to run your containers. It has several offerings and developers can get help from the ecosystem to build their DevOps scenarios to deploy containers, using Microsoft Visual Studio, Windows Server, and Microsoft Azure. If you value consistency, having the same vendor to cover the development, hosting, and cloud solution is a vital point to be considered when planning your journey to the cloud. One of the first components that your company could start taking advantage of with Azure Cloud is the Registry. Azure has the Azure Container Registry (ACR) service, which is a private registry. It is a managed service, which means that your focus is what really matters: manage images in a private and secure registry taking advantage of Azure logging capabilities, RBAC (role based access control), replication, and high availability.
Creating the Azure Container Registry
We can use a variety of methods to deploy Azure Container Registry. In this article, we are going to use the easiest method, which is using the Azure Portal. Let’s go!
Logged in to the portal, click on Create a Resource, and type container on the search box, select Container Registry from the list. In the initial page, an overview of the service that we are about to start the creation of will be displayed. Click on Create.
In the Create container registry blade, we have two options that we need to pay some attention to: The first one is the unique name that will be used by the container registry, and the second is the SKU, which could be Basic (supports 10GB storage), Standard (100GB storage) or Premium (500GB storage and geo-replication capabilities. There are some differences in download and upload bandwidth limits for the SKUs, as well number of webhooks.
Select the Resource Group and Location, and click on Create when ready to continue.
All tiers (SKUs) have programmatic capabilities, Azure AD (Active Directory) integration, webhooks, image management, and support Windows and Linux images. The Premium with its geo-replication allows the user to retrieve the image from the closest datacenter. This is a great option for distributed users that need to access the registry.
After the Azure Container Registry creation, we can check it out on the Overview item. On the right side within the Essentials section, we will be able to check some key settings. The first one the Login Server, which is the name that we are going to use when using Docker Client, as well the location and SKU.
In the same location, we can check out the limits of the current SKUs and metrics as well.
Configuring replication
As part of being a managed service, the Azure Container Registry allows the use of replication when using the Premium SKU. It will keep all locations configured as replicas with the same content and when clients try to download the images, the closest location will be used.
To manage replications, click on Replications item located on the left side. A world map will be displayed, and the current region will be checked. Click on Add and select a new location. In our case, we are going to select Canada Central and then click on Create.
Note: The existent locations are automatically grayed out from the list.
After the replication is configured, we can click on the Refresh button located at the top of the same blade. The result will be our world map with Azure Regions spread around the globe with two checks, which are the datacenters that we selected as replicas.
Managing images
So far, we explored how to create an Azure Container Registry and some cool features such as replication. At this time, let’s focus more on the basics and find out how to push (upload) and pull (download) images from our private Azure Container Registry.
The first step is to retrieve our administrator username, which by default is the name of the registry and the password that is generated automatically during the creation. Similar to a storage account, an Azure Container Registry will have two keys to access the registry and they can be re-created at any time by using the “refresh” button located on the right of the password field.
Time to use Docker client to connect to the registry and play with images. The first step is to install the Azure CLI, which can be found here. It is a cross-platform command-line interface, which means that it is supported on pretty much anything: Linux, Windows, macOS, and even from a container if you like the idea. In this article, we are going to use the macOS to work with the images. (Although I’m using a Novell Netware theme in my shell session, I can assure you that it is a macOS.)
The first step is to run az login and on the new web browser page enter the Azure credentials to connect to the resources. After authentication, there will be a JSON output with your subscriptions and some information about them.
The second step is to connect on the Azure Container Registry, and for that, we will use Docker to log in using the Docker login -u <username> <RegistryURL>. This command in action against our registry is shown in the image below. We are going to use an existent local image to push our first image. To retrieve the list of existent images we can use Docker image list.
Since the Registry is empty, we will use one of the local images to push to the registry. When using a repository from the docker client we need to use the following syntax: RegistryName/RepositoryName:Version
When importing a local image, the first step is to define a tag, and we will use the following Docker client command docker tag <image> <Azure-Registry.azurecr.io>/<image>:<version>, and after executing that command, we can list the images again and we will have a new entry as depicted in the image below.
To push the image that we have just tagged, we can run the following Docker client command docker push <Azure-Registry-Name.azurecr.io>/<image>:<version> and that would be enough to push that given image to Azure Container Registry.
After pushing the first image, we can check out the results using Azure Portal. Logged in the Azure Portal, open the Azure Container Registry that we created at the beginning of this article, and then check the item Repositories, and we can see on the right side that the alpine image that we have just pushed should be already there. Click on it.
All tags will be listed on a new blade. Click on v10, which was what we defined, and on the new blade, we can check key information, such as repository name, tag name, platform and digest for that image, as well the manifest file, which is used when pulling and running containers.
Now that we have an image in our repository, it is time to pull to the local registry. Before doing that we deleted the image from the local registry, and we can see that on the first Docker image list command. To pull the image, just run docker pull <Azure-Name.azurecr.io>/<Image>:<version>, and to check the results we will run again Docker image list and at this time the image that was pulled from Azure Container Registry will be displayed, as depicted in the image below.
Taking advantage of Microsoft Azure, we were able to build a complete private Azure Container Registry to be used in your organization as a managed service where we just need to focus on what is important for the technology, which is the registry itself. No worries about building infrastructure and high availability to support it. And talking about high availability, the built-in replication available in the Premium SKU allows replication and easy access to container administrators.
Another key feature when using Azure Container Registry is the ability to use RBAC with your Active Directory information and get access to all the services recorded in Microsoft Azure.
