Azure Container Registry (Acr): A Complete Guide

A Comprehensive and Practical Course: Containers, Automation, Networking, Security, Monitoring, HA, AKS, and others

What you'll learn

Containerization, Docker and registries basics

What Azure Container Registry (ACR) is, how to create one

Basic operations like import, push, pull

How to automate container builds, pushes and more during commit source code with the help of ACR Tasks and ACR Webhooks

How to properly delete, recover and lock images and repositories

Authentication methods and the proper roles needed

How to integrate ACR with other Azure services

Networking and security considerations like restricting access, private connection, data exfiltration, access from behind a firewall, scanning, Content Trust

How to monitor and troubleshoot ACR

How to obtain resiliency, high availability, performance, better pull speeds, overcome public registries rate limiting and more

Requirements

It is good to have basic knowledge of Containerization, Linux, Networking, and Azure, but I am explaining most of the concepts at specific points during the course

Description

In the world of cloud computing, containers have emerged as a game-changer, enabling software developers to create, test, and deploy applications seamlessly. But with this comes the need for a centralized location to store and manage these container images, which is where Azure Container Registry (ACR) comes into play.Azure Container Registry (ACR) is a private, managed, and secure registry service that allows users to store and manage container images for use with Azure services like Azure Kubernetes Service (AKS) and more, or even non-Azure services or on-premises.This course, "Azure Container Registry (ACR) Made Easy," is your comprehensive guide to understanding and managing ACR. Throughout the course, we have a lot of practice/hands-on sessions to ensure that you can apply the concepts you learned in real-world situations. Whether you are new to container management or an experienced professional, this course will provide you with the expertise needed to manage and store containers using ACR.We will start by exploring containers, images, and registries, followed by an in-depth explanation of ACR's basics, including its tiers, limits, and pricing. You will then learn how to create an ACR, import, pull, and push images, work with agent pools, and more.The course then moves on to more advanced topics, such as automating with all kinds of ACR Tasks and Webhooks, deleting, recovering, and locking ACR images and repositories. We will also delve into access control and all the authentication options available.Next, we will look at integrating ACR with other Azure services, such as Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Azure Web App for Containers. You will also learn about networking and security, including how to restrict public access, use trusted services, connect via a private endpoint or from behind a firewall, scan images with Microsoft Defender, implement governance and security with Azure Policy, or use Content Trust.In the monitoring and troubleshooting section, you will learn the basics of troubleshooting, how to monitor ACR, and how to create alerts for metrics and logs. Finally, we will cover high availability and performance, including moving an ACR to another region, availability zones, geo-replication, Project Teleport, and cache for ACR.By the end of this course, you will have gained a thorough understanding of ACR and the skills to create and manage your own container registry with ease. Whether you are a software developer, a DevOps engineer, or an IT professional, this course will equip you with the knowledge and skills to take your container management to the next level.

Overview

Section 1: Course introduction

Lecture 1 Introduction about instructor and course

Lecture 2 Good to know / Recommended background

Lecture 3 Connect with me

Section 2: Understanding containers, images and registries

Lecture 4 What is a container and how is it different from a VM?

Lecture 5 Microservices architecture

Lecture 6 Install Docker and Azure CLI on an Ubuntu VM and other considerations

Lecture 7 What are Docker, Dockerfile and Docker Hub?

Lecture 8 Create our 1st container (web app), push it to Docker Hub and run it

Lecture 9 Create our 2nd container (troubleshooting app), push it to Docker Hub and run it

Lecture 10 Understand why we need a container registry, like Azure Container Registry (ACR)

Lecture 11 Understand registry and image related terminologies

Section 3: Starting with Azure Container Registry (ACR)

Lecture 12 What is Azure Container Registry (ACR)?

Lecture 13 Defining storage, throughput and throttling in ACR

Lecture 14 Understand ACR limits and tier comparison

Lecture 15 Azure free account and ACR pricing

Lecture 16 Learn and explore Microsoft Artifact Registry (MAR/MCR)

Lecture 17 Important notes about ACR support policy and ACR Roadmap

Lecture 18 Let's create and explore our first Azure Container Registry (ACR)

Lecture 19 Import images to ACR and explore them

Lecture 20 How to set a default registry to simplify "az acr" commands

Lecture 21 Understand and use AAD individual login to authenticate to ACR

Lecture 22 Understand and use the admin user in ACR

Lecture 23 Push and pull container images to/from ACR

Lecture 24 Push and pull OCI artifacts to/from ACR

Lecture 25 Push and pull Helm charts to/from ACR

Lecture 26 Starting with ACR Tasks: Understand and use "az acr build" and "az acr run"

Lecture 27 Use Azure Cloud Shell with ACR

Lecture 28 Send events from ACR to Event Grid and view them on a prebuilt Azure WebApp

Section 4: Automate with Tasks and Webhooks in ACR

Lecture 29 A few ACR Task related considerations about variables, aliases and YAMLs

Lecture 30 Automate container image builds in the cloud when you commit source code

Lecture 31 Automate ACI deployments and updates with ACR Task, ACR Webhook and Logic Apps

Lecture 32 Create a multi-step task using a YAML file

Lecture 33 Automate container image builds when a base image is updated

Lecture 34 Understand and run an ACR timer-triggered task based on a schedule

Lecture 35 Understand dedicated agent pools and run an ACR task there

Section 5: Delete, recover and lock ACR images and repositories

Lecture 36 Basic delete options

Lecture 37 Delete digests by timestamp using a script

Lecture 38 Prevent delete, write, read, and list by locking images and repositories

Lecture 39 Enable soft delete policy and recover deleted artifacts

Lecture 40 Use “acr purge” command to delete images on-demand or on a schedule

Lecture 41 Set a retention policy for untagged manifests

Section 6: Authentication and access control in ACR

Lecture 42 Understand RBAC roles and permissions related to ACR

Lecture 43 Authentication options overview

Lecture 44 Reminder about authentication with individual AD identity and admin user

Lecture 45 Authenticate with AD service principal

Lecture 46 Authenticate with managed identity and compare it with AD service principal

Lecture 47 Tokens and scope maps

Lecture 48 Make your content publicly available with Anonymous / Unauthenticated pull

Lecture 49 ACR task authentication considerations and cross-registry authentication demo

Section 7: Integrate ACR with other Azure services (AKS, ACI, Web App)

Lecture 50 Learn Kubernetes basics and create an Azure Kubernetes Service (AKS) cluster

Lecture 51 How the Azure Kubernetes Service (AKS) - ACR integration works?

Lecture 52 Integrate AKS and ACR - Azure/RBAC method

Lecture 53 Integrate AKS and ACR - Kubernetes/pull secret method

Lecture 54 Deploy to ACI (Azure Container Instances) using admin user

Lecture 55 Deploy to ACI using an AAD service principal

Lecture 56 Deploy to ACI using an AAD service principal with credentials in Key Vault

Lecture 57 Deploy to ACI using a Managed Identity

Lecture 58 Deploy to Azure App Service Web App for Containers using admin user

Section 8: Networking and security in ACR

Lecture 59 Restrict public access to ACR

Lecture 60 Trusted services in ACR

Lecture 61 Understand how to securely connect to ACR via a private connection

Lecture 62 Configure secure connectivity to ACR via a private connection

Lecture 63 Service endpoint in ACR

Lecture 64 How devices behind a firewall can access ACR and about dedicated data endpoints

Lecture 65 Configure AKS behind Azure Firewall to access ACR

Lecture 66 Scan for vulnerabilities and get recommendations with Microsoft Defender

Lecture 67 Implement policies for ACR with Azure Policy

Lecture 68 Disable export of artifacts from ACR

Lecture 69 Understand Content Trust, related terms and ACR particularities

Lecture 70 Practice Content Trust in ACR

Section 9: Monitor and troubleshoot ACR

Lecture 71 "az acr check-health" command

Lecture 72 Activity logs

Lecture 73 Metrics explorer in ACR

Lecture 74 Create a diagnostic settings and explore logs

Lecture 75 Understand Alerts in Azure

Lecture 76 Create a metrics-based alert

Lecture 77 Create a log-based alert

Section 10: High availability and performance in ACR

Lecture 78 Manually move an ACR to another region

Lecture 79 Availability Zones in ACR

Lecture 80 Understand geo-replication in ACR

Lecture 81 Practice and test geo-replication in ACR

Lecture 82 Project Teleport

Lecture 83 Understand Cache for ACR

Lecture 84 Get started with Cache for ACR

Lecture 85 Use Cache for ACR with authentication

Anyone that is new to container world,IT professionals or administrators looking for a simple and security container registry to store and manage container images or other artifacts,Cloud architects who want to understand the benefits and limitations of Azure Container Registry and how it fits into their cloud architecture or how to integrate it with other Azure services, like Azure Kubernetes Service (AKS) or Azure Container Instances (ACI),Existing ACR users that are looking to extend their ACR knowledge and fully benefit from this service while enhancing the registry security, availability or performance,System Administrators responsible for managing container environments and looking to leverage Azure Container Registry for secure storage and distribution of container images,Azure Enthusiasts looking to expand their understanding of Azure's capabilities and delve into the world of containerization