ACR

less than a minute

Overview

Private, managed Docker registry service
Based on open-source Docker Registry 2.0

How-to create an ACR

This will create a basic ACR.

az acr create --resource-group {resource group name} --name {name of the new acr} --sku {sku value}

The name of the ACR must be 5 or more characters
It must be unique in Azure as it will have a public endpoint DNS of {acr name}.azureacr.io

How-to import container images

Import from a public registry

This command will import

az acr import --name {acr registry name} --source {the image endpoint} --image {the image name}

Permissions require to import images

{
   "assignableScopes": [
     "/subscriptions/<optional, but you can limit the visibility to one or more subscriptions>"
   ],
   "description": "Can import images to registry",
   "Name": "AcrImport",
   "permissions": [
     {
       "actions": [
         "Microsoft.ContainerRegistry/registries/push/write",
         "Microsoft.ContainerRegistry/registries/pull/read",
         "Microsoft.ContainerRegistry/registries/read",
         "Microsoft.ContainerRegistry/registries/importImage/action"
       ],
       "dataActions": [],
       "notActions": [],
       "notDataActions": []
     }
   ],
   "roleType": "CustomRole"
 }

Use an Azure managed identity to authenticate to an Azure container registry

You can use an Azure MI to authenticate to an ACR from another Azure resource without needing to provide or manage the credentials.

References

https://docs.microsoft.com/en-us/azure/container-registry/ https://docs.microsoft.com/en-us/azure/container-registry/container-registry-import-images?tabs=azure-cli https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication-managed-identity?msclkid=62c93c92c6fd11ec8b50b1f595ef34e9 https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-azure-cli

Last modified July 21, 2024: update (e2ae86c)