Manage Container Images in Azure Container Registry

Question 1

What does ACR enable?

Answer 1

• build on demand or fully automate builds with triggers such as source commits and base image updates
• pull images from an azure container registry to various deployment targets (kubernetes, app service etc)
• can be pushed to as part of container dev workflow by being targetted from a CI tool
• ACR tasks can auto rebuild app images when base image updated or automate image builds when team commits code to git repo

Question 2

What are ACR tiers (generally)?

Answer 2

• ACR is available in multiple tiers, each one providing predictable pricing and several options for aligning to the capacity and usage patterns of your private Docker reg in azure
• all benefit from advanced azure storage features

Question 3

What is the basic tier of ACR?

Answer 3

• cost optimised entry point for devs learning about ACR
• registers have same programmatic capabilities as Standard and Premium
• however storage and image throughput are appropriate for lower usage scenarios

Question 4

What is the standard tier of ACR?

Answer 4

• same capabiltiies as basic but with increased storage and image throughput
• standard registries should satisfy needs of most prod scenarios

Question 5

What is premium tier of ACR?

Answer 5

• Provide the highest amount of storage and concurrent operations
• enables high volume scenarios
  also adds features such as geo-replication for managing a single registry across multiple regions, content trust for image tag singing and private link with private endpoints to restrict access

Question 6

What is an image in ACR and what else can ACR store?

Answer 6

• read-only snapshot of a docker compatible container
• ACRs can include both Windows and Linux images
• in addition to docker container images ACR stores related content formats such as Helm charts and images built to the Open Container Initiative image format specificationW

Question 7

What are ACR tasks best used for?

Answer 7

• to streamline building, testing, pushing and deploying images in Azure
• configure build tasks to automate your container OS and framework patching pipeline, and build images automatically when your team commits code to source control

Question 8

What is Encryption at rest in terms of ACR?

Answer 8

• All container images in your reg are encrypted at rest
• azure auto encrypts image before storing it, and decrypts it on the fly when you or your app and services pull the image

Question 9

What is Regional storage in terms of ACR?

Answer 9

• ACR stores data in the region where the reg is created to help meet data residency and compliance requirements
• in all regions bar Brazil south and Southeast Asia Azure may also store reg data in a paired region in the same geo
• if regional outage occurs the reg data may become unavailable and isn’t auto recovered
• customers who want to have better data protection should enable geo-replication

Question 10

What is Zone redundancy in terms of ACR?

Answer 10

• a feature of premium tier
• use availability zones to replicate your reg to a min of 3 separate zones in each enabled region

Question 11

What is scalable storage in terms of ACR?

Answer 11

• ACR allows you to create as many repos, images or layers or tags as you need up to reg storage limit
• high numbers of repos and tags can impact the performance of reg
• should delete un-used ones periodically

Question 12

What are ACR tasks?

Answer 12

• suite of features within ACR that provides cloud based container image building for platforms including Linux, Windows and ARM
• can automate OS and framework patching for your docker containers
• enables automated builds triggered by source code updates, updates to a containers base image or timers

Question 13

What is ACR quick task?

Answer 13

• build and push a single container image to a container registry on demand without needing a local docker engine installation
• before you commit first line of code this feature can provide an IDE by offloading container image builds azure
• can catch potential issues prior to committing your code

Question 14

What is an ACR auto triggered task?

Answer 14

• nable one or more triggers to build an image
• trigger on source code or base image update
• trigger on a schedule

Question 15

What is a multi-step task?

Answer 15

• The single image build and push capability of ACR tasks with multi-step, multi-container-based-workflows
• defined in .yaml file
• can also define the execution of one or more containers with each step using the container as its execution env

Question 16

What architecture does ACR use?

Answer 16

• ACR tasks build images for Linux OS and amd64 architecture
• specify the –platform tag to build windows or Linuz for other archs
• Specify the OS and optionally a supported architecture in OS/architecture format
• linux archs = amd64, arm, arm64, 386
• windows archs = arm64

Question 17

What is a dockerfile?

Answer 17

• script that contains a series of instructions that are used to build a docker image
  Contain
• Base or parent image we use to create new image
• commands to update the base OS and install other software
• build artifacts to include, such as developed app
• services to expose such as storage and network config
• command to run when the container is launched

Question 18

What is a base image?

Answer 18

• first step in dockerfile is choosing a base image that serves as the foundation for your app
• e.g. if your building a .NET application you might choose a Microsoft .NET image as your base