教程:准备异地复制的 Azure 容器注册表Tutorial: Prepare a geo-replicated Azure container registry

Azure 容器注册表是部署在 Azure 中的专用 Docker 注册表,能使部署尽量靠近网络。An Azure container registry is a private Docker registry deployed in Azure that you can keep network-close to your deployments. 本套教程由三篇文章构成,介绍如何使用异地复制将 Linux 容器中运行的 ASP.NET Core Web 应用程序部署到两个“用于容器的 Web 应用”实例。In this set of three tutorial articles, you learn how to use geo-replication to deploy an ASP.NET Core web application running in a Linux container to two Web Apps for Containers instances. 在其中可以了解 Azure 如何通过最靠近的异地复制存储库将映像部署到每个 Web 应用实例。You'll see how Azure automatically deploys the image to each Web App instance from the closest geo-replicated repository.

在这套由三个部分构成的系列教程中,第一部分的内容包括:In this tutorial, part one in a three-part series:

  • 创建异地复制的 Azure 容器注册表Create a geo-replicated Azure container registry
  • 克隆 GitHub 中的应用程序源代码Clone application source code from GitHub
  • 基于应用程序源代码生成 Docker 容器映像Build a Docker container image from application source
  • 将容器映像推送到注册表Push the container image to your registry

后续教程将会介绍如何将容器从专用注册表部署到在两个 Azure 区域中运行的 Web 应用。In subsequent tutorials, you deploy the container from your private registry to a web app running in two Azure regions. 然后,可以更新应用程序中的代码,通过一条 docker push 命令将两个 Web 应用实例更新到注册表。You then update the code in the application, and update both Web App instances with a single docker push to your registry.

开始之前Before you begin

本教程需要本地安装 Azure CLI 2.0.31 或更高版本。This tutorial requires a local installation of the Azure CLI (version 2.0.31 or later). 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

要求熟悉 Docker 的核心概念,如容器、容器映像和基本的 Docker CLI 命令。You should be familiar with core Docker concepts such as containers, container images, and basic Docker CLI commands. 有关容器的入门基础知识,请参阅 Docker 入门For a primer on container basics, see Get started with Docker.

要完成本教程,需要本地安装 Docker。To complete this tutorial, you need a local Docker installation. Docker 提供适用于 macOSWindowsLinux 系统的安装说明。Docker provides installation instructions for macOS, Windows, and Linux systems.

Azure 本地 Shell 不包含完成本教程每个步骤所需的 Docker 组件。Azure local Shell does not include the Docker components required to complete every step this tutorial. 因此,我们建议在本地安装 Azure CLI 和 Docker 开发环境。Therefore, we recommend a local installation of the Azure CLI and Docker development environment.

创建容器注册表Create a container registry

对于本教程,你需要高级服务层中的 Azure 容器注册表。For this tutorial, you need an Azure container registry in the Premium service tier. 若要创建新的 Azure 容器注册表,请遵循本部分中的步骤。To create a new Azure container registry, follow the steps in this section.

提示

如果以前创建了注册表并需要升级,请参阅更改层If you previously created a registry and need to upgrade, see Changing tiers.

登录 Azure 门户Sign in to the Azure portal.

选择“创建资源”,在“新建”页的筛选器栏中键入“容器注册表”,然后按 Enter 键,最后在“市场”页中选择“容器注册表”来创建容器注册表。Select Create a resource , type Container Registry in the filter bar of New page and press the Enter key, last select Container Registry in Marketplace page to create Container Registry.

在 Azure 门户中创建容器注册表

使用以下设置配置新注册表:Configure your new registry with the following settings:

  • 注册表名称:创建在 Azure 中全局唯一的、包含 5-50 个字母数字字符的注册表名称Registry name: Create a registry name that's globally unique within Azure, and contains 5-50 alphanumeric characters
  • 资源组新建 > myResourceGroupResource Group: Create new > myResourceGroup
  • 位置China NorthLocation: China North
  • SKUPremium(异地复制需要此项设置)SKU: Premium (required for geo-replication)

依次选择“查看 + 创建”和“创建”来创建注册表实例 。Select Review + create and then Create to create the registry instance.

在 Azure 门户中配置容器注册表

本教程的余下部分使用 <acrName> 作为所选容器注册表名称的占位符。Throughout the rest of this tutorial, we use <acrName> as a placeholder for the container Registry name that you chose.

提示

由于 Azure 容器注册表通常是在多个容器主机上使用的长期生存的资源,因此我们建议在注册表自身所在的资源组中创建该注册表。Because Azure container registries are typically long-lived resources that are used across multiple container hosts, we recommend that you create your registry in its own resource group. 配置异地复制注册表和 Webhook 时,这些附加资源会放置在同一个资源组中。As you configure geo-replicated registries and webhooks, these additional resources are placed in the same resource group.

配置异地复制Configure geo-replication

获取高级注册表后,可以配置异地复制。Now that you have a Premium registry, you can configure geo-replication. Web 应用(在下一篇教程中,会将其配置为在两个区域中运行)可从最靠近的注册表中提取其容器映像。Your web app, which you configure in the next tutorial to run in two regions, can then pull its container images from the nearest registry.

在 Azure 门户中导航到新的容器注册表,选择“服务”下面的“复制项” :Navigate to your new container registry in the Azure portal and select Replications under Services:

Azure 门户容器注册表 UI 中的复制项

此时会出现一幅地图,其中显示了绿色的六边形,表示支持异地复制的 Azure 区域:A map is displayed showing green hexagons representing Azure regions available for geo-replication:

Azure 门户中的区域地图

选择注册表对应的绿色六边形将它复制到“中国东部”区域,然后选择“创建复制项”下面的“创建”: Replicate your registry to the China East region by selecting its green hexagon, then select Create under Create replication:

Azure 门户中的“创建复制项”UI

完成复制后,门户会显示两个区域的“就绪”状态。When the replication is complete, the portal reflects Ready for both regions. 使用“刷新”按钮刷新复制状态;创建并同步副本可能需要大约一分钟时间。Use the Refresh button to refresh the status of the replication; it can take a minute or so for the replicas to be created and synchronized.

Azure 门户中的复制项状态 UI

启用管理员帐户Enable admin account

在后续教程中,会将容器映像从注册表直接部署到用于容器的 Web 应用。In subsequent tutorials, you deploy a container image from the registry directly to Web App for Containers. 若要启用此功能,还必须启用注册表的管理员帐户To enable this capability, you must also enable the registry's admin account.

在 Azure 门户中导航到新的容器注册表,选择“设置”下面的“访问密钥” 。Navigate to your new container registry in the Azure portal and select Access keys under Settings. 在“管理员用户”下,选择“启用” 。Under Admin user, select Enable.

在 Azure 门户中启用管理员帐户

容器注册表登录Container registry login

配置异地复制后,生成一个容器映像并将其推送到注册表。Now that you've configured geo-replication, build a container image and push it to your registry. 在将映像推送到注册表之前,必须先登录到注册表。You must first log in to your registry before pushing images to it.

使用 az acr login 命令进行身份验证,并缓存注册表的凭据。Use the az acr login command to authenticate and cache the credentials for your registry. <acrName> 替换为之前创建的注册表的名称。Replace <acrName> with the name of the registry you created earlier.

az acr login --name <acrName>

该命令在完成时会返回 Login SucceededThe command returns Login Succeeded when complete.

获取应用程序代码Get application code

本教程中的示例包括使用 ASP.NET Core 生成的小型 Web 应用程序。The sample in this tutorial includes a small web application built with ASP.NET Core. 该应用提供一个 HTML 页面,其中显示了 Azure 容器注册表已从中部署映像的区域。The app serves an HTML page that displays the region from which the image was deployed by Azure Container Registry.

显示在浏览器中的教程应用

使用 git 将示例下载到某个本地目录,并执行 cd 切换到该目录:Use git to download the sample into a local directory, and cd into the directory:

git clone https://github.com/Azure-Samples/acr-helloworld.git
cd acr-helloworld

如果没有安装 git,可直接从 GitHub 下载 ZIP 存档If you don't have git installed, you can download the ZIP archive directly from GitHub.

更新 DockerfileUpdate Dockerfile

示例中包含的 Dockerfile 演示如何生成容器。The Dockerfile included in the sample shows how the container is built. 它首先创建一个正式的 aspnetcore 映像,将应用程序文件复制到容器,安装依赖项,使用正式的 aspnetcore-build 映像编译输出,最后生成优化的 aspnetcore 映像。It starts from an official aspnetcore image, copies the application files into the container, installs dependencies, compiles the output using the official aspnetcore-build image, and finally, builds an optimized aspnetcore image.

在克隆的源中,Dockerfile 位于 ./AcrHelloworld/DockerfileThe Dockerfile is located at ./AcrHelloworld/Dockerfile in the cloned source.

FROM microsoft/aspnetcore:2.0 AS base
# Update <acrName> with the name of your registry
# Example: uniqueregistryname.azurecr.cn
ENV DOCKER_REGISTRY <acrName>.azurecr.cn
WORKDIR /app
EXPOSE 80

FROM microsoft/aspnetcore-build:2.0 AS build
WORKDIR /src
COPY *.sln ./
COPY AcrHelloworld/AcrHelloworld.csproj AcrHelloworld/
RUN dotnet restore
COPY . .
WORKDIR /src/AcrHelloworld
RUN dotnet build -c Release -o /app

FROM build AS publish
RUN dotnet publish -c Release -o /app

FROM base AS production
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "AcrHelloworld.dll"]

acr-helloworld 映像中的应用程序尝试通过在 DNS 中查询有关注册表登录服务器的信息,确定其容器的部署源区域。The application in the acr-helloworld image tries to determine the region from which its container was deployed by querying DNS for information about the registry's login server. 必须在 Dockerfile 中的 DOCKER_REGISTRY 环境变量内指定注册表登录服务器的完全限定的域名 (FQDN)。You must specify your registry login server's fully qualified domain name (FQDN) in the DOCKER_REGISTRY environment variable in the Dockerfile.

首先,使用 az acr show 命令获取注册表的登录服务器。First, get the registry's login server with the az acr show command. <acrName> 替换为在前面步骤中创建的注册表的名称。Replace <acrName> with the name of the registry you created in previous steps.

az acr show --name <acrName> --query "{acrLoginServer:loginServer}" --output table

输出:Output:

AcrLoginServer
-----------------------------
uniqueregistryname.azurecr.cn

接下来,使用注册表登录服务器的 FQDN 更新 ENV DOCKER_REGISTRY 行。Next, update the ENV DOCKER_REGISTRY line with the FQDN of your registry's login server. 本示例体现了示例注册表名称,uniqueregistryname:This example reflects the example registry name, uniqueregistryname:

ENV DOCKER_REGISTRY uniqueregistryname.azurecr.cn

生成容器映像Build container image

使用注册表登录服务器的 FQDN 更新 Dockerfile 之后,可以使用 docker build 来创建容器映像。Now that you've updated the Dockerfile with the FQDN of your registry login server, you can use docker build to create the container image. 运行以下命令生成映像,并使用标记将它包含在专用注册表的 URL 中;同样,请将 <acrName> 替换为自己的注册表的名称:Run the following command to build the image and tag it with the URL of your private registry, again replacing <acrName> with the name of your registry:

docker build . -f ./AcrHelloworld/Dockerfile -t <acrName>.azurecr.cn/acr-helloworld:v1

生成 Docker 映像时,会显示多个输出行(此处的显示内容已截断):Several lines of output are displayed as the Docker image is built (shown here truncated):

Sending build context to Docker daemon  523.8kB
Step 1/18 : FROM microsoft/aspnetcore:2.0 AS base
2.0: Pulling from microsoft/aspnetcore
3e17c6eae66c: Pulling fs layer

[...]

Step 18/18 : ENTRYPOINT dotnet AcrHelloworld.dll
 ---> Running in 6906d98c47a1
 ---> c9ca1763cfb1
Removing intermediate container 6906d98c47a1
Successfully built c9ca1763cfb1
Successfully tagged uniqueregistryname.azurecr.cn/acr-helloworld:v1

使用 docker images 查看生成和标记的映像:Use docker images to see the built and tagged image:

$ docker images
REPOSITORY                                      TAG    IMAGE ID        CREATED               SIZE
uniqueregistryname.azurecr.cn/acr-helloworld    v1     01ac48d5c8cf    About a minute ago    284MB
[...]

向 Azure 容器注册表推送映像Push image to Azure Container Registry

然后,使用 docker push 命令将 acr-helloworld 映像推送到注册表。Next, use the docker push command to push the acr-helloworld image to your registry. <acrName> 替换为注册表的名称。Replace <acrName> with the name of your registry.

docker push <acrName>.azurecr.cn/acr-helloworld:v1

由于已经为异地复制配置了注册表,因此,使用这一条 docker push 命令,即可将映像自动复制到“中国北部”和“中国东部”区域。 Because you've configured your registry for geo-replication, your image is automatically replicated to both the China North and China East regions with this single docker push command.

$ docker push uniqueregistryname.azurecr.cn/acr-helloworld:v1
The push refers to a repository [uniqueregistryname.azurecr.cn/acr-helloworld]
cd54739c444b: Pushed
d6803756744a: Pushed
b7b1f3a15779: Pushed
a89567dff12d: Pushed
59c7b561ff56: Pushed
9a2f9413d9e4: Pushed
a75caa09eb1f: Pushed
v1: digest: sha256:0799014f91384bda5b87591170b1242bcd719f07a03d1f9a1ddbae72b3543970 size: 1792

后续步骤Next steps

在本教程中,我们创建了一个专用的异地复制容器注册表,生成了容器映像,然后将该图像推送到了该注册表。In this tutorial, you created a private, geo-replicated container registry, built a container image, and then pushed that image to your registry.