What is Azure Container Registry
Azure Container Registry is a service for storing and distributing and managing container images.
Azure Container Registry is based on the open source Docker registry.
You have unknowingly already used Docker registry in the form of Docker hub.
Docker hub is a public container registry as a service while Azure Container Registry is a private managed service provided by Microsoft providing similar functionality.
You can think of the container registry as version control for container images.
A developer pushes container images to container registry and an administrator pulls those images from the registry.
The container registry takes care of versioning of the images and helps manage the versions with tags.
Container registry is a fundamental building block for enabling distribution of container images.
Rather than uploading container images to servers directly from a development environment,
we often instrument our continuous deployment tools to pull images from container registry and place them on our servers.
Azure Container Registry comes with a set of features for security and high availability.
First, access to container registry can be controlled using Azure Active Directory and firewalls.
Second, repositories can be replicated across Azure data center regions.
And third, images can be signed using Docker Content Trust.
Instead of building the container images at the developer machine,
you can use Azure Container Registry to run Docker build commands in the cloud.
Azure Container Registry will then take the Dockerfile and the build context.
It doesn't need input. Build it into a container image and finally publish it to the registry.
Azure Container Registry supports automatically triggered tasks as well.
The tasks can be scheduled or based on some outside metrics such as changes in source code.
For example, Azure Container Registry can be configured to rebuild the application image when an update to the base image it uses is available on Docker hub.
Testing env OS: Ubuntu 18.4 which have Docker Engine installed using link
Install Azure CLI on Linux manually using below link
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Here we will learn below:-
1.How to build an docker image locally
2.Create the Azure Container Registry
3. Push a container to the Registry
4.Verify container registry images and check tagging has been done correctly
5. Run the image locally to verify operation
6. Run the image from Azure Web App Services.
7. stop and clean the local container which is in Azure container registry
8.Secure Access to ACR
1.How to build an docker image locally
you can quickly build your own mini-application image (see the app_example folder file):
https://drive.google.com/drive/folders/1oEQMbAPriXm__yjkA9mzlG8_wQi_H_Ll?usp=sharing
copy folder app_example to azuser folder>> winscp and paste into \home\azuser folder
https://drive.google.com/drive/folders/1oEQMbAPriXm__yjkA9mzlG8_wQi_H_Ll?usp=sharing
copy folder app_example to azuser folder>> winscp and paste into \home\azuser folder
go to app_example folder and run chmod 777 hostname.sh
Build the image
-->docker build app_example/ -t hostname:v11.Create the Azure Container Registry
Azure Container Registry (ACR) is an Azure-based private registry for Docker container images.
Lets create an ACR instance to store our application in, and upload our container app to the newly created registry.
First you'll need to create a resource group, which we will re-use for the rest of the course:
---> az group create --name RGP-USE-PLH-NP --location eastus
Now we can create an ACR instance:
-->az acr create --resource-group RGP-USE-PLH-NP --name rakakcourse28 --sku Basic
Login to your ACR instance:
--->az acr login --name rakakcourse28
Verify that you have a local copy of your application image:
-->docker images
We need to tag the image with the registry login server address
which we can get with:
1. Need to retrieve the azure container registry name
-->az acr list --resource-group RGP-USE-PLH-NP --query "[].{acrLoginServer:loginServer}" --output tsv
-->export aLS=rakakcourse28.azurecr.io
Tag your nginx image with the server address and verion (v1 in this case):
-->docker tag hostname:v1 ${aLS}/hostname:v1
Verify that your tags have been applied:
-->docker images
-->az acr list --resource-group RGP-USE-PLH-NP --query "[].{acrLoginServer:loginServer}" --output tsv
-->export aLS=rakakcourse28.azurecr.io
Tag your nginx image with the server address and verion (v1 in this case):
-->docker tag hostname:v1 ${aLS}/hostname:v1
Verify that your tags have been applied:
-->docker images
2.Push the image to the Registry
Push the image to the Registry:
-->docker push ${aLS}/hostname:v1
3.Verify container registry images
Verify that the image has been pushed correctly:
-->az acr repository list --name rakakcourse28 --output tsv
You can verify that the image is appropriately tagged with (repository is the output of the previous step):
-->repository=hostname
-->az acr repository show-tags --name rakakcourse28 --repository ${repository} --output tsv
Once we've pushed an image to the Azure Registry, we should verify that we can download and run the image.
First, we should still have a tagged version in our local images repository:
docker images | grep hostname
output:-
root@ubuntutest2020:/home/admina# docker images | grep hostname
hostname v1 3bc64b3156f8 11 minutes ago 133MB
rakakcourse28.azurecr.io/hostname v1 3bc64b3156f8 11 minutes ago 133MB
The longer name version (as there may be multiple tags) is the one that's also associated with the Azure Registry that we created previously . In order to verify that we can pull from the registry, we'll first remove the image, and then pull the image down from the registry (replacing <registry/image:version> with the registry tagged name from the previous command):
docker rmi rakakcourse28.azurecr.io/hostname:v1
docker rmi hostname:v1
azuser@ubuntutest2020:~$ docker rmi hostname:v1
Untagged: hostname:v1
Deleted: sha256:432556f47963403bf510b99ece271ffc64c5cf747a9cea5ce535efd2ef76fae2
Deleted: sha256:b47388279d060843dc1416f70cc9c19462c8c2f5a405e7e86361ea981844cfca
Deleted: sha256:0b9a846c3d3639a1f7c560f79f5a55eda45b011e23df42bdb032bf8e404794e1
Deleted: sha256:91e0b1ab1e8666140675d2326187ea88bbb23017be290f71f7f8ab680bee895a
Deleted: sha256:ec72d77541f91820348577c4828b801f3f426d875d0b695828d98e97c91c8d5f
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
but still we have ngnix image
azuser@ubuntutest2020:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 8cf1bfb43ff5 11 days ago 132MB
rakcontainerregistry26.azurecr.io/hello-world v1 bf756fb1ae65 7 months ago 13.3kB
azuser@ubuntutest2020:~$
azuser@ubuntutest2020:~$ docker pull rakakcourse28.azurecr.io/hostname:v1
v1: Pulling from hostname
6ec8c9369e08: Already exists
d3cb09a117e5: Already exists
7ef2f1459687: Already exists
e4d1bf8c9482: Already exists
795301d236d7: Already exists
9a9f2fd6787e: Pull complete
Digest: sha256:b258c1f4ca03ab3a7b84dec905b3e52c7527e58b384b005d5d9e152a96950047
Status: Downloaded newer image for rakakcourse28.azurecr.io/hostname:v1
rakakcourse28.azurecr.io/hostname:v1
azuser@ubuntutest2020:~$
4. Run the image locally to verify operation
It should also then be possible to run the image locally to verify operation:
docker run --rm --name hostname -p 8080:80 -d <registry/image:version>
docker run --rm --name hostname -p 8080:80 -d rakakcourse28.azurecr.io/hostname:v1
-d == demonized version
azuser@ubuntutest2020:~$ curl localhost:8080
<HTML>
<HEAD>
<TITLE>This page is on 25f9e680142a and is version v1</TITLE>
</HEAD><BODY>
<H1>THIS IS HOST 25f9e680142a</H1>
<H2>And we're running version: v1</H2>
</BODY>
</HTML>
azuser@ubuntutest2020:~$
5. Run the image from Azure Web App Services.
Login to Azure Portal
stop and clean the local container which is in Azure container registry
now Stop the running container
-->docker stop hostname
Remove image rakakcourse28.azurecr.io/hostname:v1
-->docker rmi rakakcourse28.azurecr.io/hostname:v1
Secure Access to ACR
Thanks for Reading..
No comments:
Post a Comment