Azure 中的私人 Docker 容器登錄的簡介Introduction to private Docker container registries in Azure

Azure 容器登錄是可管理的 Docker Registry 服務,架構於開放原始碼的 Docker Registry 2.0。Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry 2.0. 建立及維護 Azure 容器登錄庫,以儲存和管理您的私人 Docker 容器映像。Create and maintain Azure container registries to store and manage your private Docker container images.

將 Azure 中的容器登錄與您現有的容器開發與部署管線搭配使用。Use container registries in Azure with your existing container development and deployment pipelines. 使用 Azure Container Registry Build (ACR Build) 在 Azure 中建置容器映像。Use Azure Container Registry Build (ACR Build) to build container images in Azure. 視需求建置,否則具有原始程式碼的完全自動組建會認可,且基礎映像更新組建會觸發。Build on demand, or fully automate builds with source code commit and base image update build triggers.

如需 Docker 與容器的相關背景,請參閱 Docker 概觀 (英文)。For background about Docker and containers, see the Docker overview.

使用案例Use cases

從 Azure 容器登錄庫將映像提取到不同部署目標︰Pull images from an Azure container registry to various deployment targets:

開發人員也可以將推送到容器登錄庫,當做容器開發工作流程的一部分。Developers can also push to a container registry as part of a container development workflow. 例如,從 Azure DevOps Services (英文) 或 Jenkins (英文) 等持續整合與部署工具中,將容器登錄設定為目標。For example, target a container registry from a continuous integration and deployment tool such as Azure DevOps Services or Jenkins.

設定 ACR 工作,以在其基礎映像更新時自動重建應用程式映像。Configure ACR Tasks to automatically rebuild application images when their base images are updated. 當您的小組將程式碼認可至 Git 存放庫時,使用 ACR 工作自動化映像建置。Use ACR Tasks to automate image builds when your team commits code to a Git repository.

重要概念Key concepts

  • 登錄庫 - 在您的 Azure 訂用帳戶中建立一或多個容器登錄庫。Registry - Create one or more container registries in your Azure subscription. 登錄可以三個 SKU 提供:基本、標準和進階,每個 SKU 都支援 Webhook 整合、使用 Azure Active Directory 的登錄驗證,以及刪除功能。Registries are available in three SKUs: Basic, Standard, and Premium, each of which support webhook integration, registry authentication with Azure Active Directory, and delete functionality. 在與您的部署相同的 Azure 位置建立登錄,以利用容器映像接近網路的本機儲存體。Take advantage of local, network-close storage of your container images by creating a registry in the same Azure location as your deployments. 將進階登錄庫的異地複寫功能用於進階複寫和容器映像散發案例。Use the geo-replication feature of Premium registries for advanced replication and container image distribution scenarios. 完整的登錄名稱具有 myregistry.azurecr.io 形式。A fully qualified registry name has the form myregistry.azurecr.io.

    使用 Azure Active Directory 支持的服務主體或提供的管理員帳戶,控制對容器登錄庫的存取。You control access to a container registry using an Azure Active Directory-backed service principal or a provided admin account. 執行標準 docker login 命令驗證登錄庫。Run the standard docker login command to authenticate with a registry.

  • 存放庫 - 登錄中會包含一或多個存放庫,以便儲存容器映像群組。Repository - A registry contains one or more repositories, which store groups of container images. Azure 容器登錄庫支援多層級的儲存機制命名空間。Azure Container Registry supports multilevel repository namespaces. 有了多層級命名空間,您可以將與特定應用程式相關的映像集合為群組,或將特定開發或作業團隊的應用程式集合為群組。With multilevel namespaces, you can group collections of images related to a specific app, or a collection of apps to specific development or operational teams. 例如︰For example:

    • myregistry.azurecr.io/aspnetcore:1.0.1 表示全公司的映像myregistry.azurecr.io/aspnetcore:1.0.1 represents a corporate-wide image
    • myregistry.azurecr.io/warrantydept/dotnet-build 表示用來建立 .NET 應用程式的映像,在保固部門之間共用myregistry.azurecr.io/warrantydept/dotnet-build represents an image used to build .NET apps, shared across the warranty department
    • myregistry.azurecr.io/warrantydept/customersubmissions/web 表示 Web 映像,其屬於保固部門所擁有的客戶提交應用程式群組myregistry.azurecr.io/warrantydept/customersubmissions/web represents a web image, grouped in the customer submissions app, owned by the warranty department
  • 映像 - 儲存在存放庫中,每個映像是 Docker 相容容器的唯讀快照集。Image - Stored in a repository, each image is a read-only snapshot of a Docker-compatible container. Azure 容器登錄庫可以包含 Windows 和 Linux 映像。Azure container registries can include both Windows and Linux images. 您可以控制您的所有容器部署的映像名稱。You control image names for all your container deployments. 使用標準 Docker 命令 將映像推送到儲存機制,或從儲存機制提取映像。Use standard Docker commands to push images into a repository, or pull an image from a repository. 除了容器映像外,Azure Container Registry 還會儲存相關的內容格式,例如 Helm 圖表,以用來將應用程式部署至 Kubernetes。In addition to container images, Azure Container Registry stores related content formats such as Helm charts, used to deploy applications to Kubernetes.

  • 容器 - 容器定義軟體應用程式及其相依性,包裹在完整的檔案系統中,包括程式碼、執行階段、系統工具和程式庫。Container - A container defines a software application and its dependencies wrapped in a complete filesystem including code, runtime, system tools, and libraries. 根據您從容器登錄庫提取的 Windows 或 Linux 映像,執行 Docker 容器。Run Docker containers based on Windows or Linux images that you pull from a container registry. 在單一電腦上執行的容器共用作業系統核心。Containers running on a single machine share the operating system kernel. Docker 容器可完全移植到所有主要 Linux 散發版本、macOS 和 Windows。Docker containers are fully portable to all major Linux distros, macOS, and Windows.

Azure Container Registry 工作Azure Container Registry Tasks

Azure Container Registry 工作 (ACR 工作) 是 Azure Container Registry 內的一組功能,可在 Azure 中提供精簡而有效率的 Docker 容器映像建置。Azure Container Registry Tasks (ACR Tasks) is a suite of features within Azure Container Registry that provides streamlined and efficient Docker container image builds in Azure. 使用 ACR 工作將 docker build 作業卸載至 Azure,讓您的開發內部迴圈延伸到雲端。Use ACR Tasks to extend your development inner-loop to the cloud by offloading docker build operations to Azure. 設定建置工作以自動化您的容器作業系統與架構修補管線,並在您的小組將程式碼認可至來源控制項時自動建置影像。Configure build tasks to automate your container OS and framework patching pipeline, and build images automatically when your team commits code to source control.

多步驟工作 是 ACR 工作的預覽功能,提供適用於在雲端建置、測試及修補容器映像的步驟型工作定義與執行。Multi-step tasks, a preview feature of ACR Tasks, provides step-based task definition and execution for building, testing, and patching container images in the cloud. 工作步驟會定義個別的容器映像建置和推送作業。Task steps define individual container image build and push operations. 它們也可以定義一或多個容器的執行,其中每個步驟都使用容器作為其執行環境。They can also define the execution of one or more containers, with each step using the container as its execution environment.

後續步驟Next steps