Pull and Run Docker Image from Azure Container Registry with Ease

Docker images from Azure Container Registry can be pulled and run with ease, thanks to the simple and straightforward process.

To get started, you need to have the Azure CLI installed and configured on your machine.

First, you'll need to log in to your Azure account using the Azure CLI command `az login`. This will authenticate your session and allow you to access your Azure resources.

Once logged in, you can use the `az acr login` command to log in to your Azure Container Registry instance. This will authenticate your session and allow you to access your container images.

For your interest: Azure Cli vs Azure Powershell

Before we dive into pulling and running a Docker image from Azure Container Registry, let's make sure you have the necessary tools.

You'll need Node.js installed on your system, specifically version 10.3 or higher.

An Azure account is also required to access Azure Container Registry.

In addition to Azure, you'll need a CircleCI account and a GitHub account to store and manage your code.

You might enjoy: Azure Account

To interact with Azure, you'll need to have Azure CLI installed on your system.

Finally, Docker needs to be installed on your system to run the container.

Here's a quick rundown of the prerequisites:

To set up an Azure Container Registry, you need to create a container registry on Azure to store and build your Docker containers. Click the Create button on your Azure portal home page and go to Containers -> Container Registry. Fill in the appropriate information including the name for your registry.

You can also use the Azure CLI to create your resources, but for this tutorial, we'll focus on the Azure portal. To confirm, I named my registry circlecigwpregistry, but you should use a different name.

To create an Azure Container Registry using the Azure portal, follow these steps:

To create an Azure Container Registry, you'll need to start by clicking the Create button on your Azure portal home page and navigating to Containers -> Container Registry. This will take you to the registry creation page where you can fill in the necessary information.

Enter a name for your registry, which should be unique across Azure Cloud. You can use the Azure CLI to create your resources if you prefer. I named my registry circlecigwpregistry, but you should substitute your own registry name in all the steps going forward.

On the review page, confirm your registry information and click Create to trigger the registry creation process. Make sure to review the pricing, as the Basic SKU costs $0.167 per day.

To create an Azure Container Registry using the Azure portal, follow these steps:

All production scenarios should use service principals to access an Azure container registry. Service principals allow you to provide role-based access control to your container images.

You can configure a service principal with pull-only access to a registry, which is recommended for production scenarios.

To grant pull-only access, you'll need to use the az ad sp create-for-rbac command with the --role argument set to acrpull.

Additional reading: Azure Ad Connect Sync Service Not Running

The service principal's appId will be used as the container registry username, and its password will be used as the container registry password.

You can store these secrets in Azure Key Vault for secure storage.

Here are the secrets you'll need to store:

Creating a Docker image can take some time, and once it's completed, you can view the created image by executing another Docker command.

A multi-stage Docker image is recommended for applications as it offers several benefits, which you can read more about.

Using a multi-stage Docker file can significantly reduce the image size, for example, the default image with "go" in the name took up 1.11GB of disk space.

You can create a multi-stage Docker image by using a specific Docker file, which is more secure and efficient than the default image.

The size difference between a default and multi-stage Docker image is substantial, with the multi-stage image being only 41.1MB.

To deploy a container, you'll need to use the Azure CLI to create a container instance. Execute the az container create command to deploy the container instance, using the service principal's credentials stored in Azure Key Vault to authenticate to your container registry.

The --dns-name-label value must be unique within Azure, so the command appends your container registry's name to the container's DNS name label. This ensures the container's fully qualified domain name (FQDN) is unique.

Take note of the container's FQDN, as you'll use it in the next steps to monitor the startup process of the container.

For another approach, see: Deploy Docker Image on Azure

To deploy a container, you'll need to use the Azure CLI and execute the az container create command. This command uses the service principal's credentials stored in Azure Key Vault to authenticate to your container registry.

The --dns-name-label value must be unique within Azure, so the command appends your container registry's name to the container's DNS name label. This is a crucial step to ensure the container's FQDN is correctly generated.

Take note of the container's FQDN, as you'll use it in the next section. You can also use the az container attach command to watch the startup process of the container.

The output from the az container create command displays the container's fully qualified domain name (FQDN).

Reviewing build logs is a crucial step in the deployment process. It helps you identify any issues or errors that occurred during the build process.

To review build logs, you can check the build logs in the Azure DevOps pipeline. You can also review the build logs in the Azure Container Registry (ACR) by following these steps:

By reviewing the build logs, you can troubleshoot any issues and make necessary adjustments to ensure a smooth deployment process.