Azure Container Registry (ACR)

Note: Special thanks to Navisite leaders  John Rudenauer , Balaji Sundara and Mike Gallo for their continued support on this blog series.

Overview

Azure Container Registry (ACR) is a managed Docker registry service based on the open-source Docker Registry.  It is a secure private registry managed by Azure, and also a managed service so Azure handles the security, backend infrastructure and storage so the developers can focus on their applications. ACR allows you to store images for all types of container deployments including OpenShift, Docker Swarm, Kubernetes and others. It reduces latency  by creating a registry in the same Azure location as your deployments. In this blog, we will walk through step-by-step process of ACR creation and integration with Azure Kubernetes Service (AKS) using Azure Service Principal.

For more information on AKS, see our first blog in this series.

This the 2nd blog in the Azure Container Series…stay tuned for more on this series.

  1. Azure Kubernetes Services (AKS) – Kubenet Network Design (Part 1)
  2. Azure Container Registry (ACR)
  3. Azure Kubernetes Services (AKS) – Advanced Network Design with CNI (Part 2)
  4. Custom Kubernetes Cluster on IaaS VMs in Azure using Flannel Overlay
  5. AKS with Persistent volumes using Azure Disks and Azure Files

Architecture

This diagram represents the overall flow of how developers can leverage Azure Container Registry in Azure with Azure Kubernetes Service (AKS)

Key Architectural Components

Azure provides great documentation here.

Registry

Registries are available in three SKUs: Basic, Standard, and Premium, each of which support webhook integration, registry authentication with Azure Active Directory, and delete functionality. A fully qualified registry name has the form nnaksacr.azurecr.io.

Repository

A registry contains one or more repositories, which store groups of container images

Image

Stored in a repository, each image is a read-only snapshot of a Docker-compatible container. Azure container registries can include both Windows and Linux images.

Container

A container defines a software application and its dependencies wrapped in a complete filesystem including code, runtime, system tools, and libraries.

Create a Container Registry

There are three SKUs available. Basic is cost-optimized option for developers learning about ACR. In this example, we will use the Standard registry. Review the full feature matrix on the Azure Documentation.

Feature and SKU Matrix

 

 

Login to ACR and push a test image

 

Use ACS with AKS

When an application need to interact with Azure services, it is not recommended to use your normal AD account. It is more optimal to register the application with Azure AD and create an identity for the application (this identity is called service principal. Antother option is MSI.)

AKS uses service principal to access other azure services like ACR. Default role is contributor so use “–skip-assignment”. Other available roles are as follow:

  • Owner (pull, push, and assign roles to other users)
    Contributor (pull and push)
    Reader (pull only access)

Once the service principal has been created, copy the client_id (named appId in the response) and the client_secret (named password in the response).

In the portal you should see the reader access undel nnaksacr resource -> Access Control -> Resource Assignment

 

Create a deployment to pull the image from ACR

 

Cleanup

Summary

Azure Container Registry allows you to build, store and manage images for various types of container deployments. It reduces the network latency and eliminate ingress/egress charges by keeping your Docker registry in the same data center as your deployments. Azure Container Registry is a managed service so Azure handles the security, backend infrastructure and storage so the developers can focus on their applications.

To explore more about how Navisite can help you deploy Azure Container Registry, touch base today, or call us at (888) 298-8222 for additional information.  Learn more about our Azure Management Services.

Nehali Neogi

Nehali Neogi

Principal Cloud Architect at Navisite
Nehali Neogi is a Principal Cloud Architect at Navisite, leading many of their global initiatives on building the next generation of hybrid cloud services. She enjoys designing and architecting reliable and highly available solutions for Navisite’s clients. She is a Cisco, VMware NSX and Azure certified Cloud Architect leading Hybrid Cloud offerings. Her interests are cloud technologies, Software Defined Networking, full stack engineering, and realizing the transition to DevOps and system Automation.Nehali holds an Expert Level Certification in VMware NSX(VCIX-NV) and Microsoft Certified Azure Cloud Architect.She holds Masters in Computer Engineering from UMass, Lowell.
Nehali Neogi