Tutorial: Prepare a geo-replicated Azure container registry

An Azure container registry is a private Docker registry deployed in Azure that you can keep network-close to your deployments. In this set of three tutorial articles, you learn how to use geo-replication to deploy an ASP.NET Core web application running in a Linux container to two Web Apps for Containers instances. You'll see how Azure automatically deploys the image to each Web App instance from the closest geo-replicated repository.

In this tutorial, part one in a three-part series:

  • Create a geo-replicated Azure container registry
  • Clone application source code from GitHub
  • Build a Docker container image from application source
  • Push the container image to your registry

In subsequent tutorials, you deploy the container from your private registry to a web app running in two Azure regions. You then update the code in the application, and update both Web App instances with a single docker push to your registry.

Before you begin

This tutorial requires a local installation of the Azure CLI (version 2.0.31 or later). Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.

You should be familiar with core Docker concepts such as containers, container images, and basic Docker CLI commands. For a primer on container basics, see Get started with Docker.

To complete this tutorial, you need a local Docker installation. Docker provides installation instructions for macOS, Windows, and Linux systems.

Azure local Shell does not include the Docker components required to complete every step this tutorial. Therefore, we recommend a local installation of the Azure CLI and Docker development environment.

Create a container registry

For this tutorial, you need an Azure container registry in the Premium service tier. To create a new Azure container registry, follow the steps in this section.

Tip

If you previously created a registry and need to upgrade, see Changing tiers.

Sign in to the Azure portal.

First, select Create a resource, next, type Container Registry in the search filter of New page and select the Enter key, then, select Container Registry in search results, last, select Create.

Creating a container registry in the Azure portal

Configure your new registry with the following settings. In the Basics tab:

  • Registry name: Create a registry name that's globally unique within Azure, and contains 5-50 alphanumeric characters
  • Resource Group: Create new > myResourceGroup
  • Location: China East 2
  • SKU: Premium (required for geo-replication)

Select Review + create and then Create to create the registry instance.

Configuring a container registry in the Azure portal

Throughout the rest of this tutorial, we use <acrName> as a placeholder for the container Registry name that you chose.

Tip

Because Azure container registries are typically long-lived resources that are used across multiple container hosts, we recommend that you create your registry in its own resource group. As you configure geo-replicated registries and webhooks, these additional resources are placed in the same resource group.

Configure geo-replication

Now that you have a Premium registry, you can configure geo-replication. Your web app, which you configure in the next tutorial to run in two regions, can then pull its container images from the nearest registry.

Navigate to your new container registry in the Azure portal and select Replications under Services:

Replications in the Azure portal container registry UI

A map is displayed showing green hexagons representing Azure regions available for geo-replication:

Region map in the Azure portal

Replicate your registry to the China East 2 region by selecting its green hexagon, then select Create under Create replication:

Create replication UI in the Azure portal

When the replication is complete, the portal reflects Ready for both regions. Use the Refresh button to refresh the status of the replication; it can take a minute or so for the replicas to be created and synchronized.

Replication status UI in the Azure portal

Enable admin account

In subsequent tutorials, you deploy a container image from the registry directly to Web App for Containers. To enable this capability, you must also enable the registry's admin account.

Navigate to your new container registry in the Azure portal and select Access keys under Settings. Under Admin user, select Enable.

Enable admin account in the Azure portal

Container registry login

Now that you've configured geo-replication, build a container image and push it to your registry. You must first log in to your registry before pushing images to it.

Use the az acr login command to authenticate and cache the credentials for your registry. Replace <acrName> with the name of the registry you created earlier.

az acr login --name <acrName>

The command returns Login Succeeded when complete.

Get application code

The sample in this tutorial includes a small web application built with ASP.NET Core. The app serves an HTML page that displays the region from which the image was deployed by Azure Container Registry.

Tutorial app shown in browser

Use git to download the sample into a local directory, and cd into the directory:

git clone https://github.com/Azure-Samples/acr-helloworld.git
cd acr-helloworld

If you don't have git installed, you can download the ZIP archive directly from GitHub.

Update Dockerfile

The Dockerfile included in the sample shows how the container is built. It starts from an official ASP.NET Core runtime image, copies the application files into the container, installs dependencies, compiles the output using the official .NET Core SDK image, and finally, builds an optimized aspnetcore image.

The Dockerfile is located at ./AcrHelloworld/Dockerfile in the cloned source.

FROM mcr.microsoft.com/dotnet/core/aspnet:2.2 AS base
# Update <acrName> with the name of your registry
# Example: uniqueregistryname.azurecr.cn
ENV DOCKER_REGISTRY <acrName>.azurecr.cn
WORKDIR /app
EXPOSE 80

FROM mcr.microsoft.com/dotnet/core/sdk:2.2 AS build
WORKDIR /src
COPY *.sln ./
COPY AcrHelloworld/AcrHelloworld.csproj AcrHelloworld/
RUN dotnet restore
COPY . .
WORKDIR /src/AcrHelloworld
RUN dotnet build -c Release -o /app

FROM build AS publish
RUN dotnet publish -c Release -o /app

FROM base AS production
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "AcrHelloworld.dll"]

The application in the acr-helloworld image tries to determine the region from which its container was deployed by querying DNS for information about the registry's login server. You must specify your registry login server's fully qualified domain name (FQDN) in the DOCKER_REGISTRY environment variable in the Dockerfile.

First, get the registry's login server with the az acr show command. Replace <acrName> with the name of the registry you created in previous steps.

az acr show --name <acrName> --query "{acrLoginServer:loginServer}" --output table

Output:

AcrLoginServer
-----------------------------
uniqueregistryname.azurecr.cn

Next, update the ENV DOCKER_REGISTRY line with the FQDN of your registry's login server. This example reflects the example registry name, uniqueregistryname:

ENV DOCKER_REGISTRY uniqueregistryname.azurecr.cn

Build container image

Now that you've updated the Dockerfile with the FQDN of your registry login server, you can use docker build to create the container image. Run the following command to build the image and tag it with the URL of your private registry, again replacing <acrName> with the name of your registry:

docker build . -f ./AcrHelloworld/Dockerfile -t <acrName>.azurecr.cn/acr-helloworld:v1

Several lines of output are displayed as the Docker image is built (shown here truncated):

Sending build context to Docker daemon  523.8kB
Step 1/18 : FROM mcr.microsoft.com/dotnet/core/aspnet:2.2 AS base
2.2: Pulling from mcr.microsoft.com/dotnet/core/aspnet
3e17c6eae66c: Pulling fs layer

[...]

Step 18/18 : ENTRYPOINT dotnet AcrHelloworld.dll
 ---> Running in 6906d98c47a1
 ---> c9ca1763cfb1
Removing intermediate container 6906d98c47a1
Successfully built c9ca1763cfb1
Successfully tagged uniqueregistryname.azurecr.cn/acr-helloworld:v1

Use docker images to see the built and tagged image:

$ docker images
REPOSITORY                                      TAG    IMAGE ID        CREATED               SIZE
uniqueregistryname.azurecr.cn/acr-helloworld    v1     01ac48d5c8cf    About a minute ago    284MB
[...]

Push image to Azure Container Registry

Next, use the docker push command to push the acr-helloworld image to your registry. Replace <acrName> with the name of your registry.

docker push <acrName>.azurecr.cn/acr-helloworld:v1

Because you've configured your registry for geo-replication, your image is automatically replicated to both the China East 2 and China East regions with this single docker push command.

$ docker push uniqueregistryname.azurecr.cn/acr-helloworld:v1
The push refers to a repository [uniqueregistryname.azurecr.cn/acr-helloworld]
cd54739c444b: Pushed
d6803756744a: Pushed
b7b1f3a15779: Pushed
a89567dff12d: Pushed
59c7b561ff56: Pushed
9a2f9413d9e4: Pushed
a75caa09eb1f: Pushed
v1: digest: sha256:0799014f91384bda5b87591170b1242bcd719f07a03d1f9a1ddbae72b3543970 size: 1792

Next steps

In this tutorial, you created a private, geo-replicated container registry, built a container image, and then pushed that image to your registry.

Advance to the next tutorial to deploy your container to multiple Web Apps for Containers instances, using geo-replication to serve the images locally.