Azure Container Registries on Azure Stack Hub overview

You can use the Azure Container Registry (ACR) on Azure Stack Hub to store and manage container images and artifacts. With the Public Preview release, you can create and manage container registries by using the Azure Stack Hub user portal or by using commands in PowerShell, Azure CLI, and the Docker CLI.

ACR on Azure Stack Hub allows users to store and retrieve OCI images, assign role-based access control (RBAC) permissions, and create webhooks

Important

Azure Container Registry on Azure Stack Hub is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Features of ACR on Azure Stack Hub

Azure Stack Hub support for ACR compared to ACR on Azure:

Feature ACR in Azure ACR in Azure Stack Hub Public Preview
Portal Yes Yes
Multi-tenant Hosted service Yes Yes
Docker registry Yes Yes
Helm support Yes Yes
OCI support Yes Yes
Identity & Access Management Azure AD Azure AD/AD FS
RBAC Registry Registry
Remote Repository (Mirror) No No
OSS Vulnerability Scanning Yes No
Retention Yes No
Content Trust Yes No
Replication Yes No
Webhooks Yes Yes
Private Networks Yes No

ACR on Azure and ACR on Azure Stack Hub

Azure Stack Hub key differences for ACR compared to ACR on Azure:

Aspect Container Registry on Azure Container Registry and Azure Stack Hub
Service Tiers (SKUs) Registry service tiers and features - Azure Container Registry | Microsoft Docs By default a single service tier (SKU) is available to create on Azure Stack Hub with a maximum of 100 GB of storage and 10 webhooks. Azure Stack Hub operators may customize that storage limit lower based on needs.
Login Server <registry-name>.azurecr.io
(All lower case)
<registry-name>.azsacr.<regionname>.<fqdn>
(All lower case)
Example: myregistry.azsacr.azurestack.contoso.com

Service tier features and limits

The following table details the features and registry limits of the Azure Stack Hub service tier.

Resource Azure Stack Hub
Included storage1 (GB) 100
Storage limit2 (GB) 100
Maximum image layer size (GB) 100
ReadOps per minute3, 4 N/A
WriteOps per minute3, 5 N/A
Download bandwidth3 (MBPS) N/A
Upload bandwidth3 (MBPS) N/A
Webhooks 10
Geo-replication N/A
Availability zones N/A
Content trust N/A
Private link with private endpoints N/A
- Private endpoints N/A
Public IP network rules N/A
Service endpoint VNet access N/A
Customer-managed keys N/A
Repository-scoped permissions N/A
- Tokens N/A
- Scope maps N/A
- Repositories per scope map N/A

1. Storage included in the rate for each tier.

2. Maximum storage allowed for a registry. Operators may offer less storage through quotas.

3. ReadOps, WriteOps, and Bandwidth will vary based on Azure Stack Hub configuration and user workloads.

4. docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.

5. docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.

Supported Commands

A subset of CLI and PowerShell commands are supported for Azure Container Registry on Azure Stack Hub. The full list is available here: Supported Commands.

Pricing

Similar to most public previews, the public preview of Azure Container Registry on Azure Stack Hub is free. Details of pricing will be shared prior to the GA release of the service.

Next steps

Learn about Kubernetes on Azure Stack Hub