Azure Container Registry Cheat Sheet

• A service to manage your container images and related artifacts.
• ACR is a regional service.

Features

• Keep track of current valid container images.
• Registries (SKUs) are available in three tiers: Basic, Standard, and Premium.

• You can use the geo-replication feature of Premium registries for advanced replication and container image distribution scenarios.
• Streamline building, testing, pushing, and deploying images to Azure with Azure Container Registry Tasks.
• ACR Tasks supports quick task, automatically triggered tasks, and multi-step task
• Tag your containers using stable and unique tags.

Concepts

• Registry
• • A registry is a collection of repositories to store and distribute container images.
  • You must be authenticated before you can pull and push images.
• Artifact
• • The address of an artifact contains loginUrl, repository and tag
    • [loginUrl]/[repository:][tag]
• Repository
• • A repository is a group of similar container images and other artifacts.
  • Identify similar repositories and artifacts with namespaces.
• Image
• • Images are used in ACR tasks.
  • A container image consists of tags, layers, and a manifest.
  • Orphaned images are generated by repeated pushing of modified images with identical tags.

Best Practices

• If you place your registry near your container hosts, it will help reduce both latency and costs.
• When you are deploying containers to multiple regions, you can use the geo-replication feature.
• ACR supports nested namespaces that allow you to share a single registry across multiple groups.
• There are two main situations when authenticating with an ACR:
  • Individual identity – allows you to pull or push images from the development machine.
  • Service/Headless identity – enables you to build and deploy pipelines where the user is not directly involved.
• ACR allows you to delete images by tag, by manifest digest, and by repository.

Tasks

• Quick Task
• • Verify your automated build definitions and catch potential problems prior to committing your code.
  • Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation.
• Trigger Task
• • You can create an image using one or more triggers on:
    • Source code update
    • Base image update
    • Schedule
• Multi-step Task
• • Multi-container-based workflows
  • With multi-step tasks in ACR Tasks, you have more granular control over image building, testing, and OS and framework patching workflows.
• Deleted registry resources such as repositories, images, and tags cannot be recovered after deletion.

Tagging

• Use stable tags to maintain base images for your container builds.
• If the updated image has a stable tag, the previously tagged image is untagged, resulting in an orphaned image.
• You can use unique tags for deployments, particularly in an environment where multiple nodes can scale.

Network

• You can connect to your ACR via public and private endpoints.
• A private endpoint connection is only available for Premium SKU.

Security

• Encrypts the registry content at rest with service-managed keys or customer-managed keys.
• Customer-Managed Key is only available for Premium SKU.
• You can enable a customer-managed key only when you create a registry.
• Authenticate through Azure Active Directory user, service principal, admin login, or through Azure managed identity.

Azure Container Registry Pricing

• You are charged (GiB/day) for the image storage.
• Users will be charged for the preceding SKU price until the point of change and will be charged for the new SKU price after the change has been made.
• Standard networking fees apply to network egress.
• If you replicate a registry to your desired regions, you are charged with premium registry fees for each region.

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Azure Container Registry Cheat Sheet Resources:

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro
https://azure.microsoft.com/en-us/services/container-registry/