Azure Container Registry
Storing container images in Azure.
Last updated
Storing container images in Azure.
Last updated
The Azure container registry is a flavor that comes built-in with ZenML and uses the to store container images.
You should use the Azure container registry if:
one or more components of your stack need to pull or push container images.
you have access to Azure. If you're not using Azure, take a look at the other .
Would you like to skip ahead and deploy a full ZenML cloud stack already, including an Azure container registry? Check out the , the , or for a shortcut on how to deploy & register this stack component.
Go and choose a subscription, resource group, location, and registry name. Then click on Review + Create and to create your container registry.
The Azure container registry URI should have the following format:
To figure out the URI for your registry:
Go to the .
In the search bar, enter container registries and select the container registry you want to use. If you don't have any container registries yet, check out the on how to create one.
Use the name of your registry to fill the template <REGISTRY_NAME>.azurecr.io and get your URI.
To use the Azure container registry, we need:
We can then register the container registry and use it in our active stack:
With the Azure CLI installed and set up with credentials, you need to login to the container registry so Docker can pull and push images:
installed and running.
The registry URI. Check out the on the URI format and how to get the URI for your registry.
You also need to set up required to log in to the container registry.
Integrating and using an Azure Container Registry in your pipelines is not possible without employing some form of authentication. If you're looking for a quick way to get started locally, you can use the Local Authentication method. However, the recommended way to authenticate to the Azure cloud platform is through . This is particularly useful if you are configuring ZenML stacks that combine the Azure Container Registry with other remote stack components also running in Azure.
This method uses the Docker client authentication available in the environment where the ZenML code is running. On your local machine, this is the quickest way to configure an Azure Container Registry. You don't need to supply credentials explicitly when you register the Azure Container Registry, as it leverages the local credentials and configuration that the Azure CLI and Docker client store on your local machine. However, you will need to install and set up the Azure CLI on your machine as a prerequisite, as covered in , before you register the Azure Container Registry.
Stacks using the Azure Container Registry set up with local authentication are not portable across environments. To make ZenML pipelines fully portable, it is recommended to use to link your Azure Container Registry to the remote ACR registry.
To set up the Azure Container Registry to authenticate to Azure and access an ACR registry, it is recommended to leverage the many features provided by such as auto-configuration, local login, best security practices regarding long-lived credentials and reusing the same credentials across multiple stack components.
A non-interactive CLI example that uses to configure an Azure Service Connector targeting a single ACR registry is:
Note: Please remember to grant the entity associated with your Azure credentials permissions to read and write to your ACR registry as well as to list accessible ACR registries. For a full list of permissions required to use an Azure Service Connector to access a ACR registry, please refer to the or read the documentation available in the interactive CLI commands and dashboard. The Azure Service Connector supports with different levels of security and convenience. You should pick the one that best fits your use case.
Linking the Azure Container Registry to a Service Connector means that your local Docker client is no longer authenticated to access the remote registry. If you need to manually interact with the remote registry via the Docker CLI, you can use the to temporarily authenticate your local Docker client to the remote registry:
For more information and a full list of configurable attributes of the Azure container registry, check out the .
