Exploring the New Preview Features in Azure Container Registry
Azure is continually expanding with high profile new products, however features are also continually added to existing products, often initially with public previews. The Azure updates site can help us keep up to date with these, however it can be easy to forget to go back and revisit our deployed services to see how the new functionality could potentially save us money, increase resilience and improve our processes.
In this post we will take a quick look back at three of the most recent preview features of Azure Container Registry, along with some key highlights.
Before we get started it is worth noting that at the time of writing all these features are in preview, so may change or come with limitations. Therefore, I have provided links to official documentation which can give you the up to date information on each service.
Review of ACR
If you’re not familiar with Azure Container Registry (ACR), it primarily allows you to create your own registry to host container images. This is particularly useful when we need a private registry of custom images when using services such as Azure container Instances, Azure container apps or Azure Kubernetes Services.
In addition to storage of the image manifests the Azure container registry service offers many other features including the ability to both build and manage the container images, store helm charts, and configure web hooks. This is all backed by the same Azure permission model used throughout Azure.
Azure container registry comes in three tiers (SKUs); Basic Standard and Premium all of which offer different features.
One of the newest additions to the list of preview features is ACR caching, announced on the 1st of March 2023. During the preview this is available for all tiers of ACR.
As you may imagine caching primarily gives us performance benefits. The use of cached public or private images, means that when a container orchestrator requests an image it can be served from inside the Azure ecosystem. This means not only are the image pulls faster, but they can be more reliable as some external services limit anonymous pulls.
To configure this feature, caching rules can be set on one or more upstream registries from a range of providers at an image tag level. Some providers can be configured in the portal, while a larger selection can be configured by the Azure CLI.
Microsoft learn has a great 6-part guide on using this container registry cache. Personally I can see great benefit in this feature and hope to add it to my projects soon.
Earlier in the year I wrote about maximising data protection by enabling soft delete across a range of Azure services along with the benefits of this feature.
In September last year Azure container registry was added to the list of services that now supports soft delete. This feature is available on all tiers of Azure container registry and is configured under the properties tab of your ACR, or through the Azure CLI.
As with the other Azure services this gives you a chance to undo a deletion for a period of time. Once the retention period has expired the image manifest will be permanently deleted and you will no longer be charged for its storage. By default, the retention period is 7 days, however this is configurable between one and ninety days.
There are a few limitations and considerations while this is in preview, so I encourage you to read the official documentation.
When we push an updated image to our ACR that shares a tag with a previous image manifest, the previous image manifest may be left with no tags. This is common when following the tagging images best practice.
Images without tags can remain in the registry, though are not accessible by name. These take up space and in turn add to our costs. This premium feature allows us to set a retention policy permanently deleting the untagged images. Configuring the retention policy is built directly into the Azure Portal UI but is also available via the Azure CLI. For more details see the MS Learn article on this feature.
It’s worth noting something not covered by this feature is the ability to remove image manifests based on a tag pattern. We can however still do this using a combination of ACR tasks and the purge feature, though this is only configurable via the Azure CLI.
There have been some great recent addition to the Azure Container Registry (ACR). This post covered some of the latest preview features and highlights their key benefits. We looked at three features: ACR caching, soft delete and retention policies to remove untagged images. Hopefully you have found this post useful and it has given you some ideas on how to improve your use of Azure Container Registry.