Skip to content
Learni
View all tutorials
Cloud Computing

How to Manage Azure Container Registry with Azure CLI in 2026

15 minINTERMEDIATE
DevOpsDockerAzure
Lire en français

Introduction

Azure Container Registry (ACR) is a managed service for storing and managing Docker images and OCI artifacts. In 2026, it remains essential for secure CI/CD pipelines in Azure. This intermediate tutorial walks you through creating a registry, pushing images, and integrating it into your deployments. You will learn how to use Azure CLI to automate common tasks while applying access controls and network rules. Each step includes complete, functional code you can copy directly.

Prerequisites

  • Azure CLI 2.50+ installed and configured
  • An active Azure subscription
  • Docker Desktop for local testing
  • Basic knowledge of containers and RBAC

Create the ACR Registry

create-acr.sh
#!/bin/bash
az login
az group create --name rg-acr-demo --location westeurope
az acr create --resource-group rg-acr-demo --name acrdemo2026 --sku Premium --location westeurope

This command creates a resource group and an ACR registry in the Premium SKU to enable advanced features such as geo-replication and network rules.

Verify the Registry

After creation, verify the registry status and retrieve the login URL. This confirms the service is ready to receive images.

Create a Sample Dockerfile

Dockerfile
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]

This minimal Dockerfile produces an optimized Node.js image. It is designed to be built and pushed directly to ACR.

Build and Push the Image

Use ACR-integrated Docker commands to build and push without additional manual authentication.

Build and Push to ACR

build-push.sh
#!/bin/bash
az acr build --registry acrdemo2026 --image myapp:v1.0 .
az acr repository list --name acrdemo2026

az acr build compiles the image locally and pushes it directly to the registry. The second command lists repositories to confirm success.

Authentication and Pull

Configure Azure AD authentication for your production environments and test image pulls.

Secure Login and Pull

login-pull.sh
#!/bin/bash
az acr login --name acrdemo2026
docker pull acrdemo2026.azurecr.io/myapp:v1.0

az acr login uses your Azure identity for authentication without Docker tokens. This avoids passwords and strengthens security.

Add a Network Rule

network-rule.sh
#!/bin/bash
az acr update --name acrdemo2026 --public-network-enabled false
az acr network-rule add --name acrdemo2026 --ip-address 51.0.0.0/24

Disable public access and restrict access to authorized IP ranges. This configuration is critical for production environments.

Best Practices

  • Always use the Premium SKU for advanced security features
  • Enable Azure AD authentication and disable password access
  • Implement retention and automatic image cleanup rules
  • Enable geo-replication for high availability
  • Monitor metrics with Azure Monitor and configure alerts

Common Mistakes to Avoid

  • Forgetting to switch to Premium SKU before enabling network rules
  • Using personal credentials instead of managed identities in pipelines
  • Ignoring webhook configuration for automatic updates
  • Leaving public access enabled on registries containing sensitive images

Next Steps

Integrate ACR with Azure DevOps or GitHub Actions for complete pipelines. Explore our Learni training dedicated to Azure and containers.

How to Manage Azure Container Registry with Azure CLI in 2026 | Learni