Azure 容器登錄中的異地複寫Geo-replication in Azure Container Registry

公司想要本機存在或熱備份時,選擇從多個 Azure 區域執行服務。Companies that want a local presence, or a hot backup, choose to run services from multiple Azure regions. 最佳做法是將容器登錄中放入每個區域,其中執行映像以允許網路關閉作業、啟用快速、可靠的映像圖層傳輸。As a best practice, placing a container registry in each region where images are run allows network-close operations, enabling fast, reliable image layer transfers. 異地複寫可讓 Azure 容器登錄成為單一登錄、服務包含多個區域登錄的多重主要區域。Geo-replication enables an Azure container registry to function as a single registry, serving multiple regions with multi-master regional registries.

異地複寫登錄提供下列優點:A geo-replicated registry provides the following benefits:

  • 可跨多個區域使用單一登錄/映像/標記名稱Single registry/image/tag names can be used across multiple regions
  • 從區域部署網路關閉登錄存取Network-close registry access from regional deployments
  • 沒有其他輸出費用,因為映像是取自容器主機的相同區域中的本機、複寫的登錄No additional egress fees, as images are pulled from a local, replicated registry in the same region as your container host
  • 跨多個區域單一管理登錄Single management of a registry across multiple regions

注意

如果您需要維護多個 Azure容器映像中的容器映像複本,Azure Container Registry 也支援映像匯入If you need to maintain copies of container images in more than one Azure container registry, Azure Container Registry also supports image import. 例如,在 DevOps 工作流程中,您可以從開發登錄將映像匯入到生產環境登錄,完全不需要使用 Docker 命令。For example, in a DevOps workflow, you can import an image from a development registry to a production registry, without needing to use Docker commands.

使用案例範例Example use case

Contoso 會執行位在美國、加拿大和歐洲的公開金鑰存在網站。Contoso runs a public presence website located across the US, Canada, and Europe. 為了在這些市場中提供本機和網路關閉內容,Contoso 在美國西部、美國東部、加拿大中央和西歐執行 Azure Kubernetes Service (AKS) 叢集。To serve these markets with local and network-close content, Contoso runs Azure Kubernetes Service (AKS) clusters in West US, East US, Canada Central, and West Europe. 網站應用程式 (部署為 Docker 映像) 會在所有區域利用相同的程式碼和映像。The website application, deployed as a Docker image, utilizes the same code and image across all regions. 從資料庫 (基本在每個區域中佈建) 擷取該區域的本機內容。Content, local to that region, is retrieved from a database, which is provisioned uniquely in each region. 每個區域部署都會有其資源的唯一設定,例如本機資料庫。Each regional deployment has its unique configuration for resources like the local database.

開發小組位於 Seattle WA,利用美國西部的資料中心。The development team is located in Seattle WA, utilizing the West US data center.

推入至多個登錄Pushing to multiple registries
推入至多個登錄Pushing to multiple registries

在使用異地複寫功能前,Contoso 在美國西部具有美國型登錄,在西歐有其他登錄。Prior to using the geo-replication features, Contoso had a US-based registry in West US, with an additional registry in West Europe. 為了服務這些不同區域,開發小組將映像發送至兩個不同的登錄。To serve these different regions, the development team pushed images to two different registries.

docker push contoso.azurecr.io/public/products/web:1.2
docker push contosowesteu.azurecr.io/public/products/web:1.2

從多個登錄提取Pulling from multiple registries
從多個登錄提取Pulling from multiple registries

多個登錄的常見難題包含:Typical challenges of multiple registries include:

  • 美國東部、美國西部和加拿大中心叢集皆從美國西部登錄擷取,因為其中每個遠端容器主機皆從美國西部資料中心提取資料,因此會產生輸出費用。The East US, West US, and Canada Central clusters all pull from the West US registry, incurring egress fees as each of these remote container hosts pull images from West US data centers.
  • 開發小組必須將映像推送到美國西部和西歐登錄中。The development team must push images to West US and West Europe registries.
  • 開發小組必須設定及維護參考本機登錄之影像名稱所在的每個區域部署。The development team must configure and maintain each regional deployment with image names referencing the local registry.
  • 必須為每個區域設定登錄存取。Registry access must be configured for each region.

異地複寫的優點Benefits of geo-replication

從異地複寫登錄中提取

使用 Azure Container Registry 的異地複寫功能來實現這些優點:Using the geo-replication feature of Azure Container Registry, these benefits are realized:

  • 在所有區域管理單一登錄:contoso.azurecr.ioManage a single registry across all regions: contoso.azurecr.io
  • 管理單一映像部署設定,因為所有區域都使用相同的映像 URL:contoso.azurecr.io/public/products/web:1.2Manage a single configuration of image deployments as all regions used the same image URL: contoso.azurecr.io/public/products/web:1.2
  • 推送至單一登錄,同時 ACR 會管理異地複寫。Push to a single registry, while ACR manages the geo-replication. 您可以設定區域 Webhook 通知自己有特定複本中的事件。You can configure regional webhooks to notify of you events in specific replicas.

設定異地複寫Configure geo-replication

設定異地複寫是簡單的,只要按一下地圖上的區域。Configuring geo-replication is as easy as clicking regions on a map. 您也可以使用某些工具來管理異地複寫,包括 Azure CLI 中的 az acr replication 命令。You can also manage geo-replication using tools including the az acr replication commands in the Azure CLI.

異地複寫是進階登錄的一項功能。Geo-replication is a feature of Premium registries only. 如果您的登錄還不是進階,您可以在 Azure 入口網站中從基本和標準變更為進階:If your registry isn't yet Premium, you can change from Basic and Standard to Premium in the Azure portal:

在 Azure 入口網站中切換 SKU

若要設定進階登錄的異地複寫,請登入 Azure 入口網站 ( https://portal.azure.com )。To configure geo-replication for your Premium registry, log in to the Azure portal at https://portal.azure.com.

導覽到 Azure 容器登錄,並選取 [複寫] :Navigate to your Azure Container Registry, and select Replications:

在 Azure 入口網站的容器登錄 UI 中進行複寫

地圖會顯示,包含所有目前的 Azure 區域:A map is displayed showing all current Azure Regions:

Azure 入口網站的區域圖

  • 藍色六邊形代表目前的複本Blue hexagons represent current replicas
  • 綠色六邊形代表可能的複本區域Green hexagons represent possible replica regions
  • 灰色六邊形代表尚未提供複寫的 Azure 區域Gray hexagons represent Azure regions not yet available for replication

若要設定複本,選取綠色六邊形,然後選取 [建立] :To configure a replica, select a green hexagon, then select Create:

在 Azure 入口網站中建立複寫 UI

若要設定其他複本,請選取其他地區的綠色六邊形,然後按一下 [建立] 。To configure additional replicas, select the green hexagons for other regions, then click Create.

ACR 會開始同步設定的複本之間的映像。ACR begins syncing images across the configured replicas. 完成時,入口網站會反映 [準備] 。Once complete, the portal reflects Ready. 入口網站中的複本狀態不會自動更新。The replica status in the portal doesn't automatically update. 使用 [重新整理] 按鈕以查看更新的狀態。Use the refresh button to see the updated status.

使用異地複寫登錄的考量Considerations for using a geo-replicated registry

  • 異地複寫登錄中的每個區域在設定完成後,都是獨立的。Each region in a geo-replicated registry is independent once set up. Azure Container Registry SLA 會套用至每個異地複寫的區域。Azure Container Registry SLAs apply to each geo-replicated region.
  • 當您對異地複寫的登錄推送或提取映像時,背景中的 Azure 流量管理員會將要求傳送至離您最近的區域中的登錄。When you push or pull images from a geo-replicated registry, Azure Traffic Manager in the background sends the request to the registry located in the region closest to you.
  • 當您將映像或標記更新推送至最接近的區域之後,Azure Container registry 需要一些時間將資訊清單和層複寫至您選擇加入的其餘區域。After you push an image or tag update to the closest region, it takes some time for Azure Container Registry to replicate the manifests and layers to the remaining regions you opted into. 映像愈大,複寫就愈耗時。Larger images take longer to replicate than smaller ones. 各個複寫區域會透過最終的一致性模型同步處理映像和標記。Images and tags are synchronized across the replication regions with an eventual consistency model.
  • 若要管理必須將更新推送至異地複寫登錄的工作流程,建議您設定 Webhook 來回應推送事件。To manage workflows that depend on push updates to a geo-replicated registry, we recommend that you configure webhooks to respond to the push events. 您可以在異地複寫的登錄中設定區域 Webhook,來追蹤異地複寫區域之間的推送事件何時完成。You can set up regional webhooks within a geo-replicated registry to track push events as they complete across the geo-replicated regions.

異地複寫價格Geo-replication pricing

異地複寫是 Azure Container Registry 之進階 SKU 的功能。Geo-replication is a feature of the Premium SKU of Azure Container Registry. 當您要複寫登錄到您想要的區域時,您會產生每個區域的進階登錄費用。When you replicate a registry to your desired regions, you incur Premium registry fees for each region.

在上述範例中,Contoso 會將兩個登錄向下合併成一個,並將複本新增至美國東部、加拿大中部和西歐。In the preceding example, Contoso consolidated two registries down to one, adding replicas to East US, Canada Central, and West Europe. Contoso 應支付每月的次進階費用,不含任何額外的設定或管理。Contoso would pay four times Premium per month, with no additional configuration or management. 每個區域現在會在本機提取其映像,改善效能和可靠性,而不會衍生從美國西部到加拿大和美國東部的網路輸出費用。Each region now pulls their images locally, improving performance, reliability without network egress fees from West US to Canada and East US.

後續步驟Next steps

簽出三段式教學課程系列,Azure Container Registry 中的異地複寫Check out the three-part tutorial series, Geo-replication in Azure Container Registry. 逐步解說建立異地備援登錄、建立容器,然後再使用單一 docker push 命令將其部署到多個區域之 適用於容器的 Web Apps 執行個體。Walk through creating a geo-replicated registry, building a container, and then deploying it with a single docker push command to multiple regional Web Apps for Containers instances.