az-acr

Create a managed container registry

$ az acr create [[-n|--name]] [registry_name] [[-g|--resource-group]] [resource_group] --sku [sku]

$ az acr login [[-n|--name]] [registry_name]

$ docker tag [image_name] [registry_name].azurecr.io/[image_name]:[tag]

$ docker push [registry_name].azurecr.io/[image_name]:[tag]

$ docker pull [registry_name].azurecr.io/[image_name]:[tag]

$ az acr repository delete [[-n|--name]] [registry_name] --repository [image_name]:[tag]

$ az acr delete [[-n|--name]] [registry_name] [[-g|--resource-group]] [resource_group] [[-y|--yes]]

$ az acr repository list [[-n|--name]] [registry_name] --output table

az acr command [options]

Where command is one of the available subcommands for managing Azure Container Registry, such as:
az acr create - Create a new registry.
az acr show - Get the details of a registry.
az acr delete - Delete a registry.
az acr repository - Manage repositories within a registry.
az acr build - Queue a quick build.

To view a list of all available subcommands and their options, use:
az acr --help
az acr command --help

--help
    Show help message for the 'az acr' command group or a specific subcommand.

--name -n registry_name
    The name of the Azure Container Registry. This is a common required parameter for most registry-specific operations like create, show, delete, and update.

--resource-group -g resource_group_name
    The name of the Azure resource group in which the registry resides. Required for operations that identify the registry by its resource group.

--sku Basic|Standard|Premium
    The SKU of the container registry. Applicable when creating or updating a registry, determining features and pricing tier.

--admin-enabled true|false
    Indicates whether the admin user is enabled for the registry. Used to manage programmatic access via admin credentials.

--output -o json|jsonc|table|tsv|yaml|yamlc|none
    Output format for the command result. A global Azure CLI parameter applicable to all 'az acr' commands.

--query jmespath_string
    JMESPath query string to filter and format the command output. A global Azure CLI parameter.

az acr is the command group within the Azure CLI dedicated to managing Azure Container Registry instances. Azure Container Registry (ACR) is a fully managed, OCI-compliant container registry service in Azure, designed for storing and managing Docker container images and other OCI artifacts. The az acr command set provides a comprehensive interface for performing various operations on your container registries. These operations include creating, deleting, and updating registry instances; managing authentication credentials and network access; configuring geo-replication for global distribution; and overseeing repositories, images, and Helm charts stored within the registry. It also allows for setting up webhooks for event notifications and managing tasks for automated image builds and patching. This command group is crucial for DevOps workflows, enabling seamless integration with CI/CD pipelines and deployment to services like Azure Kubernetes Service (AKS) or Azure App Service. It empowers users to efficiently manage their private container image repositories directly from the command line, ensuring secure and scalable container artifact management in the cloud.

Caveats and Limitations:

Azure CLI Installation and Authentication: The az acr commands require the Azure CLI to be installed and properly authenticated to an Azure account (az login). Without authentication, operations will fail due to insufficient permissions.

Permissions (RBAC): To perform operations, the authenticated user or service principal must have the necessary Azure Role-Based Access Control (RBAC) permissions on the target subscription or resource group. Common roles include AcrContributor for full management, AcrPush for pushing images, and AcrPull for pulling images.

Globally Unique Registry Names: Each Azure Container Registry name must be globally unique across all Azure regions and subscriptions. If a chosen name is already in use, the creation command will fail.

SKU Features: The available features and capabilities of an Azure Container Registry vary significantly based on its SKU (Basic, Standard, Premium). For instance, geo-replication and content trust are exclusive to the Premium SKU. Consider your requirements before choosing an SKU.

Resource Group Dependency: All Azure Container Registries must reside within an Azure Resource Group. Management operations often require specifying both the registry name and its associated resource group.

The az acr command group is widely used for:

Automated Image Builds: Using az acr build to automate the process of building container images directly within Azure, often triggered by code commits.

Image Management: Pushing and pulling container images to and from the private registry using docker push and docker pull commands authenticated via az acr login.

CI/CD Integration: Integrating with Azure DevOps, GitHub Actions, Jenkins, or other CI/CD systems to automate the build, push, and deployment of containerized applications.

Kubernetes Deployment: Providing a secure and reliable source for container images deployed to Azure Kubernetes Service (AKS) clusters or other container orchestration platforms.

ACR offers robust security features manageable via az acr commands:

Azure Active Directory Integration: Authenticate users and service principals using Azure AD.

Managed Identities: Enable Azure resources to authenticate to ACR securely.

Private Endpoints: Configure network isolation for your registry, allowing access only from a virtual network via a private IP address, enhancing security and compliance.

Content Trust: Support for digitally signing images to ensure their integrity and authenticity, crucial for secure supply chain practices.

The az acr command group is an integral part of the Azure CLI, introduced to manage Azure Container Registry (ACR), a service launched by Microsoft to provide a private, managed Docker registry in Azure. Its development has closely tracked the evolution of containerization and Kubernetes within the Azure ecosystem, aiming to offer robust and scalable container image management capabilities. Initially focused on Docker images, az acr commands have expanded significantly over time to support various OCI (Open Container Initiative) artifacts, including Helm charts. Key historical developments include the introduction of features like geo-replication for global image distribution, ACR Tasks for automated image builds and patching, content trust for secure image signing, and network isolation capabilities through private endpoints. The command set continues to evolve, reflecting the ongoing advancements in container technology and Azure's commitment to supporting modern DevOps practices.

az login(1), az group(1), az aks(1), docker(1), helm(1)