Thursday, 24 March 2022

Azure Container Registry

 

  • A service to manage your container images and related artifacts.
  • ACR is a regional service.

Features

  • Keep track of current valid container images.
  • Registries (SKUs) are available in three tiers: Basic, Standard, and Premium.
  • You can use the geo-replication feature of Premium registries for advanced replication and container image distribution scenarios.
  • Streamline building, testing, pushing, and deploying images to Azure with Azure Container Registry Tasks.
  • ACR Tasks supports quick taskautomatically triggered tasks, and multi-step task
  • Tag your containers using stable and unique tags.

Concepts

  • Registry
    • A registry is a collection of repositories to store and distribute container images.
    • You must be authenticated before you can pull and push images.
  • Artifact
    • The address of an artifact contains loginUrl, repository and tag
      • [loginUrl]/[repository:][tag]
  • Repository
    • A repository is a group of similar container images and other artifacts.
    • Identify similar repositories and artifacts with namespaces.
  • Image
    • Images are used in ACR tasks.
    • A container image consists of tags, layers, and a manifest.
    • Orphaned images are generated by repeated pushing of modified images with identical tags.

Best Practices

  • If you place your registry near your container hosts, it will help reduce both latency and costs.
  • When you are deploying containers to multiple regions, you can use the geo-replication feature.
  • ACR supports nested namespaces that allow you to share a single registry across multiple groups.
  • There are two main situations when authenticating with an ACR:
    • Individual identity – allows you to pull or push images from the development machine.
    • Service/Headless identity – enables you to build and deploy pipelines where the user is not directly involved.
  • ACR allows you to delete images by tag, by manifest digest, and by repository.

Tasks

  • Quick Task
    • Verify your automated build definitions and catch potential problems prior to committing your code.
    • Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation.
  • Trigger Task
    • You can create an image using one or more triggers on:
      • Source code update
      • Base image update
      • Schedule
  • Multi-step Task
    • Multi-container-based workflows
    • With multi-step tasks in ACR Tasks, you have more granular control over image building, testing, and OS and framework patching workflows.
  • Deleted registry resources such as repositories, images, and tags cannot be recovered after deletion.

Tagging

  • Use stable tags to maintain base images for your container builds.
  • If the updated image has a stable tag, the previously tagged image is untagged, resulting in an orphaned image.
  • You can use unique tags for deployments, particularly in an environment where multiple nodes can scale.

Network

  • You can connect to your ACR via public and private endpoints.
  • A private endpoint connection is only available for Premium SKU.

Security

  • Encrypts the registry content at rest with service-managed keys or customer-managed keys.
  • Customer-Managed Key is only available for Premium SKU.
  • You can enable a customer-managed key only when you create a registry.
  • Authenticate through Azure Active Directory user, service principal, admin login, or through Azure managed identity.

Pricing

  • You are charged (GiB/day) for the image storage.
  • Users will be charged for the preceding SKU price until the point of change and will be charged for the new SKU price after the change has been made.
  • Standard networking fees apply to network egress.
  • If you replicate a registry to your desired regions, you are charged with premium registry fees for each region.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)