Quickstart: Create a connected registry using the Azure portal
In this quickstart, you use the Azure portal to create a connected registry resource in Azure. The connected registry feature of Azure Container Registry allows you to deploy a registry remotely or on your premises and synchronize images and other artifacts with the cloud registry.
Here you create two connected registry resources for a cloud registry: one connected registry allows read and write (artifact pull and push) functionality and one allows read-only functionality.
After creating a connected registry, you can follow other guides to deploy and use it on your on-premises or remote infrastructure.
Prerequisites
- Azure Container registry - If you don't already have a container registry, create one (Premium tier required) in a region that supports connected registries.
To import images to the container registry, use the Azure CLI:
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Enable the dedicated data endpoint for the cloud registry
Enable the dedicated data endpoint for the Azure container registry in the cloud. This step is needed for a connected registry to communicate with the cloud registry.
- In the Azure portal, navigate to your container registry.
- Select Networking > Public access. Select the Enable dedicated data endpoint checkbox.
- Select Save.
Import images to your cloud registry
Import the following container images to your cloud registry using the az acr import command. Skip this step if you already imported these images.
Connected registry image
To support nested IoT Edge scenarios, the container image for the connected registry runtime must be available in your private Azure container registry. Use the az acr import command to import the connected registry image into your private registry.
# Use the REGISTRY_NAME variable in the following Azure CLI commands to identify the registry
REGISTRY_NAME=<container-registry-name>
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/acr/connected-registry:0.8.0
IoT Edge and API proxy images
To support the connected registry on nested IoT Edge, you need to deploy modules for the IoT Edge and API proxy. Import these images into your private registry.
The IoT Edge API proxy module allows an IoT Edge device to expose multiple services using the HTTPS protocol on the same port such as 443.
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/azureiotedge-agent:1.2.4
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/azureiotedge-hub:1.2.4
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/azureiotedge-api-proxy:1.1.2
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/azureiotedge-diagnostics:1.2.4
Hello-world image
For testing the connected registry, import the hello-world image. This repository will be synchronized to the connected registry and pulled by the connected registry clients.
az acr import \
--name $REGISTRY_NAME \
--source mcr.microsoft.com/hello-world:1.1.2
Create a connected registry resource for read and write functionality
The following steps create a connected registry in ReadWrite mode that is linked to the cloud registry.
- In the Azure portal, navigate to your container registry.
- Select Connected registries (Preview) > + Create.
- Enter or select the values in the following table, and select Save.
| Item | Description |
|---|---|
| Parent | Select No parent for a connected registry linked to the cloud registry. |
| Mode | Select ReadWrite. |
| Name | The connected registry name must start with a letter and contain only alphanumeric characters. It must be 5 to 40 characters long and unique in the hierarchy for this Azure container registry. |
| Logging properties | Accept the default settings. |
| Sync properties | Accept the default settings. Because there is no synchronization schedule defined by default, the repositories will be synchronized between the cloud registry and the connected registry without interruptions. |
| Repositories | Select or enter the names of the repositories you imported in the previous step. The specified repositories will be synchronized between the cloud registry and the connected registry once it is deployed. |
Important
To support nested scenarios where lower layers have no Internet access, you must always allow synchronization of the acr/connected-registry repository. This repository contains the image for the connected registry runtime.
Create a connected registry resource for read-only functionality
The following steps create a connected registry in ReadOnly mode whose parent is the connected registry you created in the previous section. This connected registry enables read-only (artifact pull) functionality once deployed.
- In the Azure portal, navigate to your container registry.
- Select Connected registries (Preview) > + Create.
- Enter or select the values in the following table, and select Save.
| Item | Description |
|---|---|
| Parent | Select the connected registry you created previously. |
| Mode | Select ReadOnly. |
| Name | The connected registry name must start with a letter and contain only alphanumeric characters. It must be 5 to 40 characters long and unique in the hierarchy for this Azure container registry. |
| Logging properties | Accept the default settings. |
| Sync properties | Accept the default settings. Because there is no synchronization schedule defined by default, the repositories will be synchronized between the cloud registry and the connected registry without interruptions. |
| Repositories | Select or enter the names of the repositories you imported in the previous step. The specified repositories will be synchronized between the parent registry and the connected registry once it is deployed. |
View connected registry properties
Select a connected registry in the portal to view its properties, such as its connection status (Offline, Online, or Unhealthy) and whether it has been activated (deployed on-premises). In the following example, the connected registry is not deployed. Its connection state of "Offline" indicates that it is currently disconnected from the cloud.
From this view, you can also generate a connection string and optionally generate passwords for the sync token. A connection string contains configuration settings used for deploying a connected registry and synchronizing content with a parent registry.
Next steps
In this quickstart, you used the Azure portal to create two connected registry resources in Azure. Those new connected registry resources are tied to your cloud registry and allow synchronization of artifacts with the cloud registry.
Continue to the connected registry deployment guides to learn how to deploy and use a connected registry on your IoT Edge infrastructure.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for