Day 8: Docker Hub & Azure Container Registry – Storing Images

Part of the #100DaysOfDevOps Challenge

Introduction: Why Do We Need a Container Registry?

Imagine you’ve built a containerized application. Now, how do you share it with:

? Your team so they can run the same image?

? A CI/CD pipeline for automated deployments?

? A Kubernetes cluster for production use?

You need a container registry – a place to store, version, and distribute your Docker images.

Today, we’ll explore Docker Hub and Azure Container Registry (ACR), their use cases, how they work, and which one you should use based on your needs.

What is Docker Hub? – The GitHub for Containers

Docker Hub is a public cloud-based repository where developers store and share container images.

It's like GitHub for Docker images, providing:

? Public & Private Repositories – Store images for free or privately

? Pre-Built Official Images – Get verified images from MySQL, Nginx, Redis, etc.

? Automated Builds – Automatically build and push images from GitHub

? Rate Limits & Access Control – Manage image downloads securely

Real-World Use Case:

Netflix engineers pull official Docker images from Docker Hub to ensure they run trusted and up-to-date versions of services like Nginx or Node.js.

What is Azure Container Registry (ACR)? – Enterprise-Grade Image Management

Azure Container Registry (ACR) is a fully managed, private container registry service provided by Microsoft Azure to store, manage, and deploy container images and related artifacts securely.

It allows developers and DevOps teams to build, push, and pull container images used for deployments in Azure Kubernetes Service (AKS), Azure App Service, and other Azure services.

Key Features of ACR:

• Private & Secure: Stores container images in a private registry with Azure Active Directory (AAD) authentication and role-based access control (RBAC).
• Multi-Region Replication: Supports geo-replication, allowing image synchronisation across multiple Azure regions for better availability and disaster recovery.
• Integration with CI/CD Pipelines: Easily integrates with Azure DevOps, GitHub Actions, and Jenkins for automated container builds and deployments.
• Automated Image Builds: Supports ACR Tasks, enabling automated image builds, updates, and scanning when changes occur in base images.
• Support for Multiple Formats: Stores Docker container images, Helm charts, OCI artifacts, and other related files.
• Scalability: Provides different tiers (Basic, Standard, and Premium) to meet various workload requirements.
• Network Security: Supports private endpoints, firewall rules, and virtual network integration for secure access.

Use Cases:

? Storing and managing container images for Azure Kubernetes Service (AKS) and App Service

? Automating container builds and updates in CI/CD pipelines

? Ensuring high availability of images with geo-replication

? Improving security with image scanning and access control

Why Use Azure Container Registry (ACR) Instead of Docker Hub?

1?? Private & Secure Image Storage

• ACR: Provides a fully private registry with Azure Active Directory (AAD) authentication, role-based access control (RBAC), and integration with Azure security tools.
• Docker Hub: Public images are free, but private repositories require a paid plan and have pull rate limits.

2?? Better Integration with Azure Services

• ACR: Seamlessly integrates with Azure Kubernetes Service (AKS), Azure App Service, Azure DevOps, and other Azure services.
• Docker Hub: Requires additional authentication and network configuration for integration with Azure.

3?? Higher Performance & Scalability

• ACR: Supports geo-replication, enabling fast image access across multiple Azure regions with reduced latency.
• Docker Hub: Pull requests from different regions may experience slower speeds due to high demand and network distance.

4?? No Pull Rate Limits

• ACR: No rate limits for pulling images, ensuring uninterrupted deployments.
• Docker Hub: Enforces pull rate limits (100 pulls per 6 hours for anonymous users, 200 for free accounts), which can disrupt CI/CD pipelines.

5?? Automated Builds & Image Scanning

• ACR: Supports ACR Tasks to automate container image builds, vulnerability scanning, and base image updates.
• Docker Hub: Requires Docker Hub Pro or Team plans for automated builds and vulnerability scanning.

6?? Network Security & Compliance

• ACR: Supports private endpoints, firewall rules, and virtual network integration for enhanced security.
• Docker Hub: Requires additional security configurations to restrict public access.

7?? Cost-Effective for Enterprises

• ACR: Predictable pricing based on usage (Basic, Standard, Premium tiers).
• Docker Hub: Additional costs for private repositories, team access, and advanced features.

When Should You Use ACR?

? If you are deploying containers to Azure services (AKS, App Service, Functions, etc.)

? If you need private, secure storage with Azure RBAC & AAD authentication

? If you want faster image access with geo-replication

? If your CI/CD pipelines require unlimited pulls and automated builds

? If you need better security controls and network isolation

?? Choose Docker Hub if you’re working on open-source projects or need public image hosting.

?? Choose ACR if you need enterprise-level security, compliance, and private storage.

Real-World Use Case:

A bank using Kubernetes on Azure stores its internal micro-services in ACR, ensuring images are securely managed and comply with governance policies.

Hands-On: Storing an Image in Docker Hub & Azure Container Registry (ACR)

?? Prerequisites

? Docker Installed: Ensure Docker Desktop or Docker CLI is installed on your system. Install Docker

? Azure CLI Installed: Install Azure CLI for managing Azure resources. Install Azure CLI

? Azure Subscription: You must have an active Azure subscription. Get a free Azure account

? Docker Hub Account: You need an account on Docker Hub.

? Azure Container Registry (ACR) Created: If not already created, we will create one.

Part 1: Storing an Image in Docker Hub

Step 1: Login to Docker Hub

docker login
        

It will prompt for Docker Hub username and password. Enter the credentials to authenticate.

Step 2: Create a Sample Docker Image

1?? Create a new Dockerfile with the following content:

# Use a base image
FROM nginx:latest

# Set a custom message on the homepage
RUN echo "<h1>Hello from Docker!</h1>" > /usr/share/nginx/html/index.html

# Expose port 80
EXPOSE 80
        

2?? Build the image:

docker build -t mynginx:v1 .
        

3?? Verify the image is created:

docker images
        

Step 3: Tag the Image for Docker Hub

Docker images need to be tagged before pushing to Docker Hub. The format is:

docker tag mynginx:v1 <your-dockerhub-username>/mynginx:v1
        

Example:

docker tag mynginx:v1 shruthic/mynginx:v1
        

Step 4: Push the Image to Docker Hub

docker push <your-dockerhub-username>/mynginx:v1
        

Example:

docker push shruthic/mynginx:v1
        

? Verify on Docker Hub:

• Log in to Docker Hub
• Navigate to Repositories and check for the uploaded image.

Part 2: Storing an Image in Azure Container Registry (ACR)

Step 1: Login to Azure

az login
        

This will open a browser window for authentication.

Step 2: Create an Azure Container Registry (ACR)

az acr create --resource-group <your-resource-group> --name <your-acr-name> --sku Basic
        

Example:

az acr create --resource-group myResourceGroup --name myACR --sku Basic
        

Replace myResourceGroup with your Azure resource group name and myACR with your ACR name (must be unique).

Step 3: Login to ACR

az acr login --name <your-acr-name>
        

Example:

az acr login --name myACR
        

Step 4: Get ACR Login Server Name

az acr show --name <your-acr-name> --query loginServer --output tsv
        

Example output:

myacr.azurecr.io
        

Step 5: Tag the Image for ACR

Use the ACR login server name to tag the image.

docker tag mynginx:v1 <acr-login-server>/mynginx:v1
        

Example:

docker tag mynginx:v1 myacr.azurecr.io/mynginx:v1
        

Step 6: Push the Image to ACR

docker push <acr-login-server>/mynginx:v1
        

Example:

docker push myacr.azurecr.io/mynginx:v1
        

Step 7: Verify the Image in ACR

az acr repository list --name <your-acr-name> --output table
        

Example:

az acr repository list --name myACR --output table
        

You should see mynginx listed in the ACR repository.

Summary:-

Docker Hub: Used for public and private image storage, requires authentication and has pull limits.

Azure Container Registry (ACR): Fully managed, private, and integrates with Azure services like AKS, App Service, and DevOps Pipelines.

Tagging & Pushing: Images need to be properly tagged before pushing to Docker Hub or ACR.

Docker Commands (Basic to Advanced & Important)

?? Basic Docker Commands

1. Verify Docker Installation

docker --version      # Check Docker version
docker info           # Get system-wide information about Docker
        

2. Manage Docker Images

docker pull <image>                     # Download an image from Docker Hub
docker images                            # List all downloaded images
docker rmi <image_id>                    # Remove an image
docker tag <image_id> <new_name:tag>     # Tag an image with a new name
        

Example:

docker pull nginx
docker tag nginx mynginx:v1
        

3. Manage Containers

docker run <image>                        # Run a container from an image
docker run -d <image>                      # Run container in detached mode
docker run -it <image> bash                # Run container in interactive mode with shell
docker ps                                  # List running containers
docker ps -a                               # List all containers (running & stopped)
docker stop <container_id>                 # Stop a running container
docker start <container_id>                # Start a stopped container
docker restart <container_id>              # Restart a container
docker rm <container_id>                   # Remove a container
docker logs <container_id>                 # View container logs
docker inspect <container_id>              # Get detailed information about a container
        

Example:

docker run -d --name mynginx nginx
docker logs mynginx
        

?? Intermediate Docker Commands

4. Running Containers with Ports & Volumes

docker run -p 8080:80 nginx                # Map port 8080 of host to 80 of container
docker run -v /host/path:/container/path <image>  # Mount a volume
docker volume create myvolume              # Create a named volume
docker volume ls                            # List available volumes
docker run -d -v myvolume:/data nginx       # Use a named volume inside a container
        

5. Container Networking

docker network ls                          # List networks
docker network create mynetwork            # Create a custom network
docker network inspect mynetwork           # Inspect network details
docker network connect mynetwork <container_id>  # Connect a container to a network
        

6. Copy Files Between Host & Container

docker cp <host_path> <container_id>:<container_path>   # Copy from host to container
docker cp <container_id>:<container_path> <host_path>   # Copy from container to host
        

?? Advanced Docker Commands

7. Creating & Managing Dockerfiles

docker build -t <image_name> .             # Build an image from a Dockerfile
docker build -f <path_to_dockerfile> -t <image_name> .  # Build from a specific file
        

Example Dockerfile:

FROM nginx:latest
COPY index.html /usr/share/nginx/html/index.html
CMD ["nginx", "-g", "daemon off;"]
        

Build the image:

docker build -t custom-nginx .
        

8. Docker Compose

docker-compose up -d    # Start services in detached mode
docker-compose down     # Stop and remove all containers and networks
docker-compose ps       # List running services
docker-compose logs     # View logs of all services
        

Example docker-compose.yml:

version: '3'
services:
  web:
    image: nginx
    ports:
      - "8080:80"
        

Run:

docker-compose up -d
        

9. Container Resource Limits

docker run --memory="512m" --cpus="1.5" <image>  # Limit memory & CPU
        

10. Saving & Loading Docker Images

docker save -o myimage.tar <image>    # Save an image to a tar file
docker load -i myimage.tar            # Load an image from a tar file
        

11. Export & Import Containers

docker export -o mycontainer.tar <container_id>  # Export container filesystem
docker import mycontainer.tar myimportedimage    # Import container as an image
        

12. Clean Up Unused Resources

docker system prune -a  # Remove unused images, containers, and networks
docker volume prune     # Remove unused volumes
        

Kubernetes & Registry Integration

13. Pushing Images to Docker Hub

docker login
docker tag myimage myusername/myimage:v1
docker push myusername/myimage:v1
        

14. Pushing Images to Azure Container Registry (ACR)

az acr login --name myacr
docker tag myimage myacr.azurecr.io/myimage:v1
docker push myacr.azurecr.io/myimage:v1
        

15. Running Containers in Kubernetes

kubectl create deployment myapp --image=myimage
kubectl expose deployment myapp --type=LoadBalancer --port=80
        

Debugging & Security Commands

16. Debug Running Containers

docker exec -it <container_id> /bin/sh  # Open a shell inside a running container
docker stats                             # Show real-time resource usage of containers
docker top <container_id>                # Show running processes in a container
        

17. Scan Docker Image for Vulnerabilities

docker scan <image>
        

18. Run a Container with Read-Only Filesystem for Security

docker run --read-only -d nginx
        

?? Security & Best Practices for Storing Images

When storing and managing images (such as Docker container images, user-uploaded photos, or application assets), security is a top priority.

Poor security practices can lead to unauthorised access, vulnerabilities, or increased storage costs. Below are key best practices to follow:

1?? Use Private Repositories – Keep Sensitive Images Secure

Why?

Public repositories expose your images to everyone, increasing the risk of unauthorised access or leaks. Keeping images private ensures only authorised users can access them.

How to Implement?

• Use private container registries (e.g., Docker Hub, AWS ECR, Azure Container Registry, GitHub Packages).
• Set up IAM roles and policies to restrict who can pull or push images.
• For user-uploaded images, store them in private cloud storage (e.g., AWS S3 with private ACLs).

Best Practices:

? Use access tokens instead of storing credentials in scripts.

? Regularly audit access permissions to prevent unintended exposure.

? Enable Multi-Factor Authentication (MFA) for added security.

2?? Enable Image Scanning – Detect Vulnerabilities Before Deploying

Why?

Malicious or outdated images can introduce security vulnerabilities, leading to system breaches or exploits.

How to Implement?

• Enable automated vulnerability scanning in your container registry (e.g., AWS ECR, Azure Security Center, Trivy for Kubernetes).
• Use tools like Clair, Aqua Security, or Anchore to scan images before deploying.
• Implement CI/CD pipeline security checks to prevent deploying vulnerable images.

Best Practices:

? Regularly scan images before deployment.

? Keep base images updated to reduce risks from outdated dependencies.

? Set up alerts for newly discovered vulnerabilities.

3?? Implement Least Privilege Access – Grant Minimal Permissions

Why?

Granting excessive permissions increases security risks if credentials are compromised.

How to Implement?

• Follow Principle of Least Privilege (PoLP) by granting only the required access.
• Use role-based access control (RBAC) in cloud platforms (AWS IAM, Azure RBAC, Kubernetes RBAC).
• Restrict access to specific IP addresses or virtual networks when possible.

Best Practices:

? Avoid giving "admin" or "root" access to users unless necessary.

? Use secrets management tools (e.g., AWS Secrets Manager, HashiCorp Vault) instead of storing credentials in code.

? Rotate credentials regularly to minimise risk exposure.

4?? Clean Up Old Images – Avoid Unnecessary Storage Costs

Why?

Storing outdated or unused images increases storage costs and security risks from outdated dependencies.

How to Implement?

• Set up image retention policies in your registry (e.g., delete images older than 30 days).
• Use automated cleanup scripts to remove untagged or unused images.
• Regularly audit and delete unused Docker images from local environments.

Best Practices:

? Use "latest" tag wisely – avoid overwriting critical images.

? Keep only stable, well-tested images in production.

? Enable lifecycle policies to automatically remove old images.

5?? Use Multi-Stage Builds – Reduce Image Size and Attack Surface

Why?

Large images increase the attack surface, slow down deployments, and consume more storage.

How to Implement?

• Use multi-stage Docker builds to include only essential files in the final image.
• Start with minimal base images like alpine or distroless instead of ubuntu or debian.
• Remove unnecessary dependencies and tools after installation.

Example:

# Stage 1: Build application
FROM golang:1.18 AS builder
WORKDIR /app
COPY . .
RUN go build -o myapp

# Stage 2: Create final lightweight image
FROM alpine:latest
WORKDIR /app
COPY --from=builder /app/myapp .
CMD ["./myapp"]
        

Best Practices:

? Use small and secure base images (alpine, scratch, distroless).

? Minimise RUN instructions to avoid unnecessary layers.

? Scan built images for unused dependencies and security vulnerabilities.

?? Real-World Industry Use Cases

?? How Companies Use Docker Registries in Production

Docker registries play a critical role in managing containerised applications at scale.

From CI/CD pipelines to multi-cloud deployments, companies rely on private and public container registries for efficiency, security, and automation.

Below are real-world industry use cases of how enterprises leverage Docker registries in production:

1?? CI/CD Pipelines – Automating Software Delivery

Industry: Tech, Finance, Retail Use Case: Companies integrate Docker registries into CI/CD pipelines to store, version, and distribute container images across environments.

?? Example:

• Netflix, Spotify, and PayPal use Docker registries to deploy microservices continuously across their cloud infrastructure.
• Jenkins, GitHub Actions, and GitLab CI/CD push Docker images to AWS ECR, Azure Container Registry (ACR), or Docker Hub before deploying to Kubernetes.
• Automated vulnerability scanning ensures only secure images reach production.

?? Benefits:

? Faster deployment cycles

? Improved rollback and versioning control

? Secure, tested images before deployment

?? 2?? Private & Secure Image Storage

Industry: Healthcare, Banking, Government Use Case: Organizations dealing with sensitive data use private Docker registries to store images securely, ensuring compliance with regulations like GDPR, HIPAA, and PCI-DSS.

?? Example:

• Banks (JPMorgan Chase, Goldman Sachs) use self-hosted registries to protect financial transaction services.
• Healthcare providers store medical imaging AI models in private registries (Harbor, JFrog Artifactory) to meet compliance.
• Defense & government agencies rely on air-gapped registries for added security.

?? Benefits:

? Access control policies for better security

? Compliance with industry regulations

? Protection against data leaks and unauthorized access

?? 3?? Multi-Cloud & Hybrid Cloud Deployments

Industry: E-commerce, SaaS, Cloud Providers Use Case: Large enterprises deploy containers across AWS, Azure, Google Cloud, and on-prem using multi-cloud-compatible Docker registries.

?? Example:

• Walmart & eBay store images in multi-region Docker registries (Amazon ECR, Google Artifact Registry, Azure ACR) to reduce latency.
• Salesforce & Shopify deploy workloads dynamically in different clouds using Docker registries as part of a hybrid cloud strategy.

?? Benefits:

? Reduces cloud vendor lock-in

? Improves disaster recovery and failover

? Ensures low-latency deployments across regions

?? 4?? Microservices Architecture & Kubernetes

Industry: SaaS, Telecom, Media Use Case: Companies use Docker registries to store and manage microservices deployed in Kubernetes clusters.

?? Example:

• Uber, Airbnb, and Twitter run thousands of microservices stored in AWS ECR, Google Artifact Registry, or Harbor.
• Netflix pulls images from a global registry into Kubernetes clusters to scale streaming services dynamically.

?? Benefits:

? Faster container startup times

? Rollback & version control of microservices

? Supports blue-green & canary deployments

??? 5?? DevSecOps – Security & Compliance in Image Pipelines

Industry: Cybersecurity, Enterprise Software Use Case: Enterprises integrate security scanning in CI/CD workflows to detect vulnerabilities in container images.

?? Example:

• Microsoft & IBM enforce Docker image scanning in Azure DevOps pipelines using Trivy, Aqua Security, or Clair.
• Red Hat OpenShift uses Quay registry for policy-based security scanning before deploying containers.

??? Benefits:

? Prevents security vulnerabilities from reaching production

? Reduces risk of supply chain attacks

? Helps organizations meet ISO 27001, SOC 2, and NIST standards

?? 6?? Edge Computing & IoT – Deploying Containers at Scale

Industry: Automotive, Smart Cities, Industrial IoT Use Case: Companies use private registries to deploy lightweight Docker images to edge devices, drones, and autonomous vehicles.

?? Example:

• Tesla & BMW update AI models in autonomous cars using containerized deployments.
• Smart cities deploy 5G edge computing workloads from a private Docker registry to manage IoT traffic in real time.
• Retail & logistics use Docker registries to update self-checkout kiosks, warehouse robots, and delivery drones.

?? Benefits:

? Efficient deployment to low-bandwidth environments

? Reduces downtime with OTA (Over-the-Air) updates

? Ensures consistent software across thousands of edge devices

?? 7?? AI/ML Model Deployment in Containers

Industry: AI/ML, Data Science, Cloud Computing Use Case: AI models are containerized and stored in Docker registries to ensure reproducibility and scalability.

?? Example:

• Google AI & OpenAI use containerized machine learning models stored in Google Artifact Registry to serve models via Kubernetes.
• Hugging Face & NVIDIA store deep learning models as containerized applications in Docker Hub & NVIDIA NGC.

?? Benefits:

? Easy model versioning & rollback

? Scalable AI inference on cloud or edge

? Faster deployment of ML models into Kubernetes clusters

What’s Next? Day 9 – Kubernetes Fundamentals: Nodes, Pods, Deployments!

Now that we’ve stored our container images, it’s time to deploy them!

In Day 9, we’ll cover:

?? What is Kubernetes, and why is it the industry standard?

?? Understanding Nodes, Pods, and Deployments

?? Step-by-step Kubernetes setup with real-world examples

?? Follow Shruthi Chikkela on LinkedIn for more DevOps insights!

?? Subscribe to my newsletter to stay ahead in your DevOps journey!