(DEPRECATED) Use ACR with a DC/OS cluster to deploy your application
Warning
The Azure Container Service (ACS) is being deprecated. No new features or functionality are being added to ACS. All of the APIs, portal experience, CLI commands and documentation are marked as deprecated.
For more information, see the Azure Container Service deprecation announcement on Azure.com.
We recommend that you deploy one of the following Azure Marketplace solutions:
- Mesosphere DC/OS
If you want to use Kubernetes, see Azure Kubernetes Service.
In this article, we explore how to use Azure Container Registry with a DC/OS cluster. Using ACR allows you to privately store and manage container images. This tutorial covers the following tasks:
- Deploy Azure Container Registry (if needed)
- Configure ACR authentication on a DC/OS cluster
- Uploaded an image to the Azure Container Registry
- Run a container image from the Azure Container Registry
You need an ACS DC/OS cluster to complete the steps in this tutorial. If needed, this script sample can create one for you.
This tutorial requires the Azure CLI version 2.0.4 or later. Run az --version
to find the version. If you need to upgrade, see Install the Azure CLI.
Use Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.
To start Azure Cloud Shell:
Option | Example/Link |
---|---|
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. | |
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. | |
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. |
To run the code in this article in Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block to copy the code.
Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code.
Deploy Azure Container Registry
If needed, create an Azure Container registry with the az acr create command.
The following example creates a registry with a randomly generate name. The registry is also configured with an admin account using the --admin-enabled
argument.
az acr create --resource-group myResourceGroup --name myContainerRegistry$RANDOM --sku Basic
Once the registry has been created, the Azure CLI outputs data similar to the following. Take note of the name
and loginServer
, these are used in later steps.
{
"adminUserEnabled": false,
"creationDate": "2017-06-06T03:40:56.511597+00:00",
"id": "/subscriptions/f2799821-a08a-434e-9128-454ec4348b10/resourcegroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry23489",
"location": "eastus",
"loginServer": "mycontainerregistry23489.azurecr.io",
"name": "myContainerRegistry23489",
"provisioningState": "Succeeded",
"sku": {
"name": "Basic",
"tier": "Basic"
},
"storageAccount": {
"name": "mycontainerregistr034017"
},
"tags": {},
"type": "Microsoft.ContainerRegistry/registries"
}
Get the container registry credentials using the az acr credential show command. Substitute the --name
with the one noted in the last step. Take note of one password, it is needed in a later step.
az acr credential show --name myContainerRegistry23489
For more information on Azure Container Registry, see Introduction to private Docker container registries.
Manage ACR authentication
The conventional way to push and pull image from a private registry is to first authenticate with the registry. To do so, you would use the docker login
command on any client that needs to access the private registry. Because a DC/OS cluster can contain many nodes, all of which need to be authenticated with the ACR, it is helpful to automate this process across each node.
Create shared storage
This process uses an Azure file share that has been mounted on each node in the cluster. If you have not already set up shared storage, see Setup a file share inside a DC/OS cluster.
Configure ACR authentication
First, get the FQDN of the DC/OS master and store it in a variable.
FQDN=$(az acs list --resource-group myResourceGroup --query "[0].masterProfile.fqdn" --output tsv)
Create an SSH connection with the master (or the first master) of your DC/OS-based cluster. Update the user name if a non-default value was used when creating the cluster.
ssh azureuser@$FQDN
Run the following command to login to the Azure Container Registry. Replace the --username
with the name of the container registry, and the --password
with one of the provided passwords. Replace the last argument mycontainerregistry.azurecr.io in the example with the loginServer name of the container registry.
This command stores the authentication values locally under the ~/.docker
path.
docker -H tcp://localhost:2375 login --username=myContainerRegistry23489 --password=//=ls++q/m+w+pQDb/xCi0OhD=2c/hST mycontainerregistry.azurecr.io
Create a compressed file that contains the container registry authentication values.
tar czf docker.tar.gz .docker
Copy this file to the cluster shared storage. This step makes the file available on all nodes of the DC/OS cluster.
cp docker.tar.gz /mnt/share/dcosshare
Upload image to ACR
Now from a development machine, or any other system with Docker installed, create an image and upload it to the Azure Container Registry.
Create a container from the Ubuntu image.
docker run ubuntu --name base-image
Now capture the container into a new image. The image name needs to include the loginServer
name of the container registry with a format of loginServer/imageName
.
docker -H tcp://localhost:2375 commit base-image mycontainerregistry30678.azurecr.io/dcos-demo
Login into the Azure Container Registry. Replace the name with the loginServer name, the --username with the name of the container registry, and the --password with one of the provided passwords.
docker login --username=myContainerRegistry23489 --password=//=ls++q/m+w+pQDb/xCi0OhD=2c/hST mycontainerregistry2675.azurecr.io
Finally, upload the image to the ACR registry. This example uploads an image named dcos-demo.
docker push mycontainerregistry30678.azurecr.io/dcos-demo
Run an image from ACR
To use an image from the ACR registry, create a file names acrDemo.json and copy the following text into it. Replace the image name with the container registry loginServer name and image name, for example loginServer/imageName
. Take note of the uris
property. This property holds the location of the container registry authentication file, which in this case is the Azure file share that is mounted on each node in the DC/OS cluster.
{
"id": "myapp",
"container": {
"type": "DOCKER",
"docker": {
"image": "mycontainerregistry30678.azurecr.io/dcos-demo",
"network": "BRIDGE",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp",
"name": "80",
"labels": null
}
],
"forcePullImage":true
}
},
"instances": 3,
"cpus": 0.1,
"mem": 65,
"healthChecks": [{
"protocol": "HTTP",
"path": "/",
"portIndex": 0,
"timeoutSeconds": 10,
"gracePeriodSeconds": 10,
"intervalSeconds": 2,
"maxConsecutiveFailures": 10
}],
"uris": [
"file:///mnt/share/dcosshare/docker.tar.gz"
]
}
Deploy the application with the DC/OC CLI.
dcos marathon app add acrDemo.json
Next steps
In this tutorial you have configure DC/OS to use Azure Container Registry including the following tasks:
- Deploy Azure Container Registry (if needed)
- Configure ACR authentication on a DC/OS cluster
- Uploaded an image to the Azure Container Registry
- Run a container image from the Azure Container Registry