Bird
Raised Fist0
Azurecloud~5 mins

Azure Container Registry (ACR) - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Azure Container Registry lets you store and manage container images securely in the cloud. It solves the problem of sharing container images easily between your development and deployment environments.
When you want to keep your container images private and secure within your Azure environment.
When you need a central place to store container images for your team or automated pipelines.
When you want to speed up deployments by pulling images from a registry close to your Azure services.
When you want to automate container image builds and scans in Azure.
When you want to integrate container image storage with Azure Kubernetes Service or Azure App Service.
Config File - acr-template.json
acr-template.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.ContainerRegistry/registries",
      "apiVersion": "2021-06-01-preview",
      "name": "exampleacr12345",
      "location": "eastus",
      "sku": {
        "name": "Basic"
      },
      "properties": {
        "adminUserEnabled": true
      }
    }
  ]
}

This JSON template creates an Azure Container Registry named exampleacr12345 in the East US region.

The sku is set to Basic, which is suitable for learning and small projects.

The adminUserEnabled property allows you to use an admin account to push and pull images.

Commands
This command creates a new Azure Container Registry named exampleacr12345 in the resource group myResourceGroup with Basic SKU and admin user enabled.
Terminal
az acr create --resource-group myResourceGroup --name exampleacr12345 --sku Basic --location eastus --admin-enabled true
Expected OutputExpected
{ "adminUserEnabled": true, "creationDate": "2024-06-01T12:00:00Z", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/exampleacr12345", "location": "eastus", "loginServer": "exampleacr12345.azurecr.io", "name": "exampleacr12345", "provisioningState": "Succeeded", "resourceGroup": "myResourceGroup", "sku": { "name": "Basic", "tier": "Basic" }, "tags": {}, "type": "Microsoft.ContainerRegistry/registries" }
--resource-group - Specifies the Azure resource group to create the registry in
--name - Sets the unique name for the container registry
--sku - Defines the pricing tier and features of the registry
Logs your local Docker client into the Azure Container Registry so you can push and pull images.
Terminal
az acr login --name exampleacr12345
Expected OutputExpected
Login Succeeded
--name - Specifies the name of the Azure Container Registry to log into
Tags your local Docker image named my-app with the registry login server prefix so it can be pushed to ACR.
Terminal
docker tag my-app:latest exampleacr12345.azurecr.io/my-app:latest
Expected OutputExpected
No output (command runs silently)
Pushes the tagged Docker image to your Azure Container Registry.
Terminal
docker push exampleacr12345.azurecr.io/my-app:latest
Expected OutputExpected
The push refers to repository [exampleacr12345.azurecr.io/my-app] latest: digest: sha256:abcdef1234567890 size: 1234
Lists all container repositories stored in your Azure Container Registry in a readable table format.
Terminal
az acr repository list --name exampleacr12345 --output table
Expected OutputExpected
Repositories ------------- my-app
--output - Formats the output for easier reading
Key Concept

If you remember nothing else from this pattern, remember: Azure Container Registry securely stores your container images close to your Azure services for easy and fast deployment.

Common Mistakes
Trying to push Docker images without logging into the Azure Container Registry first.
Docker will reject the push because it does not have permission to access the registry.
Always run 'az acr login --name yourRegistryName' before pushing images.
Using a registry name that is not globally unique in Azure.
Azure Container Registry names must be unique across all Azure users, otherwise creation fails.
Choose a unique registry name, often by adding random numbers or your company name.
Not enabling the admin user when creating the registry and then trying to use admin credentials.
Admin user credentials won't exist if admin user is disabled, causing login failures.
Enable admin user during creation or use Azure Active Directory authentication.
Summary
Create an Azure Container Registry with 'az acr create' to store your container images.
Log in to the registry using 'az acr login' so Docker can push and pull images securely.
Tag your local Docker images with the registry login server prefix before pushing.
Push images to the registry with 'docker push' and verify stored repositories with 'az acr repository list'.

Practice

(1/5)
1. What is the main purpose of Azure Container Registry (ACR)?
easy
A. To securely store and manage container images in Azure
B. To create virtual machines in Azure
C. To monitor network traffic in Azure
D. To manage Azure user permissions

Solution

  1. Step 1: Understand what ACR is designed for

    Azure Container Registry is a service to store container images securely in Azure.

  2. Step 2: Compare options with ACR's purpose

    Only To securely store and manage container images in Azure describes storing and managing container images, which matches ACR's main use.

  3. Final Answer:

    To securely store and manage container images in Azure -> Option A

  4. Quick Check:

    ACR purpose = store container images [OK]
Hint: ACR is for container images, not VMs or users [OK]
Common Mistakes:
  • Confusing ACR with Azure VM services
  • Thinking ACR manages user permissions
  • Assuming ACR monitors network traffic
2. Which of the following is the correct Azure CLI command to create an Azure Container Registry named myRegistry in resource group myGroup with the Basic SKU?
easy
A. az acr new --group myGroup --registry myRegistry --tier Basic
B. az acr create --resource-group myGroup --registry-name myRegistry --sku Basic
C. az container registry create --group myGroup --name myRegistry --sku Basic
D. az acr create --resource-group myGroup --name myRegistry --sku Basic

Solution

  1. Step 1: Recall the correct Azure CLI syntax for ACR creation

    The correct command uses az acr create with parameters --resource-group, --name, and --sku.

  2. Step 2: Match options to correct syntax

    az acr create --resource-group myGroup --name myRegistry --sku Basic matches the exact syntax. Options A, C, and D use incorrect commands or parameter names.

  3. Final Answer:

    az acr create --resource-group myGroup --name myRegistry --sku Basic -> Option D

  4. Quick Check:

    Correct CLI syntax = az acr create --resource-group myGroup --name myRegistry --sku Basic [OK]
Hint: Use 'az acr create' with --resource-group and --name [OK]
Common Mistakes:
  • Using wrong command like 'az acr new'
  • Incorrect parameter names like --registry-name
  • Confusing 'az container registry' with 'az acr'
3. Given this Azure CLI command sequence, what will be the output of the last command?
az acr create --resource-group myGroup --name myRegistry --sku Standard
az acr login --name myRegistry
az acr repository list --name myRegistry --output json
medium
A. A JSON list of repositories stored in myRegistry, initially empty
B. An error saying the registry does not exist
C. A list of running containers in myRegistry
D. A JSON list of all Azure resource groups

Solution

  1. Step 1: Understand the commands run

    The first command creates the registry. The second logs into it. The third lists repositories in JSON format.

  2. Step 2: Predict output of repository list on new registry

    Since the registry is new, it has no repositories yet, so the output is an empty JSON list.

  3. Final Answer:

    A JSON list of repositories stored in myRegistry, initially empty -> Option A

  4. Quick Check:

    New registry repo list = empty JSON list [OK]
Hint: New ACR has empty repo list JSON output [OK]
Common Mistakes:
  • Expecting error when registry exists
  • Confusing repositories with running containers
  • Thinking it lists resource groups
4. You run this command but get an error:
az acr create --resource-group myGroup --name myRegistry --sku Basic --location eastus

What is the most likely cause of the error?
medium
A. The command syntax is incorrect
B. The SKU Basic is not supported in eastus
C. The resource group myGroup does not exist
D. The registry name myRegistry is already in use globally

Solution

  1. Step 1: Check command syntax and parameters

    The syntax is correct and Basic SKU is supported in eastus.

  2. Step 2: Identify common causes of creation errors

    If the resource group does not exist, creation fails with an error.

  3. Final Answer:

    The resource group myGroup does not exist -> Option C

  4. Quick Check:

    Missing resource group causes create error [OK]
Hint: Ensure resource group exists before creating ACR [OK]
Common Mistakes:
  • Assuming SKU is unsupported without checking
  • Ignoring resource group existence
  • Thinking registry name conflict causes this error
5. You want to speed up your app deployment by sharing container images across multiple Azure regions. Which ACR feature should you enable to replicate your registry automatically to other regions?
hard
A. Configure Azure Traffic Manager for your registry
B. Enable geo-replication on your Azure Container Registry
C. Use Azure Blob Storage replication instead
D. Create multiple separate registries manually in each region

Solution

  1. Step 1: Understand the need for multi-region image availability

    To share images across regions and speed deployment, the registry must replicate images automatically.

  2. Step 2: Identify ACR feature for automatic replication

    Geo-replication is the ACR feature that replicates container images across regions automatically.

  3. Step 3: Evaluate other options

    Creating registries manually is manual and error-prone. Blob Storage replication is unrelated to container images. Traffic Manager manages traffic, not image replication.

  4. Final Answer:

    Enable geo-replication on your Azure Container Registry -> Option B

  5. Quick Check:

    Multi-region image sharing = geo-replication [OK]
Hint: Use geo-replication to sync images across regions [OK]
Common Mistakes:
  • Manually creating registries instead of replicating
  • Confusing storage replication with ACR replication
  • Using Traffic Manager for image replication