Azure Container Registry user overview
You can use Azure Container Registry on Azure Stack Hub to store and manage container images and artifacts. With Azure Container Registry on Azure Stack Hub, you can create and manage container registries by using the Azure Stack Hub user portal or by using commands in PowerShell, Azure CLI, and the Docker CLI.
Azure Container Registry on Azure Stack Hub allows users to store and retrieve OCI images, assign role-based access control (RBAC) permissions, and create webhooks.
Features of Azure Container Registry on Azure Stack Hub
The following table shows Azure Stack Hub support for Azure Container Registry compared to Azure Container Registry on Azure:
| Feature | Azure Container Registry in Azure | Azure Container Registry in Azure Stack Hub |
|---|---|---|
| Portal | Yes | Yes |
| Multi-tenant hosted service | Yes | Yes |
| Docker registry | Yes | Yes |
| Helm support | Yes | Yes |
| OCI support | Yes | Yes |
| Identity and access management | Microsoft Entra ID | Microsoft Entra / AD FS |
| RBAC | Registry | Registry |
| Remote repository (mirror) | No | No |
| OSS vulnerability scanning | Yes | No |
| Retention | Yes | No |
| Content trust | Yes | No |
| Replication | Yes | No |
| Webhooks | Yes | Yes |
| Private networks | Yes | No |
Azure Container Registry on Azure and Azure Container Registry on Azure Stack Hub
The following table shows Azure Stack Hub key differences for Azure Container Registry compared to Azure Container Registry on Azure:
| Aspect | Container Registry on Azure | Container Registry and Azure Stack Hub |
|---|---|---|
| Service tiers (SKUs) | Registry service tiers and features - Azure Container Registry | By default, a single service tier (SKU) is available to create on Azure Stack Hub with a maximum of 100 GB of storage and 10 webhooks. Azure Stack Hub operators can lower that storage limit based on needs. |
| Login server | <registry-name>.azurecr.io(All lower case) |
<registry-name>.azsacr.<regionname>.<fqdn> (All lower case) Example: myregistry.azsacr.azurestack.contoso.com |
Service tier features and limits
The following table shows the features and registry limits of the Azure Stack Hub service tier:
| Resource | Azure Stack Hub |
|---|---|
| Included storage1 (GB) | 100 |
| Storage limit2 (GB) | 100 |
| Maximum image layer size (GB) | 100 |
| ReadOps per minute3, 4 | N/A |
| WriteOps per minute3, 5 | N/A |
| Download bandwidth3 (MBPS) | N/A |
| Upload bandwidth3 (MBPS) | N/A |
| Webhooks | 10 |
| Geo-replication | N/A |
| Availability zones | N/A |
| Content trust | N/A |
| Private link with private endpoints | N/A |
| - Private endpoints | N/A |
| Public IP network rules | N/A |
| Service endpoint VNet access | N/A |
| Customer-managed keys | N/A |
| Repository-scoped permissions | N/A |
| - Tokens | N/A |
| - Scope maps | N/A |
| - Repositories per scope map | N/A |
1 Storage included in the rate for each tier.
2 Maximum storage allowed for a registry. Operators can offer less storage through quotas.
3 ReadOps, WriteOps, and Bandwidth vary based on Azure Stack Hub configuration and user workloads.
4 docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.
5 docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.
Supported commands
A subset of CLI and PowerShell commands are supported for Azure Container Registry on Azure Stack Hub. The full list is available here: Supported Commands.