Introduction to private Docker container registries in Azure

Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry 2.0. Create and maintain Azure container registries to store and manage your private Docker container images. Use container registries in Azure with your existing container development and deployment pipelines, and draw on the body of Docker community expertise.

For background about Docker and containers, see the Docker user guide.

Use cases

Pull images from an Azure container registry to various deployment targets:

Developers can also push to a container registry as part of a container development workflow. For example, target a container registry from a continuous integration and deployment tool such as Visual Studio Team Services or Jenkins.

Key concepts

  • Registry - Create one or more container registries in your Azure subscription. Registries are available in three SKUs: Basic, Standard, and Premium, each of which support webhook integration, repository authentication with Azure Active Directory, and delete functionality. Take advantage of local, network-close storage of your container images by creating a registry in the same Azure location as your deployments. Use the geo-replication feature of Premium registries for advanced replication and container image distribution scenarios. A fully qualified registry name has the form myregistry.azurecr.io.

    You control access to a container registry using an Azure Active Directory-backed service principal or a provided admin account. Run the standard docker login command to authenticate with a registry.

  • Repository - A registry contains one or more repositories, which are groups of container images. Azure Container Registry supports multilevel repository namespaces. With multilevel namespaces, you can group collections of images related to a specific app, or a collection of apps to specific development or operational teams. For example:

    • myregistry.azurecr.io/aspnetcore:1.0.1 represents a corporate-wide image
    • myregistry.azurecr.io/warrantydept/dotnet-build represents an image used to build .NET apps, shared across the warranty department
    • myregistry.azurecr.io/warrantydept/customersubmissions/web represents a web image, grouped in the customer submissions app, owned by the warranty department
  • Image - Stored in a repository, each image is a read-only snapshot of a Docker container. Azure container registries can include both Windows and Linux images. You control image names for all your container deployments. Use standard Docker commands to push images into a repository, or pull an image from a repository.

  • Container - A container defines a software application and its dependencies wrapped in a complete filesystem including code, runtime, system tools, and libraries. Run Docker containers based on Windows or Linux images that you pull from a container registry. Containers running on a single machine share the operating system kernel. Docker containers are fully portable to all major Linux distros, macOS, and Windows.

Next steps