Azure 中的专用 Docker 容器注册表简介Introduction to private Docker container registries in Azure

Azure 容器注册表是基于开源 Docker 注册表 2.0 的托管 Docker 注册表服务。Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry 2.0. 可以创建和维护 Azure 容器注册表来存储与管理专用的 Docker 容器映像。Create and maintain Azure container registries to store and manage your private Docker container images.

有关 Docker 和容器的背景信息,请参阅 Docker 概述For background about Docker and containers, see the Docker overview.

用例Use cases

将 Azure 容器注册表中的映像提取到各种部署目标:Pull images from an Azure container registry to various deployment targets:

开发人员还可以在执行容器开发工作流的过程中将内容推送到容器注册表。Developers can also push to a container registry as part of a container development workflow. 例如,通过持续集成和部署工具(如 Azure DevOps ServicesJenkins)将目标设置为容器注册表。For example, target a container registry from a continuous integration and deployment tool such as Azure DevOps Services or Jenkins.

Azure 提供包括 Azure 命令行界面、Azure 门户和 API 支持在内的工具,用于管理 Azure 容器注册表。Azure provides tooling including Azure Command-Line Interface, Azure portal, and API support to manage your Azure container registries. 可以选择安装适用于 Visual Studio Code 的 Docker 扩展以及适用于 Azure 容器注册表的 Azure 帐户扩展。Optionally install the Docker Extension for Visual Studio Code and the Azure Account extension to work with your Azure container registries. 通过 Azure 容器注册表拉取和推送映像,或者运行 ACR 任务,这一切都可以在 Visual Studio Code 中进行。Pull and push images to an Azure container registry, or run ACR Tasks, all within Visual Studio Code.

关键概念Key concepts

  • 注册表 - 在 Azure 订阅中创建一个或多个容器注册表。Registry - Create one or more container registries in your Azure subscription. 注册表以三种 SKU 形式提供:基本、标准和高级,每一种都支持 Webhook 集成、通过 Azure Active Directory 进行的注册表身份验证,以及删除功能。Registries are available in three SKUs: Basic, Standard, and Premium, each of which supports webhook integration, registry authentication with Azure Active Directory, and delete functionality. 在与部署相同的 Azure 位置创建注册表,充分利用容器映像的本地闭合网络存储。Take advantage of local, network-close storage of your container images by creating a registry in the same Azure location as your deployments. 将高级注册表的异地复制功能用于高级复制和容器映像分发方案。Use the geo-replication feature of Premium registries for advanced replication and container image distribution scenarios. 完全限定的注册表名称采用以下格式:myregistry.azurecr.cnA fully qualified registry name has the form myregistry.azurecr.cn.

    可以使用 Azure 标识、Azure Active Directory 支持的服务主体或提供的管理员帐户来控制访问(针对容器注册表)。You control access to a container registry using an Azure identity, an Azure Active Directory-backed service principal, or a provided admin account. 使用 Azure CLI 或标准的 docker login 命令登录到注册表。Log in to the registry using the Azure CLI or the standard docker login command.

  • 存储库 - 一个注册表包含一个或多个存储库,该库是包含容器映像的虚拟组,而这些映像使用相同的名称但不同的标记或摘要。Repository - A registry contains one or more repositories, which are virtual groups of container images with the same name but different tags or digests. Azure 容器注册表支持多级存储库命名空间。Azure Container Registry supports multilevel repository namespaces. 使用多级命名空间可将特定应用相关的映像集合分组,或者将特定开发或运营团队的应用集合分组。With multilevel namespaces, you can group collections of images related to a specific app, or a collection of apps to specific development or operational teams. 例如:For example:

    • myregistry.azurecr.cn/aspnetcore:1.0.1 表示企业范围的映像myregistry.azurecr.cn/aspnetcore:1.0.1 represents a corporate-wide image
    • myregistry.azurecr.cn/warrantydept/dotnet-build 表示用于构建 .NET 应用、在保修部门之间共享的映像myregistry.azurecr.cn/warrantydept/dotnet-build represents an image used to build .NET apps, shared across the warranty department
    • myregistry.azurecr.cn/warrantydept/customersubmissions/web 表示一个 Web 映像,它已在客户提交应用中分组,由保修部门拥有myregistry.azurecr.cn/warrantydept/customersubmissions/web represents a web image, grouped in the customer submissions app, owned by the warranty department
  • 映像 - 存储在存储库中,每个映像是兼容 Docker 的容器的只读快照。Image - Stored in a repository, each image is a read-only snapshot of a Docker-compatible container. Azure 容器注册表可以包含 Windows 和 Linux 映像。Azure container registries can include both Windows and Linux images. 可以控制所有容器部署的映像名称。You control image names for all your container deployments. 使用标准 Docker 命令可将映像推送到存储库,或者从存储库中提取映像。Use standard Docker commands to push images into a repository, or pull an image from a repository. 除了 Docker 容器映像外,Azure 容器注册表还存储相关的内容格式,例如 Helm 图表和为开放容器计划 (OCI) 映像格式规范构建的映像。In addition to Docker container images, Azure Container Registry stores related content formats such as Helm charts and images built to the Open Container Initiative (OCI) Image Format Specification.

  • 容器 - 容器定义软件应用程序及其在完整文件系统中包装的依赖项,包括代码、运行时、系统工具和库。Container - A container defines a software application and its dependencies wrapped in a complete filesystem including code, runtime, system tools, and libraries. 可以基于从容器注册表提取的 Windows 或 Linux 映像运行 Docker 容器。Run Docker containers based on Windows or Linux images that you pull from a container registry. 在一台计算机上运行的容器共享操作系统内核。Containers running on a single machine share the operating system kernel. Docker 容器完全可移植到所有主要 Linux 发行版、macOS 和 Windows。Docker containers are fully portable to all major Linux distros, macOS, and Windows.

后续步骤Next steps