您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 容器注册表中的异地复制Geo-replication in Azure Container Registry

需要本地状态或热备份的公司可选择从多个 Azure 区域运行服务。Companies that want a local presence, or a hot backup, choose to run services from multiple Azure regions. 最佳实践是在映像运行于的每个区域放置一个容器注册表,允许近网络操作,以实现快速可靠的映像层传输。As a best practice, placing a container registry in each region where images are run allows network-close operations, enabling fast, reliable image layer transfers. 异地复制允许 Azure 容器注册表充当单个注册表,向多个区域提供多主区域注册表。Geo-replication enables an Azure container registry to function as a single registry, serving multiple regions with multi-master regional registries.

异地复制注册表有以下优点:A geo-replicated registry provides the following benefits:

  • 单个注册表/映像/标记的名称可跨多个区域使用Single registry/image/tag names can be used across multiple regions
  • 由区域部署实现近网络注册表访问Network-close registry access from regional deployments
  • 由于是从与容器主机处于相同区域的本地复制注册表中拉取映像,因此无额外传输费用No additional egress fees, as images are pulled from a local, replicated registry in the same region as your container host
  • 跨多个区域对注册表进行单一管理Single management of a registry across multiple regions

备注

如果需要在多个 Azure 容器注册表中维护容器映像的副本,则 Azure 容器注册表还支持映像导入If you need to maintain copies of container images in more than one Azure container registry, Azure Container Registry also supports image import. 例如,在 DevOps 工作流中,可以将映像从开发注册表导入到生产注册表中,不需要使用 Docker 命令。For example, in a DevOps workflow, you can import an image from a development registry to a production registry, without needing to use Docker commands.

示例用例Example use case

Contoso 在美国、加拿大和欧洲各地运行着一个公开展示网站。Contoso runs a public presence website located across the US, Canada, and Europe. 为了向这些市场提供本地近网络内容,Contoso 在美国西部、美国东部、加拿大和西欧都运行着 Azure Kubernetes 服务 (AKS) 群集。To serve these markets with local and network-close content, Contoso runs Azure Kubernetes Service (AKS) clusters in West US, East US, Canada Central, and West Europe. 部署为 Docker 映像的网站应用程序在所有区域中均使用相同的代码和映像。The website application, deployed as a Docker image, utilizes the same code and image across all regions. 从在每个区域独特部署的数据库检索该区域的本地内容。Content, local to that region, is retrieved from a database, which is provisioned uniquely in each region. 对于本地数据库这样的资源,每个区域部署均有其唯一配置。Each regional deployment has its unique configuration for resources like the local database.

开发团队位于华盛顿州西雅图市,使用美国西部数据中心。The development team is located in Seattle WA, utilizing the West US data center.

推送到多个注册表Pushing to multiple registries
推送到多个注册表Pushing to multiple registries

使用异地复制功能之前,Contoso 已在美国西部拥有基于美国的注册表,在西欧拥有其他注册表。Prior to using the geo-replication features, Contoso had a US-based registry in West US, with an additional registry in West Europe. 为了向这些不同的区域提供服务,开发团队将映像推送到了两个不同的注册表。To serve these different regions, the development team pushed images to two different registries.

docker push contoso.azurecr.io/public/products/web:1.2
docker push contosowesteu.azurecr.io/public/products/web:1.2

从多个注册表拉取Pulling from multiple registries
从多个注册表拉取Pulling from multiple registries

多个注册表的典型挑战包括:Typical challenges of multiple registries include:

  • 美国东部、美国西部和加拿大中部的群集均拉取自美国西部的注册表,当每个远程容器主机从美国西部的数据中心拉取映像时,将产生传输费用。The East US, West US, and Canada Central clusters all pull from the West US registry, incurring egress fees as each of these remote container hosts pull images from West US data centers.
  • 开发团队必须将映像推送到美国西部和西欧的注册表。The development team must push images to West US and West Europe registries.
  • 开发团队必须使用引用本地注册表的映像名称配置和维护每个区域的部署。The development team must configure and maintain each regional deployment with image names referencing the local registry.
  • 必须为每个区域配置注册表访问。Registry access must be configured for each region.

异地复制的优点Benefits of geo-replication

从异地复制注册表拉取

使用 Azure 容器注册表的异地复制功能,将实现以下优点:Using the geo-replication feature of Azure Container Registry, these benefits are realized:

  • 跨所有区域管理单个注册表:contoso.azurecr.ioManage a single registry across all regions: contoso.azurecr.io
  • 管理多个映像部署的单个配置,因为所有区域使用同一个映像 URL:contoso.azurecr.io/public/products/web:1.2Manage a single configuration of image deployments as all regions used the same image URL: contoso.azurecr.io/public/products/web:1.2
  • 推送到单个注册表,而 ACR 管理异地复制。Push to a single registry, while ACR manages the geo-replication. 你可以配置区域性 Webhook 来通知你特定副本中的事件。You can configure regional webhooks to notify of you events in specific replicas.

配置异地复制Configure geo-replication

配置异地复制就如在地图上单击区域一样简单。Configuring geo-replication is as easy as clicking regions on a map. 你还可以使用包括 Azure CLI 中的 az acr replication 命令在内的工具来管理异地复制。You can also manage geo-replication using tools including the az acr replication commands in the Azure CLI.

异地复制是高级注册表特有的功能。Geo-replication is a feature of Premium registries only. 如果尚未使用高级注册表,可在 Azure 门户中将基本和标准更改为高级:If your registry isn't yet Premium, you can change from Basic and Standard to Premium in the Azure portal:

在 Azure 门户中切换 SKU

若要为高级注册表配置异地复制,可通过 https://portal.azure.com 登录到 Azure 门户。To configure geo-replication for your Premium registry, log in to the Azure portal at https://portal.azure.com.

导航到 Azure 容器注册表,然后选择“复制” :Navigate to your Azure Container Registry, and select Replications:

Azure 门户容器注册表 UI 中的副本

地图中显示了所有当前的 Azure 区域:A map is displayed showing all current Azure Regions:

Azure 门户中的区域地图

  • 蓝色六边形表示当前的副本Blue hexagons represent current replicas
  • 绿色六边形表示可能的复制区域Green hexagons represent possible replica regions
  • 灰色六边形表示尚不可复制的 Azure 区域Gray hexagons represent Azure regions not yet available for replication

若要配置副本,请选择一个绿色六边形,然后选择“创建” :To configure a replica, select a green hexagon, then select Create:

Azure 门户中的“创建副本”UI

若要创建其他副本,请选择表示其他区域的绿色六边形,然后单击“创建” 。To configure additional replicas, select the green hexagons for other regions, then click Create.

ACR 将开始在配置的副本间同步映像。ACR begins syncing images across the configured replicas. 完成后,门户将显示“就绪” 。Once complete, the portal reflects Ready. 门户中的副本状态不会自动更新。The replica status in the portal doesn't automatically update. 使用刷新按钮查看更新状态。Use the refresh button to see the updated status.

使用异地复制注册表的注意事项Considerations for using a geo-replicated registry

  • 异地复制注册表中的每个区域在设置后都是独立的。Each region in a geo-replicated registry is independent once set up. Azure 容器注册表 SLA 适用于每个异地复制区域。Azure Container Registry SLAs apply to each geo-replicated region.
  • 当你从异地复制注册表中推送或拉取映像时,后台的 Azure 流量管理器会将请求发送到位于离你最近的区域中的注册表。When you push or pull images from a geo-replicated registry, Azure Traffic Manager in the background sends the request to the registry located in the region closest to you.
  • 将映像或标记更新推送到最近的区域后,Azure 容器注册表需要一些时间将清单和层复制到你选择加入的其余区域。After you push an image or tag update to the closest region, it takes some time for Azure Container Registry to replicate the manifests and layers to the remaining regions you opted into. 较大的映像比较小的映像复制所需的时间更长。Larger images take longer to replicate than smaller ones. 映像和标记通过最终一致性模型在复制区域之间进行同步。Images and tags are synchronized across the replication regions with an eventual consistency model.
  • 若要管理依赖于异地复制注册表的推送更新的工作流,建议你配置 Webhook 以响应推送事件。To manage workflows that depend on push updates to a geo-replicated registry, we recommend that you configure webhooks to respond to the push events. 你可以在异地复制注册表中设置区域性 Webhook,以跟踪在异地复制区域内完成的推送事件。You can set up regional webhooks within a geo-replicated registry to track push events as they complete across the geo-replicated regions.

异地复制定价Geo-replication pricing

异地复制是 Azure 容器注册表高级 SKU 的一项功能。Geo-replication is a feature of the Premium SKU of Azure Container Registry. 将注册表复制到所需区域时,每个区域都会产生高级注册表费用。When you replicate a registry to your desired regions, you incur Premium registry fees for each region.

在前面的示例中,Contoso 将两个注册表合并到一起,并向美国东部、加拿大中部和西欧添加副本。In the preceding example, Contoso consolidated two registries down to one, adding replicas to East US, Canada Central, and West Europe. Contoso 每月将支付四次高级费用,且无额外配置或管理。Contoso would pay four times Premium per month, with no additional configuration or management. 现在每个区域就从本地拉取映像,既提升了性能和可靠性,又节省了从美国西部到加拿大和美国东部的网络传输费用。Each region now pulls their images locally, improving performance, reliability without network egress fees from West US to Canada and East US.

后续步骤Next steps

签出三部分的教程系列,Azure 容器注册表中的异地复制Check out the three-part tutorial series, Geo-replication in Azure Container Registry. 演示创建异地复制注册表、构建容器,然后使用单个 docker push 命令将其部署到多个区域的用于容器的 Web 应用。Walk through creating a geo-replicated registry, building a container, and then deploying it with a single docker push command to multiple regional Web Apps for Containers instances.