Azure Container Registries on Azure Stack Hub overview
You can use the Azure Container Registry (ACR) on Azure Stack Hub to store and manage container images and artifacts. With the Public Preview release, you can create and manage container registries by using the Azure Stack Hub user portal or by using commands in PowerShell, Azure CLI, and the Docker CLI.
ACR on Azure Stack Hub allows users to store and retrieve OCI images, assign role-based access control (RBAC) permissions, and create webhooks
Important
Azure Container Registry on Azure Stack Hub is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Features of ACR on Azure Stack Hub
Azure Stack Hub support for ACR compared to ACR on Azure:
| Feature | ACR in Azure | ACR in Azure Stack Hub Public Preview |
|---|---|---|
| Portal | Yes | Yes |
| Multi-tenant Hosted service | Yes | Yes |
| Docker registry | Yes | Yes |
| Helm support | Yes | Yes |
| OCI support | Yes | Yes |
| Identity & Access Management | Microsoft Entra ID | Microsoft Entra / AD FS |
| RBAC | Registry | Registry |
| Remote Repository (Mirror) | No | No |
| OSS Vulnerability Scanning | Yes | No |
| Retention | Yes | No |
| Content Trust | Yes | No |
| Replication | Yes | No |
| Webhooks | Yes | Yes |
| Private Networks | Yes | No |
ACR on Azure and ACR on Azure Stack Hub
Azure Stack Hub key differences for ACR compared to ACR on Azure:
| Aspect | Container Registry on Azure | Container Registry and Azure Stack Hub |
|---|---|---|
| Service Tiers (SKUs) | Registry service tiers and features - Azure Container Registry | Microsoft Docs | By default a single service tier (SKU) is available to create on Azure Stack Hub with a maximum of 100 GB of storage and 10 webhooks. Azure Stack Hub operators may customize that storage limit lower based on needs. |
| Login Server | <registry-name>.azurecr.io(All lower case) |
<registry-name>.azsacr.<regionname>.<fqdn> (All lower case) Example: myregistry.azsacr.azurestack.contoso.com |
Service tier features and limits
The following table details the features and registry limits of the Azure Stack Hub service tier.
| Resource | Azure Stack Hub |
|---|---|
| Included storage1 (GB) | 100 |
| Storage limit2 (GB) | 100 |
| Maximum image layer size (GB) | 100 |
| ReadOps per minute3, 4 | N/A |
| WriteOps per minute3, 5 | N/A |
| Download bandwidth3 (MBPS) | N/A |
| Upload bandwidth3 (MBPS) | N/A |
| Webhooks | 10 |
| Geo-replication | N/A |
| Availability zones | N/A |
| Content trust | N/A |
| Private link with private endpoints | N/A |
| - Private endpoints | N/A |
| Public IP network rules | N/A |
| Service endpoint VNet access | N/A |
| Customer-managed keys | N/A |
| Repository-scoped permissions | N/A |
| - Tokens | N/A |
| - Scope maps | N/A |
| - Repositories per scope map | N/A |
1. Storage included in the rate for each tier.
2. Maximum storage allowed for a registry. Operators may offer less storage through quotas.
3. ReadOps, WriteOps, and Bandwidth will vary based on Azure Stack Hub configuration and user workloads.
4. docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.
5. docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.
Supported Commands
A subset of CLI and PowerShell commands are supported for Azure Container Registry on Azure Stack Hub. The full list is available here: Supported Commands.
Pricing
Similar to most public previews, the public preview of Azure Container Registry on Azure Stack Hub is free. Details of pricing will be shared prior to the GA release of the service.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for