Artifact Cache - Overview
Artifact Cache feature allows users to cache container images in a private container registry. Artifact Cache is available in Basic, Standard, and Premium service tiers.
This article is part one in a six-part tutorial series. The tutorial covers:
- Artifact Cache
- Enable Artifact Cache - Azure portal
- Enable Artifact Cache with authentication - Azure portal
- Enable Artifact Cache - Azure CLI
- Enable Artifact Cache with authentication - Azure CLI
- Troubleshooting guide for Artifact Cache
Artifact Cache
Artifact Cache enables you to cache container images from public and private repositories.
Implementing Artifact Cache provides the following benefits:
More Reliable pull operations: Faster pulls of container images are achievable by caching the container images in ACR. Since Microsoft manages the Azure network, pull operations are faster by providing Geo-Replication and Availability Zone support to the customers.
Private networks: Cached registries are available on private networks. Therefore, users can configure their firewall to meet compliance standards.
Ensuring upstream content is delivered: All registries, especially public ones like Docker Hub and others, have anonymous pull limits in order to ensure they can provide services to everyone. Artifact Cache allows users to pull images from the local ACR instead of the upstream registry. Artifact Cache ensures the content delivery from upstream and users gets the benefit of pulling the container images from the cache without counting to the pull limits.
Terminology
Cache Rule - A Cache Rule is a rule you can create to pull artifacts from a supported repository into your cache.
A cache rule contains four parts:
Rule Name - The name of your cache rule. For example,
Hello-World-Cache
.Source - The name of the Source Registry.
Repository Path - The source path of the repository to find and retrieve artifacts you want to cache. For example,
docker.io/library/hello-world
.New ACR Repository Namespace - The name of the new repository path to store artifacts. For example,
hello-world
. The Repository can't already exist inside the ACR instance.
Credentials
Credentials are a set of username and password for the source registry. You require Credentials to authenticate with a public or private repository. Credentials contain four parts
Credentials - The name of your credentials.
Source registry Login Server - The login server of your source registry.
Source Authentication - The key vault locations to store credentials.
Username and Password secrets- The secrets containing the username and password.
Upstream support
Artifact Cache currently supports the following upstream registries:
Upstream registries | Support | Availability |
---|---|---|
Docker Hub | Supports both authenticated pulls and unauthenticated pulls. | Azure CLI, Azure portal |
Microsoft Artifact Registry | Supports unauthenticated pulls only. | Azure CLI, Azure portal |
ECR Public | Supports unauthenticated pulls only. | Azure CLI, Azure portal |
GitHub Container Registry | Supports both authenticated pulls and unauthenticated pulls. | Azure CLI, Azure portal |
Nvidia | Supports both authenticated pulls and unauthenticated pulls. | Azure CLI |
Quay | Supports both authenticated pulls and unauthenticated pulls. | Azure CLI, Azure portal |
registry.k8s.io | Supports both authenticated pulls and unauthenticated pulls. | Azure CLI |
Limitations
Artifact Cache feature doesn't support Customer managed key (CMK) enabled registries.
Cache will only occur after at least one image pull is complete on the available container image. For every new image available, a new image pull must be complete. Artifact Cache doesn't automatically pull new tags of images when a new tag is available. It is on the roadmap but not supported in this release.
Artifact Cache only supports 1000 cache rules.
Next steps
- To enable Artifact Cache using the Azure portal advance to the next article: Enable Artifact Cache.
Feedback
Submit and view feedback for