Azure Container registries has a typical login url of the format *.azurecr.io. A customer might like to have a custom domain that associate with its own organization. The following is the guide on how to achieve that.
For this example, we suppose that you want to associate registry.contoso.com with a Azure Container Registry. You would need the following:
- Setup your organization's DNS zone
.contoso.com. To create one on Azure, you can follow this guide - SSL certificate for
registry.contoso.com, we would call itcontoso.pfx. Put the password of the certificate to a file namedpwd.txt. You would optionally also need your signing CA certificate's URL, such ashttp://www.contoso.com/pki/ca.cert - An instance of Azure Container Registry service as the backend. In this example we would assume it's
docker-registry-contoso.azurecr.io
Under key-vault-setup/, run the following:
-
(Optional) Create an Azure Key Vault, if you don't already have one:
`.\ensure-vault.ps1 -subscriptionName <subscription> -resourceGroupName <resourceGroup> -vaultName <new VaultName>` -
Upload
contoso.pfxto Azure Key Vault:`.\upload-cert.ps1 -pfxFilePath <pfxFile> -pfxPwFile <pwdFile> -secretName <new SecretName> -vaultName <vaultName>`
Deploy via Azure Portal
Alternatively, to deploy using powershell script, docker-vm-deploy/, do the following:
-
Edit azuredeploy.parameters.json and populate all necessary parameters
-
Run the following script to create the new VM:
`.\deploy.ps1 -resourceGroupName <resourceGroup>`
Configure the DNS zone so registry.contoso.com points to the Azure VM you have just created. If you are using an Azure DNS Zone. You can use the following command:
New-AzureRmDnsRecordSet -Name <registry> -RecordType CNAME -ZoneName <contoso.com> -ResourceGroupName <resourceGroup> -Ttl <Ttl> -DnsRecords (New-AzureRmDnsRecordConfig -Cname <AddrToAboveVM>)
A simple way to test the setup is to call docker login to quickly confirm that the requests are properly forwarded:
docker login -u <username> -p <password> registry.contoso.com