Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Azure Container Registry (ACR) Deep Dive

Azure Container Registry (ACR) Deep Dive

Azure Container Registry (ACR) is a managed service offering by Microsoft, which implements the Docker Registry 2.0 standard. However, Microsoft goes beyond the specification and added a whole bunch of stunning features to ACR. Features that you should know and use to get most out of ACR. Join this talk by Azure MVP Thorsten Hans and learn how to harden your ACR by configuring Content-Trust. Get Insights about ACR by integrating Azure Monitor. Scale your ACR around the globe using Geo-Replications and let ACR build Docker Images for you automatically. Let’s unleash the full potential of ACR!

6848c06ef647ab606c668cc5264c0fc9?s=128

Thorsten Hans

December 01, 2021
Tweet

Transcript

  1. ACR Unleashed Thorsten Hans @ThorstenHans Consultant A deep dive into

    Azure Container Registry
  2. Consultant @ Thinktecture #Azure #Kubernetes #CloudNative #Terraform thorsten.hans@thinktecture.com thinktecture.com thorsten-hans.com

    @ThorstenHans Thorsten Hans
  3. • Introduction • Azure Container Registry Jumpstart • Azure Container

    Registry Patterns & Practices • Conclusion Talking Points - What we will cover today
  4. • Introduction • Azure Container Registry Jumpstart • Azure Container

    Registry Patterns & Practices • Conclusion Talking Points - What we will cover today
  5. • Azure Container Registry (ACR) is a OCI distribution spec

    compliant registry • Distribution of container images and OCI spec compliant artifacts • Seamless integration with Azure Active Directory (AAD) • Three SKUs available Basic | Standard | Premium ( $5 | $20 | $50 ) Introduction
  6. Different service tiers have limits Introduction Basic Standard Premium Included

    Storage in GB 10 100 500 Read operations p. minute 1_000 3_000 10_000 Write operations p minute 100 500 2_000 Download bandwidth in Mbps 30 60 100 Upload bandwidth in Mbps 10 20 50 WebHooks 2 10 500
  7. Features only available in Premium SKU Introduction • Geo Replication

    • Availability Zones • Content Trust • Private link with Private Endpoints • Private Endpoints • Public IP network rules • Service Endpoint Virtual Network access • Virtual Network rules • Customer-managed encryption keys • Repository scoped permissions • Tokens • Scopes
  8. • Introduction • Azure Container Registry Jumpstart • Azure Container

    Registry Patterns & Practices • Conclusion Talking Points - What we will cover today
  9. Azure Container Registry Basics - Create an Azure Container Registry

    instance - Authenticate - Push container images - Browse container images - Pull container images Demo
  10. Create an ACR instance

  11. Authenticate with custom ACR instance

  12. Push container image to ACR

  13. List images and tags in ACR

  14. Pull an image from ACR

  15. • Introduction • Azure Container Registry Jumpstart • Azure Container

    Registry Patterns & Practices • Conclusion Talking Points - What we will cover today
  16. • The following section consists of live-demos • Corresponding code

    is availible on GitHub at • https://github.com/ThorstenHans/acr-unleashed-cloudsummit-2021 ACR Patterns & Practices
  17. • ACR offers four types of webhooks push, delete, chart_push,

    chart_delete Webhooks
  18. • Azure Traffic Manager routes your requests to the closest

    ACR replication • All replications can accept write operations • ACR replicates modifications across GEO replications behind the scenes Geo-Replication
  19. • You can store everything in ACR as long as

    it is OCI spec compliant • For example WebAssemby (Wasm) modules Deal with OCI compliant artifacts
  20. • Authenticate and Authorize external identities with ease • GitHub

    Actions / Jenkins / TeamCity / other services • Azure Resources that are under external control Tokens
  21. • Build your container images directly in ACR • Container

    build for scheduled and event based builds • ACR quick task for one-off builds ACR Container Build & Tasks
  22. Vulnerability scanning with Microsoft Defender for Cloud

  23. Vulnerability scanning with Microsoft Defender for Cloud

  24. • Introduction • Azure Container Registry Jumpstart • Azure Container

    Registry Patterns & Practices • Conclusion Talking Points - What we will cover today
  25. further questions?!?! Thorsten Hans @ThorstenHans Consultant Don’t be afraid. Shoot

    your question now in person, or later at thorsten.hans@thinktecture.com or @ThorstenHans thns.io/slides