
Running a Docker image from Azure Container Registry is a straightforward process that can be completed in minutes.
To start, you'll need to create an Azure Container Registry, which can be done in just a few clicks. This will give you a unique registry URL that you can use to store and manage your Docker images.
Azure Container Registry supports Docker images in the Open Container Initiative (OCI) format, which is a widely adopted standard. This means you can easily push and pull your Docker images from the registry.
Once you've created your Azure Container Registry, you can use the Azure CLI to run your Docker image. Simply log in to your Azure account, navigate to the registry, and use the `docker run` command to start your container.
Prerequisites
To run a Docker image from Azure Container Registry, you'll need a few prerequisites in place.
First, you need to have a Docker installation on your machine. This is because Docker is required to run and manage containers.
You should also have an Azure subscription, as Azure Container Registry is a service offered by Microsoft. This will allow you to store and manage your container images.
Make sure you have the Azure CLI installed and configured on your machine. This will provide you with a command-line interface to interact with Azure services.
Next, you need to have the Azure Container Registry (ACR) instance created and configured. This will allow you to push and pull container images from the registry.
Lastly, you should have the Docker login credentials for your Azure account. This will enable you to authenticate with Azure Container Registry and access your container images.
Build and Push Docker Image
To build and push a Docker image, you can use the az acr build command, which builds the image and pushes it to your registry. This command is similar to the one used in Example 1, which builds and pushes the sample/hello-world:v1 image.
Take a look at this: Azure Run Command
You can run the az acr build command from the current directory, as indicated by the . at the end of the command. If you're using an ABAC-enabled source registry, you'll need to pass in the caller's identity as the identity that will be used by the build to authenticate with the registry.
The output from a successful build and push will be similar to the one shown in Example 1, with the image being pushed to your Azure Container Registry.
Create Container Registry
To create a container registry, use the az acr create command and choose a unique name with 5-50 alphanumeric characters. Mycontainerregistry008 is an example of a valid name.
The registry name must be unique within Azure. Make sure to update this value to something unique for your project.
The az acr create command creates a Basic registry, a cost-optimized option for developers. This is a great choice for learning about Azure Container Registry.
For more information on service tiers, see the details on Container registry service tiers. This will help you understand the available options.
Enabling ABAC on ACR Tasks, Quick Tasks, Quick Builds, and Quick Runs has specific effects. For more information, see the effects of enabling ABAC on these features.
For more insights, see: Azure Ad Connect Sync Service Not Running
Build and Push Docker Image
To build and push a Docker image, you can use the az acr build command. This command builds the image and pushes it to your registry. The az acr build command can be run from the current directory where the Dockerfile is located, indicated by the . at the end of the command.
If you're using an ABAC-enabled source registry, you'll need to pass in the caller's identity as the identity that will be used by the build to authenticate with the registry. This is done by adding the --source-acr-auth-id [caller] flag when running az acr build.
A successful build and push will output something similar to the following.
Additional reading: Github Actions Push to Azure Container Registry
Configure Registry Authentication
Configuring registry authentication is an essential step in building and pushing a Docker image to Azure Container Registry.
In a production scenario, it's recommended to use a service principal to provide Azure role-based access control to your container images. This allows you to grant specific roles to users or applications, such as pull-only access to a registry.
To create a service principal, use the command `az ad sp create-for-rbac` and store its credentials in your key vault. Note the service principal's appId upon creation, as you'll need it later.
You can configure the service principal with the acrpull role to grant pull-only access to the registry. To grant both push and pull access, change the --role argument to acrpull.
Here's a summary of the roles you can configure for a service principal:
- acrpull: Grants pull-only access to the registry.
- acrpush: Grants both push and pull access to the registry.
Store the service principal's appId in the vault, which is the username you'll pass to Azure Container Registry for authentication. You can also store the service principal's password in the vault as a secret.
Discover more: Azure App Service Container
Run the Image
You can run the image you built and pushed to your Azure Container Registry using the `az acr run` command. This command allows you to run the container in its default configuration, or you can specify additional docker run parameters or even other docker commands.
To use this command, you'll need to specify the endpoint of the registry where you want to run the command. This is done by passing in the `$Registry` variable.
If you're using an ABAC-enabled source registry, you'll need to pass in the caller's identity as the identity that will be used by the run to authenticate with the registry. This is done by passing in the `--source-acr-auth-id [caller]` flag.
You can run the image with the default configuration by using the `cmd` parameter. This will run the container in its default configuration, but you can also specify additional docker run parameters or other docker commands.
Here are some common `az acr run` parameters:
The `az acr run` command can be a useful validation step in your container development workflow, or you can include it in a multi-step YAML file.
Featured Images: pexels.com

