Quickstart: Create a private container registry using the Azure CLI

Azure Container Registry is a managed Docker container registry service used for storing private Docker container images. This guide details creating an Azure Container Registry instance using the Azure CLI. Then, use Docker commands to push a container image into the registry, and finally pull and run the image from your registry.

This quickstart requires that you are running the Azure CLI (version 2.0.55 or later recommended). Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.

You must also have Docker installed locally. Docker provides packages that easily configure Docker on any macOS, Windows, or Linux system.

Because the Azure Cloud Shell doesn't include all required Docker components (the dockerd daemon), you can't use the Cloud Shell for this quickstart.

Create a resource group

Create a resource group with the az group create command. An Azure resource group is a logical container into which Azure resources are deployed and managed.

The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

Create a container registry

In this quickstart you create a Basic registry, which is a cost-optimized option for developers learning about Azure Container Registry. For details on available service tiers, see Container registry SKUs.

Create an ACR instance using the az acr create command. The registry name must be unique within Azure, and contain 5-50 alphanumeric characters. In the following example, myContainerRegistry007 is used. Update this to a unique value.

az acr create --resource-group myResourceGroup --name myContainerRegistry007 --sku Basic

When the registry is created, the output is similar to the following:

{
  "adminUserEnabled": false,
  "creationDate": "2019-01-08T22:32:13.175925+00:00",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry007",
  "location": "eastus",
  "loginServer": "mycontainerregistry007.azurecr.io",
  "name": "myContainerRegistry007",
  "provisioningState": "Succeeded",
  "resourceGroup": "myResourceGroup",
  "sku": {
    "name": "Basic",
    "tier": "Basic"
  },
  "status": null,
  "storageAccount": null,
  "tags": {},
  "type": "Microsoft.ContainerRegistry/registries"
}

Take note of loginServer in the output, which is the fully qualified registry name (all lowercase). Throughout the rest of this quickstart <acrName> is a placeholder for the container registry name.

Log in to registry

Before pushing and pulling container images, you must log in to the registry. To do so, use the az acr login command.

az acr login --name <acrName>

The command returns a Login Succeeded message once completed.

Push image to registry

To push an image to an Azure Container registry, you must first have an image. If you don't yet have any local container images, run the following docker pull command to pull an existing image from Docker Hub. For this example, pull the hello-world image.

docker pull hello-world

Before you can push an image to your registry, you must tag it with the fully qualified name of your ACR login server. The login server name is in the format <registry-name>.azurecr.io (all lowercase), for example, mycontainerregistry007.azurecr.io.

Tag the image using the docker tag command. Replace <acrLoginServer> with the login server name of your ACR instance.

docker tag hello-world <acrLoginServer>/hello-world:v1

Finally, use docker push to push the image to the ACR instance. Replace <acrLoginServer> with the login server name of your ACR instance. This example creates the hello-world repository, containing the hello-world:v1 image.

docker push <acrLoginServer>/hello-world:v1

After pushing the image to your container registry, remove the hello-world:v1 image from your local Docker environment. (Note that this docker rmi command does not remove the image from the hello-world repository in your Azure container registry.)

docker rmi <acrLoginServer>/hello-world:v1

List container images

The following example lists the repositories in your registry:

az acr repository list --name <acrName> --output table

Output:

Result
----------------
hello-world

The following example lists the tags on the hello-world repository.

az acr repository show-tags --name <acrName> --repository hello-world --output table

Output:

Result
--------
v1

Run image from registry

Now, you can pull and run the hello-world:v1 container image from your container registry by using docker run:

docker run <acrLoginServer>/hello-world:v1  

Example output:

Unable to find image 'mycontainerregistry007.azurecr.io/hello-world:v1' locally
v1: Pulling from hello-world
Digest: sha256:662dd8e65ef7ccf13f417962c2f77567d3b132f12c95909de6c85ac3c326a345
Status: Downloaded newer image for mycontainerregistry007.azurecr.io/hello-world:v1

Hello from Docker!
This message shows that your installation appears to be working correctly.

[...]

Clean up resources

When no longer needed, you can use the az group delete command to remove the resource group, the container registry, and the container images stored there.

az group delete --name myResourceGroup

Next steps

In this quickstart, you created an Azure Container Registry with the Azure CLI, pushed a container image to the registry, and pulled and ran the image from the registry. Continue to the Azure Container Registry tutorials for a deeper look at ACR.