快速入門:使用 Azure CLI 建立私人容器登錄Quickstart: Create a private container registry using the Azure CLI

Azure Container Registry 是用於儲存私用 Docker 容器映像的受控 Docker 容器登錄服務。Azure Container Registry is a managed Docker container registry service used for storing private Docker container images. 本指南詳述如何使用 Azure CLI 建立 Azure Container Registry 執行個體。This guide details creating an Azure Container Registry instance using the Azure CLI. 然後,使用 Docker 命令將容器映像推送到登錄中,最後從您的登錄中提取映像並加以執行。Then, use Docker commands to push a container image into the registry, and finally pull and run the image from your registry.

進行此快速入門時,您必須執行 Azure CLI (建議使用 2.0.55 版或更新版本)。This quickstart requires that you are running the Azure CLI (version 2.0.55 or later recommended). 執行 az --version 以尋找版本。Run az --version to find the version. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

您也必須在本機上安裝 Docker。You must also have Docker installed locally. Docker 提供可輕鬆在任何 macOSWindowsLinux 系統上設定 Docker 的套件。Docker provides packages that easily configure Docker on any macOS, Windows, or Linux system.

由於 Azure Cloud Shell 未包含所有必要的 Docker 元件 (dockerd 精靈),因此您無法使用本快速入門中的 Cloud Shell。Because the Azure Cloud Shell doesn't include all required Docker components (the dockerd daemon), you can't use the Cloud Shell for this quickstart.

建立資源群組Create a resource group

使用 az group create 命令來建立資源群組。Create a resource group with the az group create command. Azure 資源群組是在其中部署與管理 Azure 資源的邏輯容器。An Azure resource group is a logical container into which Azure resources are deployed and managed.

下列範例會在 eastus 位置建立名為 myResourceGroup 的資源群組。The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

建立容器登錄庫Create a container registry

您在本快速入門中會建立「基本」登錄,這是正在學習 Azure Container Registry 的開發人員所適用的成本最佳化選項。In this quickstart you create a Basic registry, which is a cost-optimized option for developers learning about Azure Container Registry. 如需可用服務層級的詳細資訊,請參閱容器登錄 SKUFor details on available service tiers, see Container registry SKUs.

使用 az acr create 命令建立 ACR 執行個體。Create an ACR instance using the az acr create command. 登錄名稱在 Azure 內必須是唯一的,且包含 5-50 個英數字元。The registry name must be unique within Azure, and contain 5-50 alphanumeric characters. 下列範例中使用 myContainerRegistry007In the following example, myContainerRegistry007 is used. 請將此更新為唯一的值。Update this to a unique value.

az acr create --resource-group myResourceGroup --name myContainerRegistry007 --sku Basic

建立登錄時,輸出大致如下:When the registry is created, the output is similar to the following:

{
  "adminUserEnabled": false,
  "creationDate": "2019-01-08T22:32:13.175925+00:00",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry007",
  "location": "eastus",
  "loginServer": "mycontainerregistry007.azurecr.io",
  "name": "myContainerRegistry007",
  "provisioningState": "Succeeded",
  "resourceGroup": "myResourceGroup",
  "sku": {
    "name": "Basic",
    "tier": "Basic"
  },
  "status": null,
  "storageAccount": null,
  "tags": {},
  "type": "Microsoft.ContainerRegistry/registries"
}

請記下輸出中的 loginServer,這是完整登錄名稱 (全部小寫)。Take note of loginServer in the output, which is the fully qualified registry name (all lowercase). 在本快速入門的其餘部分,<acrName> 是容器登錄名稱的預留位置。Throughout the rest of this quickstart <acrName> is a placeholder for the container registry name.

登入登錄Log in to registry

推送和提取容器映像之前,您必須先登入登錄。Before pushing and pulling container images, you must log in to the registry. 若要這樣做,請使用 az acr login 命令。To do so, use the az acr login command.

az acr login --name <acrName>

完成後,此命令會傳回 Login Succeeded 訊息。The command returns a Login Succeeded message once completed.

將映像推送至登錄Push image to registry

若要推送映像到 Azure Container Registry,您必須先有映像。To push an image to an Azure Container registry, you must first have an image. 如果您還沒有任何本機容器映像,請執行下列 docker pull 命令,從 Docker 中樞提取現有的映像。If you don't yet have any local container images, run the following docker pull command to pull an existing image from Docker Hub. 在此範例中,請提取 hello-world 映像。For this example, pull the hello-world image.

docker pull hello-world

您必須使用 ACR 登入伺服器的完整名稱來標記映像,才能將映像推送至您的登錄。Before you can push an image to your registry, you must tag it with the fully qualified name of your ACR login server. 登入伺服器名稱的格式為 <registry-name>.azurecr.io (全部小寫),例如 mycontainerregistry007.azurecr.ioThe login server name is in the format <registry-name>.azurecr.io (all lowercase), for example, mycontainerregistry007.azurecr.io.

使用 docker tag 命令來標記映像。Tag the image using the docker tag command. <acrLoginServer> 取代為 ACR 執行個體的登入伺服器名稱。Replace <acrLoginServer> with the login server name of your ACR instance.

docker tag hello-world <acrLoginServer>/hello-world:v1

最後,使用 docker push 將映像推送到 ACR 執行個體。Finally, use docker push to push the image to the ACR instance. <acrLoginServer> 取代為 ACR 執行個體的登入伺服器名稱。Replace <acrLoginServer> with the login server name of your ACR instance. 此範例會建立 hello-world 存放庫,其中包含 hello-world:v1 映像。This example creates the hello-world repository, containing the hello-world:v1 image.

docker push <acrLoginServer>/hello-world:v1

將映像推送至您的容器登錄之後,請從您的本機 Docker 環境中移除 hello-world:v1 映像。After pushing the image to your container registry, remove the hello-world:v1 image from your local Docker environment. (請注意,此 docker rmi 命令並不會從 Azure 容器登錄中的 hello-world 存放區移除映像。)(Note that this docker rmi command does not remove the image from the hello-world repository in your Azure container registry.)

docker rmi <acrLoginServer>/hello-world:v1

列出容器映像List container images

下列範例會列出登錄中的存放庫:The following example lists the repositories in your registry:

az acr repository list --name <acrName> --output table

輸出:Output:

Result
----------------
hello-world

下列範例會列出在 hello-world 存放庫上的標籤。The following example lists the tags on the hello-world repository.

az acr repository show-tags --name <acrName> --repository hello-world --output table

輸出:Output:

Result
--------
v1

從登錄執行映像Run image from registry

現在,您可以使用 docker run 從您的容器登錄中提取 hello-world:v1 容器映像並加以執行:Now, you can pull and run the hello-world:v1 container image from your container registry by using docker run:

docker run <acrLoginServer>/hello-world:v1  

範例輸出︰Example output:

Unable to find image 'mycontainerregistry007.azurecr.io/hello-world:v1' locally
v1: Pulling from hello-world
Digest: sha256:662dd8e65ef7ccf13f417962c2f77567d3b132f12c95909de6c85ac3c326a345
Status: Downloaded newer image for mycontainerregistry007.azurecr.io/hello-world:v1

Hello from Docker!
This message shows that your installation appears to be working correctly.

[...]

清除資源Clean up resources

若不再需要,您可以使用 az group delete 命令移除資源群組、容器登錄,以及儲存於該處的容器映像。When no longer needed, you can use the az group delete command to remove the resource group, the container registry, and the container images stored there.

az group delete --name myResourceGroup

後續步驟Next steps

在本快速入門中,您已使用 Azure CLI 建立 Azure Container Registry、將容器映像推送至登錄,以及從登錄中提取映像並加以執行。In this quickstart, you created an Azure Container Registry with the Azure CLI, pushed a container image to the registry, and pulled and ran the image from the registry. 請繼續進行 Azure 容器登錄教學課程,以深入了解 ACR。Continue to the Azure Container Registry tutorials for a deeper look at ACR.