Azure Container Registry
Have feedback for the Azure Container Registry? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the Azure Container Registry team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow
-
Configure permissions at a repository level
Allow individualized access to various repositories within a registry. Enable setting Reader, Contributor or Owner access levels at the repository level.
121 votesrepo permissions have begun. We don’t yet have an ETA for preview use, but voting for this feature means you’ll get an invite once we’re ready for some customer validations.
-
ACR- Auto Purge
As registries are filled with automated image builds, they wind up filling with layers that never get used. Auto-purge will track image usage and move unused layers to a recycle bin, allowing subsequent purging. The feature will be configured and managed, with reasonable defaults, assuring you'll never lose anything you really wanted to keep.
107 votesWe’ve started the Auto-Purge work, with this current design: https://github.com/AzureCR/specs/tree/master/auto-purge
Please provide feedback here: https://github.com/AzureCR/specs/issues/1
-
66 votes
To get integration stated, we’ve added links to Aqua and Twistlock from overview within a configured registry.
Over time, we’ll provide a more integrated experience, where ACR has vulnerability scanning integrated into the image listing. -
Expose ACR Audit logs to enduser
Please expose ACR Audit logs to endusers so that they can see a trail of who downloaded/ pushed images to a registry.
30 votesWe’ve started the design, and would welcome any additional feedback.
Steve
-
Make Service Principals Easier To Configure for Headless Scenarios
az acr login enables individual identity when working locally. However, headless scenarios like Continuous Build and Deployment solutions need authentication, that isn't tied to a person. Azure Active Directory provides Service Principals for just this scenario. However, Service Principals are difficult to configure and manage. ACR would make it easier to configure and manage service principals.
26 votesBased on all the great feedback, we’re adding token based authentication to the repo-based permissions capability. Customers can configure time based tokens, for access to specific repos, with RBAC.
We don’t have an ETA yet, but we expect to be in preview by this summer. -
Private Helm repository has no interface in portal
While using ACR for our private helm repository I realized there is no interface in the portal for working with/ viewing helm charts. It would be nice if I could at least see the results of
helm search {acrname}in the portal somehow.16 votesWe love this feature, but wanted to support more than just Helm. We’ve been working with the OCI working group to define registry artifacts, which enable a registry to store lots of things, from Helm Charts, CNAB, to other things we don’t yet know of.
For some of the experience, see: https://github.com/stevelasker/registryArtifactTypes/
We’ll also enable this in our az acr repository list CLI.
Steve -
Provide Usage Telemetry of Image Usage within the Azure Portal
Which images are being pulled the most. What are the image sizes. Who's pulling images, and where are they deployed?
16 votesWe’ve started the design, and would welcome any additional feedback.
Steve
-
helm
The helm repo is a great idea but is not working as intended.
After adding a the repo to helm (az acr helm repo add) and executing helm search <repo>this is the result:
No results found
If I execute "az acr helm list" I can see the helm chart. Also in the portal there is no visual of the charts.
10 votesWe’ve started some work in Helm 3 to enable cleaner integration with Helm and Registries. https://github.com/helm/community/pull/55
This work is underway, within the OCI image and distribution sepcs, and Helm 3 repository work.Thanks for the push.
Steve -
Environment segregation for Helm charts within one ACR
Ability to split Helm charts into groups eg. for dev/staging/prod environments. Similar to how with Docker images and ACR separate repositories can be created. It's necessary for us as we need to be sure that a staging chart cannot be used in production etc. And we'd also like to be able to tag a helm chart (eg. latest) like with docker images.
1 voteThis will happen as part of the Registry Artifacts work and Helm 3 repositories work.
Thanks for the push.
- Don't see your idea?