Azure Container Registry
Have feedback for the Azure Container Registry? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the Azure Container Registry team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow
-
ACR log changes to "write-enabled"
We would like to log changes to the "write-enabled" property of an image in ACR. Currently this doesn't seem to be covered in Alerts or audit logs as per this documentation: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-diagnostics-audit-logs
3 votes -
Separate permission for write-enabled property
We would like to allow our users to push and pull images, but not to remove the "write-enabled false" flag on existing images. Currently there doesn't seem to be a permission specifically for that.
3 votes -
Frontend for ACR
It would be great if there was a frontend for ACR, similar to Dockerhub where users could easily see the supported tags and some description for the image they are downloading
1 vote -
Monitoring network traffic for pull/push operation
Currently, we can monitor pull/push counts by Azure Monitor.
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftcontainerregistryregistriesOtherwise, we need to check the status of network traffic for investigating slow operation.
(Azurespeed is viable for checking current status, but not suitable for trend/history)2 votes -
it would be nice to be able to apply a wildcard to a repository scope-map, eg dev/*
it would be nice to be able to apply a wildcard to a repository scope-map, eg dev/*
1 vote -
ACR - Remove flat fee pricing and use 1 SKU only with 100% usage based pricing
Azure is suffering from a really bad pricing system for ACR that hurts students and others exploring the Azure platform without production-grade budgets, Such as ACR costing 50$ PER MONTH for just the ability to use your own domain name instead of Azure's. That is ridiculous. Why even a flat fee? Competitors like GCP offer 100% usage based Container Registries quote: "only charges for the Cloud Storage and network egress consumed by your Docker images"
Other features like Scopes and tokens are also only available to the premium SKUs.
Why is this a thing and when will Azure step up…
1 vote -
Selective purge limits on repository namespaces
Your best practices suggest leveraging multiple namespaces which is a good idea. But different namespaces may require different purge limits.
1 vote -
Increase IP range limit in ACR whitelisting
I would like to increase this limit because I am trying to add 200 IP ranges that belongs to Azure Cloud West Europe in order for my Azure Pipelines be able to push to ACR. These IPs belongs to Microsoft, not my company and I would like to have a feature to facilitate the security between Azure DevOps and ACR OR an increase in the range. Talking to microsoft support the alternative was to have self hosted agents which is not a good idea for us at the moment since we are starting with Azure DevOps and also we don't…
3 votes -
--untagged command does not indicate to delete matchings manifests
When using the acr purge command, adding '--untagged' does not tell the purge to delete images that match the filtered tag. It only tells the purge command to delete images that no longer are tagged.
I'm trying to purge images by tag, but some images have multiple tags. Adding the --untagged command doesn't help me at all. Instead only the matching tags are removed from the images.1 vote -
Output file from build
I want to be able to output the test results from dotnet test to azure pipelines using acr build.
Today we use docker create ... && docker cp ... && docker rm ... but this is no longer possible for us since aks 1.19 does not support docker.
We are looking at acr to be our build tool but are unable to nicely access the TestResults folder.
Docker has a --target and --output flag where you could wrap the test files in a scratch image and output to the system.Using the attached dockerfile and "DOCKER_BUILDKIT=1 docker build --target test-out…
1 vote -
Output file from build
I want to be able to output the test results from dotnet test to azure pipelines using acr build.
Today we use docker create ... && docker cp ... && docker rm ... but this is no longer possible for us since aks 1.19 does not support docker.
We are looking at acr to be our build tool but are unable to nicely access the TestResults folder.
Docker has a --target and --output flag where you could wrap the test files in a scratch image and output to the system.Using the attached dockerfile and "DOCKER_BUILDKIT=1 docker build --target test-out…
1 vote -
Tool gated import workflows
As described here in this OCI Blog, Consuming Public Content (https://opencontainers.org/posts/blog/2020-10-30-consuming-public-content/), a gated import workflow enables a host of reliability, stability and security scenarios by importing and maintaining public content in your private registry.
Once imported, you can use:
- Customer Managed Keys: https://aka.ms/acr/cmk
- Private Link (VNet): https://aka.ms/acr/privatelink
- Geo-replication: https://aka.ms/acr/geo-replication
- Audit logs: https://aka.ms/acr/audit-logs
- Dedicated data endpoints: http://aka.ms/acr/dedicated-data-endpoints
- ...We have provided the raw capabilities through the az cli: https://aka.ms/acr/tasks/gated-import
Voting here is for tooling the gated-import workflow through an az-cli, vs-code or Azure portal.
Comments are very helpful here
1 vote -
ACR - Purge using Semantic Version
Create az acr CLI or Azure Portal for active purge images using Semantic Version. One time I need to maintain the last Major version ou medium and the last 3 version of after version. The another versions can I purge.
1 vote -
Add Windows image compatibility in scanning for vulnerabilities
For now, only Linux images are scanned for vulnerabilities when pushed in ACR. The Windows images are not scanned. It would be a great improvement to have such capability.
1 vote -
with safari
pipe embed
1 vote -
Allow wildcard in scopemap repository/namespace configuration
At present scopemap configurations are at a repository level. It would be very helpful to allow configuration at namespace/repository level with the support of wildcards.
For example
/org/dept1/repo1
/org/dept1/repo2
/org/dept2/repo1
/org/dept2/subdep1/repo1So if I want to create a token for pulling all images in /org/dept2/ and its sub paths , allowing configuration like /org/dept2/* in scopemap would make it extremely easy rather than going and adding each repo manually in the scope map.
13 votes -
ACR login with podman
Tracking feature request: https://github.com/Azure/azure-cli/issues/14768
Describe the bug
az acr login --name registry
You may want to use 'az acr login -n registry --expose-token' to get an access token, which does not require Docker to be installed.
An error occurred: DOCKERCOMMANDERROR
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msgTo Reproduce
install: podman, podman-docker emulator for CLIExpected behavior
az acr login to workEnvironment summary
RHEL8. Rhel8 does not have docker anymore.
If you do dnf install docker it will install podman and podman-docker for CLI backwards compatibility.Additional context
With growing podman addition would be…13 votes -
ACR - Creation wizard should not fail when using CMK from Keyvault with firewall enabled
During the creating wizard for ACR the deployment will fail if the encryption key specified exists in a keyvault which has the network firewall enabled.
To complete the deployment you must initially use a key from a keyvault with no firewall enabled. Enable a system identity then grant this access to the keyvault with the firewall enabled. Then change the key from the temporary key vault to the keyvault with network firewall as a workaround.1 vote -
Enable anonymous read access for docker v2 api (metadata)
We are providing an ACR to our customers with anonymous AcrPull rights but currently the customer cannot get a tag listing.
When running
Invoke-Webrequest -Uri 'https://<myregistry>.azurecr.io/v2/_catalog'
without any auth, the result is always:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required, visit https://aka.ms/acr/authorization for more information.","detail":[{"Type":"registry","Name":"catalog","Action":"*"}]}]}It would be great if there were an option for anonymous metadata access to support public listing.
20 votes -
Add a Powershell cmdlet to get ACR image list and their sizes
Since ACR is billed by size of images pushed, I'd like a way to programmatically check the capacity I'm using at any time
Give us some cmdlet like
Get-AzContainerRegistryImages resulting in array of acrimage details (created, last updated, ... and MOST IMPORTANT SIZE TAKEN IN ACR)
so that I can do my computation and filtering with where-object / select-object
az cli has some commands
az acr repository list and show
but not giving size and then I don't like it beacuse it's not programmable like powershellThanks
2 votes
- Don't see your idea?