New Azure Container Registry SKUs


We recently released a preview of new Azure Container Registry SKUs, along with an overview on Channel 9 Video with Seth Juarez.

One question that's come up; what are the differences in the SKUs.

In March we released General Availability for the standard registry features including:

  • Authentication with a single Admin Account
  • Authenticate with a Service Principal for service to service authentication; such as your Kubernetes cluster or Build System
  • CLI Commands including Docker Login, Push, Pull

This enabled the most common scenarios, and provided a GA product as we heard customers needed a private registry, network-close to their deployments that wasn't in preview.

The March GA release placed the storage of the registry in the customers subscription. This was an Azure implementation of the Open Source Docker Registry.  Since March, we've seen a number of customers experiencing problems as they accidentally delete the storage account backing their registry. Or they dig into the storage account attempting deleted images and/or tags; which in many cases have caused corruption and support calls.

Pricing was deferred to Azure Storage and associated networking fees.  From an SLA perspective, ACR had no means to provide an SLA for the registry service itself as an SLA provides financial recourse for outages.

Addition of the Basic, Standard and Premium SKUs

Customers have been asking for features such as deletes, web hooks, easier login model as Service Principals can be difficult to create and maintain and global scale capabilities. As we considered the additional features in our backlog, we found many would benefit from managing the storage of the registry on behalf of the customer.

Managed Storage

As we looked at additional features like deletes, Webhooks, multi-arch manifest management and a few other features coming, having tighter integration with the storage of the images became core to our efforts. We have additional features like caching the common images from DockerHub across all registries within a region. When you push your first image, you'll find the common layers will already exist. This minimizes the storage for each subscription, passing savings to you and improves the overall performance as there's just less to manage.

For Deletes., two repos in the same registry may share a common set of layers. Attempting to delete one repo requires ref counting to know when to delete the common layers. This indexing is something we've added on top of the OSS docker registry and takes advantage of the internal storage.

To provide these capabilities, the new SKUs manage the storage of the images behind each container registry. ACR stores them with Storage Service Encryption enabled, so all images are safely secured at rest as well as in-transit. Only the common DockerHub layers will be shared across registries (in the near future), so their's not potential for leaking layer information across customers. We do take the security of our customers image layers a top priority.

Pricing

Basic

Intended as the developers sandbox, basic has all the features a developer would need to interact with, including Individual Identity, Webhooks and Deletes. As we provide multi-arch manifest editing, layer caching, etc, the developer will be able to design their solution against these features. Basic is limited on the amount of usage and scale.

Standard

Intended for the most common deployments with several hosts pulling images, continuous build and integration solutions pushing images. Here you'll see larger throttle and storage limits and geo-redundant storage assuring your production data is backed up across two regions.

Premium

Intended for the larger, more complex deployment. Premium includes higher throttle limits, but will also include more complex features for managing registries across the globe. More will be coming here as we complete the next round of feature work, so stay tuned. As of this post, Premium is differentiated with higher throttle limits and storage.

Classic Basic Standard Premium
Azure AD Individual Access Control N/A Yes Yes Yes
Repo/Tag Delete N/A Yes Yes Yes
Web Hooks N/A 2 10 100
Available Storage (GB) See Azure Storage 10 100 500
Encryption at Rest & In Transit See Azure Storage Yes Yes Yes
Geo Redundant Storage See Azure Storage N/A Yes Yes
Global Scale Features* N/A N/A N/A Yes
Price / Month See Azure Storage $5 $20 $50

During the Preview Period, Basic, Standard and Premium are discounted 50%. The pricing page reflects the discounted rate.

Tell us what you think

I'll of course monitor here for your comments, but you can also find us at:

Questions/Comments: Stack Overflow with the ACR tag stackoverflow.com/questions/tagged/azure-container-registry

Bugs/Issues: GitHub: github.com/azure/acr/issues

 

Thanks,

Steve and the Azure Container Registry team

Comments (6)

  1. Nick Howden says:

    Many thanks for writing a very clear article on the differences between the different ACR SKUs.

    Is the information on Repository deleting correct?
    az acr repository delete -n myRegistry –repository my-nginx
    Delete is not supported for registries in Basic SKU.

    1. Steve Lasker says:

      Hi Nick,
      Thanks for the feedback and that it helped.
      Can you tell me where your seeing repository delete suggest it’s not supported in Basic? Note that I’m differentiating the SKU that we’ve been shipping since March as “Classic”.

      1. CHAN, Chi Hang says:

        +1 for me. when i issue command, i get error “Delete is not supported for registries in Basic SKU.”
        az acr repository delete -n registryName –repository repoName

        1. Steve Lasker says:

          I’m curious why you’re seeing this. I just created a basic registry, pushed than delete.
          You might try updating your CLI
          https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
          If you’re using Windows w/MSI:
          https://aka.ms/InstallAzureCliWindows

          If you could also tell me the region you’re in. If you’re still having trouble, please ping us at acr-feedback at microsoft dot com

          steve

          1. F P says:

            I’m also receiving “Delete is not supported for registries in Basic SKU.”
            Region: East US
            Subscription: MSDN developer subscription
            I’ve tried updating my registry SKU with the following command as listed here: https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az_acr_update
            az acr update –name myRepository –sku Managed_Basic, but this results in the following message:
            “Updating SKU is not supported for registries in Basic SKU. The specified SKU will be ignored.”

          2. Steve Lasker says:

            Hi F P,
            Can you contact us at acr-feedback@microsoft.com to dig deeper into the problem you’re having?
            Please provide the registry URL so we can look into the problem.
            Thanks,
            Steve

Skip to main content