Create Azure Container Registry

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

In this article we will learn how to setup Azure container registry. As you know we use container registry stores and manages private container images and other artifacts, like the way Docker Hub stores public Docker container images. Let's create a container in Visual Studio that we can push to GitHub and then deploy to Azure Container Registry. If you want to follow along on your local computer, you'll need Docker Desktop installed. This allows you to run containers locally before pushing them to a remote hosting environment, like Azure App Service, or a more complex orchestration environment, like Azure Kubernetes Service. You can download the Docker Desktop installed from this link. Before we move to next step I believe that Docker Desktop is successfully setup at your workstation.

 

Let's start by opening Visual Studio and creating a new project. I'll choose the ASP.NET Core template. Click Next, give the project a name, and then let's enable Docker. This will create the Dockerfile and configure the project to run locally on Docker Desktop. You can choose whether to create a Linux or a Windows container as shown in below screenshots. Let's just leave Linux. Once the project is created, you can see there's a Dockerfile here, and it shows that the ASP.NET 5 image from Microsoft is being used as the base and the SDK image is being used for the build.

 

VinodSoni_0-1676212310080.png

 

 

VinodSoni_1-1676212310091.png

 

Let's close this file and let's change this to the name of the image that will be getting built and let's run this project (Click on Docker run button). The container's window opens at the bottom, and then the browser shows the code running in the container.

 

VinodSoni_2-1676212310093.png

 

VinodSoni_3-1676212310097.png

 

Now let's close this and go to the Git menu and create a Git repository. I'm already logged into GitHub, and it's going to create a local repo, as well as the remote repo in GitHub with the same name. I'll leave these defaults, and let's create this. Let's go back to the browser and refresh the homepage here. And there's the repo that got created. The code has been uploaded, and you can see there is the Dockerfile.

 

VinodSoni_4-1676212310098.png

 

VinodSoni_5-1676212310101.png

 

VinodSoni_6-1676212310105.png

 

 

Now let's create the Azure Container Registry and the credentials needed for GitHub actions to push this container to the registry.

 

I have the Azure portal open here, and I'm logged in as an administrator. I'm going to open up the Azure Cloud Shell, so we'll have a Bash Shell here where we can run commands.

 

VinodSoni_7-1676212310110.png

 

You can do this from your desktop, too, but you'll need the Azure CLI installed locally. Everything is already configured in the Cloud Shell, and I don't need to log into the CLI, either. Now, I'm going to be running commands, and they'll be using variables, so you'll be able to just copy the following standard variables (required during setup the Azure container registry) into new script file called variables.sh.

 

VinodSoni_8-1676212310112.png

 

VinodSoni_9-1676212310114.png

 

But these variables need to be set up front. So rather than type them in individually, I'm going to upload a file to Azure, and the Cloud Shell is backed by your own file share (as shown in below screenshot), which makes this possible. I have this file called variables.sh. Let's upload this.

 

VinodSoni_10-1676212310115.png

 

VinodSoni_11-1676212310117.png

 

And now if I click on this Edit button, there's the files on the left, and the uploaded file is at the bottom. Click on it, and you can edit it right here in the browser. Change the values of these variables to whatever you want the resources to be called. We'll need a resource group, a name for the Azure Container Registry instance that we'll be creating, and this needs to be unique across Azure. Then, a service principal name, and this is just a security account that we'll be granting privileges to for GitHub to use for deployments. And finally, an Azure region for the location. I'll use East US. Now let's save this file.

 

VinodSoni_12-1676212310119.png

 

And we can run this file by typing a period, a space, and then the file name. This allows these variables to be available within the current Bash context. If I echo out the value of one of these variables, you can see that it's available.

 

VinodSoni_13-1676212310121.png

 

Okay, let's run our first command. First, let's create a resource group. We'll use the name and location variables, and this will give us a container that we can keep everything in and delete it all as a group later. Next, let's get the ID of the resource group using this az group show with a query for the ID. And I forgot to preface the variable name with a dollar sign. Okay, there it is.

 

az group create --name $RG_NAME --location $RG_LOCATION

 

VinodSoni_14-1676212310124.png

 

RG_ID=$(az group show --name $RG_NAME --query id --output tsv)

 

VinodSoni_15-1676212310125.png

 

Now let's create the service principal that GitHub will use to deploy the container. We're using az ad sp create for rbac, scoping it to just the resource group, and adding this sdk auth parameter. This will output the result in a file format that we can paste into a GitHub secret and use for authentication within a GitHub action later. I just masked the values for security reasons. This gives us back info about the service principal, including the password, and it's called a client secret here. You won't be able to see this password again, and we're going to need all this later. So let's copy it and open up Notepad and paste the service principal information here.

 

az ad sp create-for-rbac --name $SP_NAME --scope $RG_ID --role Contributor --sdk-auth

 

VinodSoni_16-1676212310136.png

 

Okay, now rather than copy the client ID, let's do a query to store it in a variable because we'll need it for other commands. I'll just echo this out to make sure it's the same. Good. Okay, now we're ready to create the Azure Container Registry instance. We do that with a az acr create. With a resource group name, a name for the registry, and a SKU, we can just use the basic pricing tier for testing. Let's run this, and I'll close this editor. When it completes, we get the resource info back and the login server URL is listed here. Let's go to All services and search for Container and open up the Container registries. It can take a few seconds to show up. I'll just refresh this.

 

SP_ID=$(az ad sp list --display-name $SP_NAME --query "[].appId" --output tsv)

 

VinodSoni_17-1676212310138.png

 

And there's the new registry. Now let's go back to the Cloud Shell at the bottom of the browser window here, and let's run this command to get the ID of the container registry. I'll just print that out. Okay, now we need to assign a permission to the service principal that will allow GitHub to push containers into the registry using this credential.

 

We do that with az role assignment, and the role we're assigning to the service principal is the AcrPush role. Okay, now we have the resource created and the permissions we need. The next step is to create the GitHub actions workflow to build and push the container image, and we'll configure GitHub secrets for the service principal values that the workflow will need. Let's do that next.

 

az acr create --resource-group $RG_NAME --name $ACR_NAME --sku Basic

 

VinodSoni_18-1676212310144.png

 

ACR_ID=$(az acr show --name $ACR_NAME --query id --output tsv)

 

VinodSoni_19-1676212310146.png

 

az role assignment create --assignee $SP_ID --scope $ACR_ID --role AcrPush

 

VinodSoni_20-1676212310148.png

 

VinodSoni_21-1676212310152.png

 

VinodSoni_22-1676212310155.png

 

VinodSoni_23-1676212310159.png

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.