Azure Container Registry user overview

You can use Azure Container Registry on Azure Stack Hub to store and manage container images and artifacts. With Azure Container Registry on Azure Stack Hub, you can create and manage container registries by using the Azure Stack Hub user portal or by using commands in PowerShell, Azure CLI, and the Docker CLI.

Azure Container Registry on Azure Stack Hub allows users to store and retrieve OCI images, assign role-based access control (RBAC) permissions, and create webhooks.

Features of Azure Container Registry on Azure Stack Hub

The following table shows Azure Stack Hub support for Azure Container Registry compared to Azure Container Registry on Azure:

Feature Azure Container Registry in Azure Azure Container Registry in Azure Stack Hub
Portal Yes Yes
Multi-tenant hosted service Yes Yes
Docker registry Yes Yes
Helm support Yes Yes
OCI support Yes Yes
Identity and access management Microsoft Entra ID Microsoft Entra / AD FS
RBAC Registry Registry
Remote repository (mirror) No No
OSS vulnerability scanning Yes No
Retention Yes No
Content trust Yes No
Replication Yes No
Webhooks Yes Yes
Private networks Yes No

Azure Container Registry on Azure and Azure Container Registry on Azure Stack Hub

The following table shows Azure Stack Hub key differences for Azure Container Registry compared to Azure Container Registry on Azure:

Aspect Container Registry on Azure Container Registry and Azure Stack Hub
Service tiers (SKUs) Registry service tiers and features - Azure Container Registry By default, a single service tier (SKU) is available to create on Azure Stack Hub with a maximum of 100 GB of storage and 10 webhooks. Azure Stack Hub operators can lower that storage limit based on needs.
Login server <registry-name>.azurecr.io
(All lower case)
<registry-name>.azsacr.<regionname>.<fqdn>
(All lower case)
Example: myregistry.azsacr.azurestack.contoso.com

Service tier features and limits

The following table shows the features and registry limits of the Azure Stack Hub service tier:

Resource Azure Stack Hub
Included storage1 (GB) 100
Storage limit2 (GB) 100
Maximum image layer size (GB) 100
ReadOps per minute3, 4 N/A
WriteOps per minute3, 5 N/A
Download bandwidth3 (MBPS) N/A
Upload bandwidth3 (MBPS) N/A
Webhooks 10
Geo-replication N/A
Availability zones N/A
Content trust N/A
Private link with private endpoints N/A
- Private endpoints N/A
Public IP network rules N/A
Service endpoint VNet access N/A
Customer-managed keys N/A
Repository-scoped permissions N/A
- Tokens N/A
- Scope maps N/A
- Repositories per scope map N/A

1 Storage included in the rate for each tier.

2 Maximum storage allowed for a registry. Operators can offer less storage through quotas.

3 ReadOps, WriteOps, and Bandwidth vary based on Azure Stack Hub configuration and user workloads.

4 docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.

5 docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.

Supported commands

A subset of CLI and PowerShell commands are supported for Azure Container Registry on Azure Stack Hub. The full list is available here: Supported Commands.

Next steps

Learn about Kubernetes on Azure Stack Hub