New Azure Container Registry SKUs
We recently released a preview of new Azure Container Registry SKUs, along with an overview on Channel 9 Video with Seth Juarez.
One question that's come up; what are the differences in the SKUs.
In March we released General Availability for the standard registry features including:
- Authentication with a single Admin Account
- Authenticate with a Service Principal for service to service authentication; such as your Kubernetes cluster or Build System
- CLI Commands including Docker Login, Push, Pull
This enabled the most common scenarios, and provided a GA product as we heard customers needed a private registry, network-close to their deployments that wasn't in preview.
The March GA release placed the storage of the registry in the customers subscription. This was an Azure implementation of the Open Source Docker Registry. Since March, we've seen a number of customers experiencing problems as they accidentally delete the storage account backing their registry. Or they dig into the storage account attempting deleted images and/or tags; which in many cases have caused corruption and support calls.
Pricing was deferred to Azure Storage and associated networking fees. From an SLA perspective, ACR had no means to provide an SLA for the registry service itself as an SLA provides financial recourse for outages.
Addition of the Basic, Standard and Premium SKUs
Customers have been asking for features such as deletes, web hooks, easier login model as Service Principals can be difficult to create and maintain and global scale capabilities. As we considered the additional features in our backlog, we found many would benefit from managing the storage of the registry on behalf of the customer.
Managed Storage
As we looked at additional features like deletes, Webhooks, multi-arch manifest management and a few other features coming, having tighter integration with the storage of the images became core to our efforts. We have additional features like caching the common images from DockerHub across all registries within a region. When you push your first image, you'll find the common layers will already exist. This minimizes the storage for each subscription, passing savings to you and improves the overall performance as there's just less to manage.
For Deletes., two repos in the same registry may share a common set of layers. Attempting to delete one repo requires ref counting to know when to delete the common layers. This indexing is something we've added on top of the OSS docker registry and takes advantage of the internal storage.
To provide these capabilities, the new SKUs manage the storage of the images behind each container registry. ACR stores them with Storage Service Encryption enabled, so all images are safely secured at rest as well as in-transit. Only the common DockerHub layers will be shared across registries (in the near future), so their's not potential for leaking layer information across customers. We do take the security of our customers image layers a top priority.
Pricing
Basic
Intended as the developers sandbox, basic has all the features a developer would need to interact with, including Individual Identity, Webhooks and Deletes. As we provide multi-arch manifest editing, layer caching, etc, the developer will be able to design their solution against these features. Basic is limited on the amount of usage and scale.
Standard
Intended for the most common deployments with several hosts pulling images, continuous build and integration solutions pushing images. Here you'll see larger throttle and storage limits and geo-redundant storage assuring your production data is backed up across two regions.
Premium
Intended for the larger, more complex deployment. Premium includes higher throttle limits, but will also include more complex features for managing registries across the globe. More will be coming here as we complete the next round of feature work, so stay tuned. As of this post, Premium is differentiated with higher throttle limits and storage.
| Classic | Basic | Standard | Premium | |
|---|---|---|---|---|
| Azure AD Individual Access Control | N/A | Yes | Yes | Yes |
| Repo/Tag Delete | N/A | Yes | Yes | Yes |
| Web Hooks | N/A | 2 | 10 | 100 |
| Available Storage (GB) | See Azure Storage | 10 | 100 | 500 |
| Encryption at Rest & In Transit | See Azure Storage | Yes | Yes | Yes |
| Geo Redundant Storage | See Azure Storage | N/A | Yes | Yes |
| Global Scale Features* | N/A | N/A | N/A | Yes |
| Price / Month | See Azure Storage | $5 | $20 | $50 |
During the Preview Period, Basic, Standard and Premium are discounted 50%. The pricing page reflects the discounted rate.
Tell us what you think
I'll of course monitor here for your comments, but you can also find us at:
Questions/Comments: Stack Overflow with the ACR tag stackoverflow.com/questions/tagged/azure-container-registry
Bugs/Issues: GitHub: github.com/azure/acr/issues
Thanks,
Steve and the Azure Container Registry team
Comments
- Anonymous
July 26, 2017
Many thanks for writing a very clear article on the differences between the different ACR SKUs.Is the information on Repository deleting correct?az acr repository delete -n myRegistry --repository my-nginxDelete is not supported for registries in Basic SKU.- Anonymous
July 26, 2017
Hi Nick,Thanks for the feedback and that it helped. Can you tell me where your seeing repository delete suggest it's not supported in Basic? Note that I'm differentiating the SKU that we've been shipping since March as "Classic".- Anonymous
September 23, 2017
+1 for me. when i issue command, i get error "Delete is not supported for registries in Basic SKU."az acr repository delete -n registryName --repository repoName- Anonymous
September 24, 2017
I'm curious why you're seeing this. I just created a basic registry, pushed than delete. You might try updating your CLIhttps://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latestIf you're using Windows w/MSI:https://aka.ms/InstallAzureCliWindowsIf you could also tell me the region you're in. If you're still having trouble, please ping us at acr-feedback at microsoft dot comsteve- Anonymous
October 13, 2017
I'm also receiving “Delete is not supported for registries in Basic SKU.”Region: East USSubscription: MSDN developer subscriptionI've tried updating my registry SKU with the following command as listed here: https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az_acr_updateaz acr update --name myRepository --sku Managed_Basic, but this results in the following message:"Updating SKU is not supported for registries in Basic SKU. The specified SKU will be ignored."- Anonymous
October 13, 2017
Hi F P, Can you contact us at acr-feedback@microsoft.com to dig deeper into the problem you're having? Please provide the registry URL so we can look into the problem.Thanks,Steve
- Anonymous
- Anonymous
- Anonymous
- Anonymous
- Anonymous