Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Azure Container Registry (ACR): A Complete Guide

Name: Azure Container Registry (ACR): A Complete Guide
Rating: 4.5 (39 reviews)

A Comprehensive and Practical Course: Containers, Automation, Networking, Security, Monitoring, HA, AKS, and others

Created bycourscape.com by Andrei Barbu | Microsoft employee working daily with AKS, ARO, ACI, ACR

Last updated 6/2024

English

What you'll learn

Containerization, Docker and registries basics
What Azure Container Registry (ACR) is, how to create one
Basic operations like import, push, pull
How to automate container builds, pushes and more during commit source code with the help of ACR Tasks and ACR Webhooks
How to properly delete, recover and lock images and repositories
Authentication methods and the proper roles needed
How to integrate ACR with other Azure services
Networking and security considerations like restricting access, private connection, data exfiltration, access from behind a firewall, scanning, Content Trust
How to monitor and troubleshoot ACR
How to obtain resiliency, high availability, performance, better pull speeds, overcome public registries rate limiting and more

Course content

11 sections • 86 lectures • 9h 19m total length

Introduction about instructor and course8:08
Good to know / Recommended background3:01
Clarify the recommended background for mastering the Azure Container Registry course, covering basics of containerization, Docker fundamentals, Linux, networking, and Azure services while encouraging a flexible, start-and-adapt approach.
Connect with me

What is a container and how is it different from a VM?9:04
Compare containers with virtual machines to highlight improved resource efficiency and portability. Explain how containers share the host kernel, use namespaces and cgroups, and isolate applications with their own dependencies.
Microservices architecture2:10
Discover how containers enable microservices by decomposing monoliths into scalable services like authentication, catalog management, and orders. See how portability and loose coupling boost flexibility and resilience in cloud deployments.
Install Docker and Azure CLI on an Ubuntu VM and other considerations7:36
What are Docker, Dockerfile and Docker Hub?7:12
Create our 1st container (web app), push it to Docker Hub and run it7:12
Create a simple containerized website using Nginx Alpine, build with a Dockerfile, push the image to Docker Hub, and run it locally with port 80 mapping.
Create our 2nd container (troubleshooting app), push it to Docker Hub and run it6:33
Understand why we need a container registry, like Azure Container Registry (ACR)3:56
Understand how a container registry, including Azure Container Registry, centralizes storage, versioning, and distribution of container images with security, access controls, and Kubernetes integration for scalable deployments.
Understand registry and image related terminologies8:56
Explore Azure Container Registry concepts such as registry, repository, image, artifact, tag, layer, manifest, digest, and namespaces, and learn how they relate to containers and image distribution.

What is Azure Container Registry (ACR)?4:00
Explore Azure Container Registry as a private, managed registry for storing and deploying container images, with security, OCI support, and RBAC integration across Azure services.
Defining storage, throughput and throttling in ACR3:44
Define storage, throughput, and throttling in ECR, explain the 20 TB tier storage limit, and how read and write operations drive pulls and pushes.
Understand ACR limits and tier comparison4:15
Compare basic, standard, and premium ACR tiers, detailing features, storage limits, throughput, webhooks, and anonymous poll access.
Azure free account and ACR pricing6:09
Explore Azure pricing for ACR, including a free account with $200 credit and standard tier 100 gb storage with ten webhooks for free for 12 months, using the pricing calculator.
Learn and explore Microsoft Artifact Registry (MAR/MCR)6:59
Important notes about ACR support policy and ACR Roadmap5:23
Explore the ECR policies and roadmap to understand the shared responsibility between Microsoft and customers for using the azure container registry correctly.
Let's create and explore our first Azure Container Registry (ACR)7:31
Create and explore your first Azure container registry in the portal, including resource group setup, basic sku selection, and key blades like get started, access control, and encryption.
Import images to ACR and explore them4:59
Import images into Azure Container Registry from Docker Hub, other registries, or private sources with a simple workflow, then explore repositories, tags, and manifests, including multi-architecture images.
How to set a default registry to simplify "az acr" commands1:56
Understand and use AAD individual login to authenticate to ACR7:40
Understand and use the admin user in ACR5:56
Enable and use the admin user in Azure Container Registry for quick image deployment to Azure services; manage two passwords, restrict use, and prefer individual accounts and other authentication methods.
Push and pull container images to/from ACR3:23
Push and pull OCI artifacts to/from ACR3:27
Push and pull Helm charts to/from ACR4:55
Learn to create and package a helm chart, then push to and pull from Azure container registry using Helm 3, enabling deployment to Kubernetes clusters.
Starting with ACR Tasks: Understand and use "az acr build" and "az acr run"11:57
Build and run container images in the cloud with Azure Container Registry tasks—quick tasks—using az acr build and az acr run—without installing Docker on your machine.
Use Azure Cloud Shell with ACR5:08
Learn how to use Azure Cloud Shell with ACR and ECR, login with expose token, run ECR commands without the Docker daemon, and manage registries, images, and Helm.
Send events from ACR to Event Grid and view them on a prebuilt Azure WebApp9:57
Learn to route Azure Container Registry events to Event Grid and display them in near real-time on a prebuilt Azure Web App using ASP.NET Core and SignalR.
Starting with Azure Container Registry (ACR) - Quiz

A few ACR Task related considerations about variables, aliases and YAMLs3:33
Explore ACR task concepts by examining yaml file formats, variables, aliases, and samples, and learn how run ID, timer schedules, and multi-step tasks automate builds and deployments.
Automate container image builds in the cloud when you commit source code7:50
Automate container image builds by committing source code to a git repository using ECR tasks, with a personal access token, environment variables, and automated task runs.
Automate ACI deployments and updates with ACR Task, ACR Webhook and Logic Apps19:30
Automate Azure container deployments and updates using ACR task, ACR webhook, and Azure Logic Apps to provision and refresh an Azure container instance.
Create a multi-step task using a YAML file6:56
Create a multi-step task in Azure container registry with a YAML file to build, test, and push images, using Dockerfile, scripts, or commands and variables; trigger manually or on commits.
Automate container image builds when a base image is updated10:11
Automate container image builds with Azure Container Registry tasks when the base image updates, configuring base and app Dockerfiles, environment variables, and triggering builds from commits to the GitHub repository.
Understand and run an ACR timer-triggered task based on a schedule5:36
Schedule and run ACR tasks using timer triggers and cron expressions. Define minute, hour, day, month, and day-of-week; test timer-triggered tasks with image updates or code commits.
Understand dedicated agent pools and run an ACR task there6:18
Learn how dedicated agent pools in Azure Container Registry reserve exclusive VM agents to run ACR tasks with configurable sizes and networking, scaled on demand and billed by CPU-seconds.
Automate with Tasks and Webhooks in ACR - Quiz

Basic delete options6:50
Delete digests by timestamp using a script3:45
Learn to delete digests by timestamp in Azure container registry using a Microsoft script, including a dry run with enable delete set to false and final deletion of v1 manifests.
Prevent delete, write, read, and list by locking images and repositories10:32
Lock images and repositories in Azure Container Registry to prevent delete, read, write, and list operations, and learn how mutable versus immutable tagging informs locking.
Enable soft delete policy and recover deleted artifacts3:56
Enable soft delete to recover accidentally deleted artifacts in your registry, with a retention period of 1-90 days and auto purge every 24 hours.
Use “acr purge” command to delete images on-demand or on a schedule13:33
Learn to use the ACR purge command to delete image tags and manifests on demand or on a schedule, with filters, go duration, untagged, dry run, and concurrency.
Set a retention policy for untagged manifests4:58
Set a retention policy for untagged manifests in premium Azure container registries to auto-delete manifests after 0–365 days, while untagged manifests are logged when deletion is disabled.
Delete, recover and lock ACR images and repositories - Quiz

Understand RBAC roles and permissions related to ACR10:47
Authentication options overview3:12
Reminder about authentication with individual AD identity and admin user1:57
Learn how individual Active Directory identities authenticate and authorize access to container images in Azure Container Registry and why admin user access is discouraged in favor of granular rbac.
Authenticate with AD service principal7:25
Authenticate with managed identity and compare it with AD service principal6:27
Learn to authenticate to Azure using managed identities, system and user assigned, with automatic credential rotation, and compare them to Azure AD service principals for ACR login and Docker pull.
Tokens and scope maps13:04
Learn to use tokens and scope maps in Azure container registry to grant granular, time-limited access to repositories and images, with hands-on setup in the Azure portal.
Make your content publicly available with Anonymous / Unauthenticated pull4:39
Enable anonymous pull in Azure container registry to allow unauthenticated image downloads for public images, not available on basic tier, and requires standard or premium, with logout after enabling.
ACR task authentication considerations and cross-registry authentication demo6:33
Explore ACR task authentication scenarios using system managed identities, cross-registry authentication, and Azure Key Vault secrets to securely access private repositories and pull base images across registries.
Authentication and access control in ACR - Quiz

Learn Kubernetes basics and create an Azure Kubernetes Service (AKS) cluster7:37
Explore Azure Kubernetes Service basics and running container images from ECR. Create an AKS cluster, manage pods and deployments, and expose apps with a load balancer.
How the Azure Kubernetes Service (AKS) - ACR integration works?3:22
Explore two AKS–ACR integration options: attach an ECR pull role to the cluster identity or create a docker registry secret for ECR credentials, enabling secure image pulls.
Integrate AKS and ACR - Azure/RBAC method7:00
Integrate AKS and ACR - Kubernetes/pull secret method4:58
Configure a Kubernetes secret using a token to enable aks to pull images from acr with an image pull secret. Apply a pod yaml referencing the secret.
Deploy to ACI (Azure Container Instances) using admin user7:04
Deploy to Azure container instances with ECR admin user credentials, enable the admin user, and authenticate to pull container images securely from registries.
Deploy to ACI using an AAD service principal4:42
Learn to authenticate an Azure container instance to the Elastic Container Registry (ECR) with an Azure AD service principal, enabling least-privilege access, role assignments, and credential management for automated deployments.
Deploy to ACI using an AAD service principal with credentials in Key Vault5:43
Deploy to ACI using a Managed Identity5:33
Deploy to Azure App Service Web App for Containers using admin user6:55
Deploy a container from ECR to Azure App Service Web App for Containers using an admin user, enabling continuous deployment via a webhook that auto-updates on image changes.
Integrate ACR with other Azure services (AKS, ACI, Web App) - Quiz

Restrict public access to ACR5:52
Restrict public access to Azure container registry using the built-in firewall, define IP addresses or CIDRs, and explore how private endpoints and private link interact with trusted services.
Trusted services in ACR6:14
Understand how to securely connect to ACR via a private connection8:57
Configure Azure Container Registry with private link, private endpoint, and private DNS zone to restrict traffic to an Azure virtual network and connect endpoints over the Microsoft backbone.
Configure secure connectivity to ACR via a private connection10:49
Service endpoint in ACR2:18
Understand how service endpoints in ACR route virtual network traffic over the Azure backbone, avoiding the public internet, and why private endpoints are recommended for private IP connectivity.
How devices behind a firewall can access ACR and about dedicated data endpoints7:40
Enable secure access to azure container registry behind firewalls using dedicated data endpoints. Ensure registry rest Api and storage endpoints are reachable over port 443 to mitigate data exfiltration.
Configure AKS behind Azure Firewall to access ACR12:45
Configure an AKS cluster behind an Azure firewall, establish explicit egress via a route table and UDR, and permit access to the Azure container registry with network and application rules.
Scan for vulnerabilities and get recommendations with Microsoft Defender11:46
Microsoft Defender for Containers uses a Qualys-powered scanner to assess Azure container registry images for vulnerabilities and provide remediation and hardening recommendations.
Implement policies for ACR with Azure Policy7:14
Implement Azure policy for Azure container registries to enforce governance and security with append, audit, deny, and disabled effects, and test compliance for local admin accounts.
Disable export of artifacts from ACR4:32
Learn how to disable artifact export in Azure container registry, enforce a network-restricted export policy to prevent leakage, test imports from ECR, and understand the security implications.
Understand Content Trust, related terms and ACR particularities13:21
Learn Docker content trust basics and Azure Container Registry specifics: sign and verify images with root, repository, snapshot, and timestamp keys, and enable content trust for publishers and consumers.
Practice Content Trust in ACR9:54
Enable content trust in Azure container registry, sign images with docker trust, manage signers and keys, and verify signed versus unsigned images through push, pull, and inspection.
Networking and security in ACR - Quiz

"az acr check-health" command4:41
Learn how the az acr check-health command helps diagnose Docker and networking issues with Azure Container Registry, validating the Docker daemon, versions, DNS, and tokens.
Activity logs3:57
Discover how Azure activity logs for ACR capture create, update, and delete actions, use Azure Monitor to build alerts, dashboards, and audits, and retain data for 90 days.
Metrics explorer in ACR3:14
Explore Azure metrics with the Matrix Explorer in Azure Monitor to build custom charts and dashboards, set alerts, and analyze push/pull counts, storage use, and runtime duration for Azure resources.
Create a diagnostic settings and explore logs7:30
Configure diagnostic settings for the Azure container registry and explore logs in a Log Analytics workspace, using Kusto queries to analyze registry and login events.
Understand Alerts in Azure1:52
Learn how alerts monitor Azure resources using metrics, log, smart detection, and Prometheus alert types, with out-of-the-box and custom rules, action groups, and workflows to notify or automate resolution.
Create a metrics-based alert6:47
Create a log-based alert4:06
Monitor and troubleshoot ACR - Quiz

Manually move an ACR to another region7:22
Availability Zones in ACR3:28
Understand geo-replication in ACR7:56
Understand geo replication in Azure container registry, mirroring container images across multiple regions to improve availability, reliability, and low-latency access for global users.
Practice and test geo-replication in ACR11:48
Enable geo replication in Azure container registry and deploy an app showing the image region. Test pull times between East US and West Europe VMs, noting reliability and data residency.
Project Teleport4:46
Project Teleport introduces a transport protocol that transfers container layers directly from registry to host, dramatically speeding image startup in Azure environments via SMB mounts and layer caching.
Understand Cache for ACR4:26
Understand how cache for ACR caches upstream images in Azure Container Registry to speed pulls. Learn benefits for private networks, rate-limit mitigation, and authenticated versus unauthenticated pull options.
Get started with Cache for ACR4:20
Learn how to use cache for ACR to transparently cache Docker Hub images in your Azure Container Registry, enabling first pull from Docker Hub and subsequent pulls from the cache.
Use Cache for ACR with authentication9:29
Learn to authenticate for ACR caching to securely pull from private repositories via authenticated pulls, preventing tampering, by configuring Azure Key Vault secrets and RBAC-driven credentials.
High availability, reliability, and performance in ACR - Quiz

Requirements

It is good to have basic knowledge of Containerization, Linux, Networking, and Azure, but I am explaining most of the concepts at specific points during the course

Description

In the world of cloud computing, containers have emerged as a game-changer, enabling software developers to create, test, and deploy applications seamlessly. But with this comes the need for a centralized location to store and manage these container images, which is where Azure Container Registry (ACR) comes into play.

Azure Container Registry (ACR) is a private, managed, and secure registry service that allows users to store and manage container images for use with Azure services like Azure Kubernetes Service (AKS) and more, or even non-Azure services or on-premises.

This course, "Azure Container Registry (ACR) Made Easy," is your comprehensive guide to understanding and managing ACR. Throughout the course, we have a lot of practice/hands-on sessions to ensure that you can apply the concepts you learned in real-world situations. Whether you are new to container management or an experienced professional, this course will provide you with the expertise needed to manage and store containers using ACR.

We will start by exploring containers, images, and registries, followed by an in-depth explanation of ACR's basics, including its tiers, limits, and pricing. You will then learn how to create an ACR, import, pull, and push images, work with agent pools, and more.

The course then moves on to more advanced topics, such as automating with all kinds of ACR Tasks and Webhooks, deleting, recovering, and locking ACR images and repositories. We will also delve into access control and all the authentication options available.

Next, we will look at integrating ACR with other Azure services, such as Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Azure Web App for Containers. You will also learn about networking and security, including how to restrict public access, use trusted services, connect via a private endpoint or from behind a firewall, scan images with Microsoft Defender, implement governance and security with Azure Policy, or use Content Trust.

In the monitoring and troubleshooting section, you will learn the basics of troubleshooting, how to monitor ACR, and how to create alerts for metrics and logs. Finally, we will cover high availability and performance, including moving an ACR to another region, availability zones, geo-replication, Project Teleport, and cache for ACR.

By the end of this course, you will have gained a thorough understanding of ACR and the skills to create and manage your own container registry with ease. Whether you are a software developer, a DevOps engineer, or an IT professional, this course will equip you with the knowledge and skills to take your container management to the next level.

Who this course is for:

Anyone that is new to container world
IT professionals or administrators looking for a simple and security container registry to store and manage container images or other artifacts
Cloud architects who want to understand the benefits and limitations of Azure Container Registry and how it fits into their cloud architecture or how to integrate it with other Azure services, like Azure Kubernetes Service (AKS) or Azure Container Instances (ACI)
Existing ACR users that are looking to extend their ACR knowledge and fully benefit from this service while enhancing the registry security, availability or performance
System Administrators responsible for managing container environments and looking to leverage Azure Container Registry for secure storage and distribution of container images
Azure Enthusiasts looking to expand their understanding of Azure's capabilities and delve into the world of containerization

Azure Container Registry (ACR): A Complete Guide

What you'll learn

Explore related topics

Course content

Course introduction3 lectures • 11min

Understanding containers, images and registries8 lectures • 53min

Starting with Azure Container Registry (ACR)17 lectures • 1hr 37min

Automate with Tasks and Webhooks in ACR7 lectures • 1hr

Delete, recover and lock ACR images and repositories6 lectures • 44min

Authentication and access control in ACR8 lectures • 54min

Integrate ACR with other Azure services (AKS, ACI, Web App)9 lectures • 53min

Networking and security in ACR12 lectures • 1hr 41min

Monitor and troubleshoot ACR7 lectures • 32min

High availability and performance in ACR8 lectures • 54min

Requirements

Description

Who this course is for: