Azure - ACR的命令行使用方式

注册表操作

    * 登陆到注册表的两种方式

        az acr login --name myregistry

        docker login myregistry.azurecr.cn

    * 推送和拉取映像

        docker pull nginx

        docker run -it --rm -p 8080:80 nginx

        docker tag nginx myregistry.azurecr.cn/samples/nginx

        docker push myregistry.azurecr.cn/samples/nginx

        docker pull myregistry.azurecr.cn/samples/nginx

    * 本地删除映像

        docker rmi myregistry.azurecr.cn/samples/nginx

    * 删除acr中的映像

        az acr repository delete --name myregistry --image samples/nginx:latest

安全认证

* 创建服务主体

#!/bin/bash

# Modify for your environment.

# ACR_NAME: The name of your Azure Container Registry

# SERVICE_PRINCIPAL_NAME: Must be unique within your AD tenant

ACR_NAME=

SERVICE_PRINCIPAL_NAME=acr-service-principal

# Obtain the full registry ID for subsequent command args

ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)

# Create the service principal with rights scoped to the registry.

# Default permissions are for docker pull access. Modify the '--role'

# argument value as desired:

# reader: pull only

# contributor: push and pull

# owner: push, pull, and assign roles

SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role reader --query password --output tsv)

SP_APP_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)

# Output the service principal's credentials; use these in your services and # applications to authenticate to the container registry.

echo "Service principal ID: $SP_APP_ID"

echo "Service principal password: $SP_PASSWD"

* 使用服务主体进行身份验证

        ** 在Docker Login中使用

        docker login myregistry.azurecr.cn --username$SP_APP_ID--password$SP_PASSWD

        ** 与证书一起使用

        az login --service-principal --username$SP_APP_ID --tenant$SP_TENANT_ID --password/path/to/cert/pem/file

        azacrlogin --namemyregistry        

你可能感兴趣的:(Azure - ACR的命令行使用方式)