Azure Container Registry Overview
You will need to be familiar with Azure Container Registry (ACR), the managed container image registry, if you are taking the AZ-204 Azure Developer Associate certification exam.
This is some of the exam preparation notes I have taken for the Azure Container Registry service.
You can check out my other exam prepation notes for other Azure services covered on the AZ-204 exam here.
Explain the features and benefits Azure Container Registry offers
| Feature | Benefit |
|---|---|
| Container image hosting within private repositories | Securing your container images |
| Support for tagging and versioning of container images | Traceability |
| Windows and Linux image support | Compatibility |
| Open Container Initiative (OCI) Image Format Specification support | Compatibility |
| Open Container Initiative (OCI) artifact support | Compatibility |
| Deploy to Azure services | Continous Delivery |
| Geo-replication | High Availibility |
| Zone redundancy | High Availibility |
| Webhooks | Automation |
| ACR Tasks - Quick Tasks | Develop Docker images with Docker Engine |
| ACR Tasks - Automatically Triggered Tasks - On Source Update | Enable Continous Integration |
| ACR Tasks - Automatically Triggered Tasks - On Base Image Update | Enable Continous Integration |
| ACR Tasks - Automatically Triggered Tasks - On Schedule | Enable Continous Integration |
| ACR Tasks - Multi-Step Tasks | Enable Continous Integration |
| Access control | Security |
| Transfers container images over HTTPS and support for TLS | Security - Encryption in Transit |
| Encryption at Rest | Security - Encryption at Rest |
ACR supports images using the Open Container Initiative (OCI) Image Format Specification including:
- Docker
- Podman
- CRI-O
ACR supports Open Container Initiative (OCI) artifacts such as:
- Helm Charts
- Software Bill of Materials (SBOM)
- Digital signatures
- Provenance data
- Attestations
- Vulnerability reports
ACR Service Tiers:
- Basic
- Standard
- Premium
You can Deploy Container Images from Azure Container Registry to Azure services such as:
- Azure Container Instances
- Azure Container Apps
- Azure Kubernetes Service (AKS)
- App Service
- Batch
- Service Fabric
Access can be controlled to Azure Cotnainer Registry via:
- An Azure identity
- A Microsoft Entra service principal
- An admin account
- Use Azure role-based access control (RBAC) to assign ACR permissions
Describe how to use ACR Tasks to automate builds and deployments
ACR Tasks can automate updates to container images within Azure Container Registry based on three types of triggers.
- Source Code Updates
- Base Image Updates
- On a schedule
Explain the elements in a Dockerfile
- The Dockerfile is a text file with the name ‘Dockerfile’ which is used to build your code into a docker image
- The Dockerfile includes keywords such as; FROM, COPY, RUN, WORKDIR, ARG, ENV, EXPOSE, CMD
- FROM specifies the base image you want to build your application on top of
- WORKDIR sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD commands
- COPY copies files from your source directory into the Docker image
- RUN executes a command to run on the Docker image
- CMD specifies the command that will be run when the Docker image is run as a container
- ENV sets environment variables in the Docker image
- EXPOSE describes which TCP or UDP ports the Docker container will listen on
- A full list of keywords supported in the Dockerfile are available in the Dockerfile reference
Dockerfile Example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
FROM python:3.11-slim
WORKDIR /app
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get -qq update \
&& apt-get -qq install --no-install-recommends \
ffmpeg curl\
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
COPY . .
CMD ["python3", "main.py"]
Build and run an image in the ACR by using Azure CLI
Dockerfile
1
FROM hello-world
Instructions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# create the registry
az login
az group create --name cloudengineerskills-acr-cli-rg --location eastus
az acr create --resource-group cloudengineerskills-acr-cli-rg --name cloudengineerskillscliacr --sku Basic
az acr repository list --name cloudengineerskillscliacr --output table
# build and push the container image
az acr build --image hello-world:v1 --registry cloudengineerskillscliacr --file Dockerfile .
# run the container
az acr repository list --name cloudengineerskillscliacr --output table
az acr run --registry cloudengineerskillscliacr --cmd 'cloudengineerskillscliacr.azurecr.io/hello-world:v1' /dev/null
# clean up resources
az group delete --resource-group cloudengineerskills-acr-cli-rg
Further Reading
- Microsoft Azure Container Registry documentation
- Azure Container Registry service tier features and limitations
- Azure Guide on Manage OCI Artifacts and Supply Chain Artifacts with ORAS
- Dockerfile reference
- Azure CLI reference for Azure Container Registry
- Microsoft Learn Tutorial Pushing Container Image to ACR
Container Image Registry Alternatives
- Docker Hub
- Amazon Elastic Container Registry (ECR)
- Google Container Registry (GCR)
- GitLab Container registry
- JFrog Artifactory
- Harbor
This post is licensed under
CC BY 4.0
by the author.