ACR

Azure Container Registry (ACR) is a managed registry based on the open source docker registry 2.0. You can store your private container images here for management. Builds can performed automatically with pipelines/Tasks or on demand.

You can pull images from the registry for use in your deployment pipelines for a variety of targets:

• Scalable orchestration systems
  k8s, DC/OS, Docker Swarm
• Azure services
  AKS, App Service, Batch, Service Fabric

Tiers

• Basic
  Cost-optimised for learning. Same programmatic capability. Lower storage and throughput.
• Standard
  Increased storage and throughput. Good for most production scenarios.
• Premium
  Highest storage and throughput. For high volume scenarios. Geo-replication, image signing, private endpoints for restricted access.

Support

• Read-only snapshots of Windows or Linux docker-compatible images
• Helm charts
• Images built using OCI (Open Container Initiative) spec

Registry storage

• Encryption-at-rest
  Optional extra security with a customer-managed key.
• Single region storage
  Defaults to single region (no geo-replication) where the registry is created (for data residency compliance requirements)
• Geo-replication
  Optional for customers who need high availability, redundancy in case of regional outage, or faster pushes/pulls in distributed development scenarios.
• Zone redundancy (premium)
  Minimum 3 replications within a region.
• Scalable
  Create as many repos, images, layers or tags as you need up to the storage limit (10gb, 100gb, 500gb). Performance can be impacted. Prune periodically. Deletion is permanent.

Tasks

ACR tasks provide cloud-based image building for Linux, Windows and Adv. RISC (ARM) machines. Here are two scenarios for Tasks:

• Quick task
  Build and push a single container image to the registry in Azure (on-demand)
• Triggered tasks
  • Source code update (pushed commits)
  • Base image update
  • Timer scheduled

Tasks also support multi-step yaml definitions which can perform multiple sequential operations, building, testing and pushing multiple images.

By default, Tasks build amd64 Linux images. You can specify --platform to build Windows or other Linux architecture images. Specify in OS/arch format i.e. --platform Linux/arm. For Adv. RISC machines you may also specify a variant on the end Linux/arm64/v8.

Dockerfile

A Dockerfile is a script containing a series of instructions to build a docker image. They usually contain:

• Base image (FROM)
• Base image update/software installation
• Build artifacts to include (COPY)
• Services to expose (EXPOSE)
• Command to run on container launch (CMD)

# Use the .NET 6 runtime as a base image
FROM mcr.microsoft.com/dotnet/runtime:6.0

# Set the working directory to /app
WORKDIR /app

# Copy the contents of the published app to the container's /app directory
COPY bin/Release/net6.0/publish/ .

# Document that the application listens on port 80 (does not publish it)
EXPOSE 80

# Set the command to run when the container starts
CMD ["dotnet", "MyApp.dll"]

• EXPOSE does not publish the port to the host machine. The host machine controls which ports a container listens on. Use docker run -p <host_port>:<container_port> to define this mapping