Quickstart: Create a private container registry using Azure PowerShell
Azure Container Registry is a managed, private Docker container registry service for building, storing, and serving Docker container images. In this quickstart, you learn how to create an Azure container registry using PowerShell. Then, use Docker commands to push a container image into the registry, and finally pull and run the image from your registry.
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.
This quickstart requires Azure PowerShell module. Run
Get-Module -ListAvailable Az to determine your installed version. If you need to install or upgrade, see Install Azure PowerShell module.
Because the Azure Cloud Shell doesn't include all required Docker components (the
dockerd daemon), you can't use the Cloud Shell for this quickstart.
Sign in to Azure
Sign in to your Azure subscription with the Connect-AzAccount command, and follow the on-screen directions.
Create resource group
Once you're authenticated with Azure, create a resource group with New-AzResourceGroup. A resource group is a logical container in which you deploy and manage your Azure resources.
New-AzResourceGroup -Name myResourceGroup -Location EastUS
Create container registry
Next, create a container registry in your new resource group with the New-AzContainerRegistry command.
The registry name must be unique within Azure, and contain 5-50 alphanumeric characters. The following example creates a registry named "myContainerRegistry007." Replace myContainerRegistry007 in the following command, then run it to create the registry:
$registry = New-AzContainerRegistry -ResourceGroupName "myResourceGroup" -Name "myContainerRegistry007" -EnableAdminUser -Sku Basic
In this quickstart you create a Basic registry, which is a cost-optimized option for developers learning about Azure Container Registry. For details on available service tiers, see Container registry SKUs.
Log in to registry
Before pushing and pulling container images, you must log in to your registry. In production scenarios you should use an individual identity or service principal for container registry access, but to keep this quickstart brief, enable the admin user on your registry with the Get-AzContainerRegistryCredential command:
$creds = Get-AzContainerRegistryCredential -Registry $registry
Next, run docker login to log in:
$creds.Password | docker login $registry.LoginServer -u $creds.Username --password-stdin
The command returns
Login Succeeded once completed.
Push image to registry
To push an image to an Azure Container registry, you must first have an image. If you don't yet have any local container images, run the following docker pull command to pull an existing image from Docker Hub. For this example, pull the
docker pull hello-world
Before you can push an image to your registry, you must tag it with the fully qualified name of your ACR login server. The login server name is in the format <registry-name>.azurecr.io (all lowercase), for example, mycontainerregistry007.azurecr.io.
Tag the image using the docker tag command. Replace
<acrLoginServer> with the login server name of your ACR instance.
docker tag hello-world <acrLoginServer>/hello-world:v1
Finally, use docker push to push the image to the ACR instance. Replace
<acrLoginServer> with the login server name of your ACR instance. This example creates the hello-world repository, containing the
docker push <acrLoginServer>/hello-world:v1
After pushing the image to your container registry, remove the
hello-world:v1 image from your local Docker environment. (Note that this docker rmi command does not remove the image from the hello-world repository in your Azure container registry.)
docker rmi <acrLoginServer>/hello-world:v1
Run image from registry
Now, you can pull and run the
hello-world:v1 container image from your container registry by using docker run:
docker run <acrLoginServer>/hello-world:v1
Unable to find image 'mycontainerregistry007.azurecr.io/hello-world:v1' locally v1: Pulling from hello-world Digest: sha256:662dd8e65ef7ccf13f417962c2f77567d3b132f12c95909de6c85ac3c326a345 Status: Downloaded newer image for mycontainerregistry007.azurecr.io/hello-world:v1 Hello from Docker! This message shows that your installation appears to be working correctly. [...]
Clean up resources
Once you're done working with the resources you created in this quickstart, use the Remove-AzResourceGroup command to remove the resource group, the container registry, and the container images stored there:
Remove-AzResourceGroup -Name myResourceGroup
In this quickstart, you created an Azure Container Registry with Azure PowerShell, pushed a container image, and pulled and ran the image from the registry. Continue to the Azure Container Registry tutorials for a deeper look at ACR.