设置未标记清单的保留策略Set a retention policy for untagged manifests

Azure 容器注册表为你提供了为没有任何关联标记(未标记清单)的存储映像清单设置保留策略的选项 。Azure Container Registry gives you the option to set a retention policy for stored image manifests that don't have any associated tags (untagged manifests). 启用保留策略后,注册表中的未标记清单会在设置的数天后自动删除。When a retention policy is enabled, untagged manifests in the registry are automatically deleted after a number of days you set. 此功能可防止注册表填满不需要的项目,并有助于节省存储成本。This feature prevents the registry from filling up with artifacts that aren't needed and helps you save on storage costs. 如果将未标记清单的 delete-enabled 属性设置为 false,则无法删除清单,并且保留策略不适用。If the delete-enabled attribute of an untagged manifest is set to false, the manifest can't be deleted, and the retention policy doesn't apply.

可以使用本地安装的 Azure CLI 来运行本文中的命令示例。You can use a local installation of the Azure CLI to run the command examples in this article. 如果想要在本地使用它,则需要使用 2.0.74 版或更高版本。If you'd like to use it locally, version 2.0.74 or later is required. 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

保留策略是高级容器注册表的一项功能。A retention policy is a feature of Premium container registries. 有关注册表服务层级的信息,请参阅 Azure 容器注册表服务层For information about registry service tiers, see Azure Container Registry service tiers.

重要

此功能目前以预览版提供,存在一些限制This feature is currently in preview, and some limitations apply. 需同意补充使用条款才可使用预览版。Previews are made available to you on the condition that you agree to the supplemental terms of use. 在正式版 (GA) 推出之前,此功能的某些方面可能会有所更改。Some aspects of this feature may change prior to general availability (GA).

警告

谨慎设置保留策略 - 删除的映像数据是无法恢复的。Set a retention policy with care--deleted image data is UNRECOVERABLE. 如果系统按清单摘要(而不是映像名称)拉取映像,则不应为未标记的清单设置保留策略。If you have systems that pull images by manifest digest (as opposed to image name), you should not set a retention policy for untagged manifests. 删除无标的记映像后,这些系统即无法从注册表拉取映像。Deleting untagged images will prevent those systems from pulling the images from your registry. 不按清单拉取,而是考虑采用建议的最佳做法,即唯一标记方案。Instead of pulling by manifest, consider adopting a unique tagging scheme, a recommended best practice.

预览版限制Preview limitations

  • 仅可以设置未标记清单的保留策略。You can only set a retention policy for untagged manifests.
  • 保留策略当前仅适用于启用策略后未标记的清单。The retention policy currently applies only to manifests that are untagged after the policy is enabled. 注册表中现有的未标记清单不受策略约束。Existing untagged manifests in the registry aren't subject to the policy. 要删除现有的未标记清单,请参阅删除 Azure 容器注册表中的容器映像中的示例。To delete existing untagged manifests, see examples in Delete container images in Azure Container Registry.

关于保留策略About the retention policy

Azure 容器注册表对注册表中的清单进行引用计数。Azure Container Registry does reference counting for manifests in the registry. 当未标记清单时,它将检查保留策略。When a manifest is untagged, it checks the retention policy. 如果启用了保留策略,则会根据策略中设置的天数,将清单删除操作排入队列,并带有特定日期。If a retention policy is enabled, a manifest delete operation is queued, with a specific date, according to the number of days set in the policy.

单独的队列管理作业会不断处理消息,根据需要进行缩放。A separate queue management job constantly processes messages, scaling as needed. 例如,假设你在保留策略为 30 天的注册表中未标记两个清单(相隔 1 小时)。As an example, suppose you untagged two manifests, 1 hour apart, in a registry with a retention policy of 30 days. 将两条消息排入队列。Two messages would be queued. 然后,30 天后,大约相隔 1 小时,将从队列中检索并处理消息,前提是策略仍然有效。Then, 30 days later, approximately 1 hour apart, the messages would be retrieved from the queue and processed, assuming the policy was still in effect.

设置保留策略 - CLISet a retention policy - CLI

下面的示例演示如何使用 Azure CLI 为注册表中未标记的清单设置保留策略。The following example shows you how to use the Azure CLI to set a retention policy for untagged manifests in a registry.

启用保留策略Enable a retention policy

默认情况下,容器注册表中不设置保留策略。By default, no retention policy is set in a container registry. 要设置或更新保留政策,请在 Azure CLI 中运行 az acr config retention update 命令。To set or update a retention policy, run the az acr config retention update command in the Azure CLI. 可以指定介于 0 和 365 之间的天数来保留未标记的清单。You can specify a number of days between 0 and 365 to retain the untagged manifests. 如果未指定天数,则该命令会将默认值设置为 7 天。If you don't specify a number of days, the command sets a default of 7 days. 保留期后,注册表中的所有未标记清单将自动删除。After the retention period, all untagged manifests in the registry are automatically deleted.

以下示例为注册表 myregistry 中未标记的清单设置 30 天的保留策略:The following example sets a retention policy of 30 days for untagged manifests in the registry myregistry:

az acr config retention update --registry myregistry --status enabled --days 30 --type UntaggedManifests

下面的示例设置一个策略,以便在未标记时立即删除注册表中的任何清单。The following example sets a policy to delete any manifest in the registry as soon as it's untagged. 通过设置 0 天的保留期来创建此策略。Create this policy by setting a retention period of 0 days.

az acr config retention update --registry myregistry --status enabled --days 0 --type UntaggedManifests

验证保留策略Validate a retention policy

如果启用保留期为 0 天的上述策略,则可以快速验证未标记的清单是否被删除:If you enable the preceding policy with a retention period of 0 days, you can quickly verify that untagged manifests are deleted:

  1. 将测试映像 hello-world:latest 映像推送到注册表,或替换所选的其他测试映像。Push a test image hello-world:latest image to your registry, or substitute another test image of your choice.

  2. 取消标记 hello-world:latest 映像,例如,使用 az acr repository untag 命令。Untag the hello-world:latest image, for example, using the az acr repository untag command. 未标记的清单将保留在注册表中。The untagged manifest remains in the registry.

    az acr repository untag --name myregistry --image hello-world:latest
    
  3. 在几秒钟内,未标记的清单将被删除。Within a few seconds, the untagged manifest is deleted. 可以通过在存储库中列出清单来验证删除,例如,使用 z acr repository show-manifests 命令。You can verify the deletion by listing manifests in the repository, for example, using the az acr repository show-manifests command. 如果测试映像是存储库中唯一的映像,则存储库本身将被删除。If the test image was the only one in the repository, the repository itself is deleted.

禁用保留策略Disable a retention policy

要查看注册表中设置的保留策略,请运行 az acr config retention show 命令:To see the retention policy set in a registry, run the az acr config retention show command:

az acr config retention show --registry myregistry

要禁用注册表中的保留策略,请运行 az acr config retention update 命令并设置 --status disabledTo disable a retention policy in a registry, run the az acr config retention update command and set --status disabled:

az acr config retention update --registry myregistry --status disabled --type UntaggedManifests

设置保留策略 - 门户Set a retention policy - portal

还可以在 Azure 门户中设置注册表的保留策略。You can also set a registry's retention policy in the Azure portal. 下面的示例演示如何使用门户为注册表中未标记的清单设置保留策略。The following example shows you how to use the portal to set a retention policy for untagged manifests in a registry.

启用保留策略Enable a retention policy

  1. 导航到 Azure 容器注册表。Navigate to your Azure container registry. 在“策略”下,选择“保留”(预览) 。Under Policies, select Retention (Preview).

  2. 在“状态”中,选择“启用” 。In Status, select Enabled.

  3. 选择介于 0 和 365 之间的天数来保留未标记的清单。Select a number of days between 0 and 365 to retain the untagged manifests. 选择“保存”。Select Save.

    在 Azure 门户中启用保留策略

禁用保留策略Disable a retention policy

  1. 导航到 Azure 容器注册表。Navigate to your Azure container registry. 在“策略”下,选择“保留”(预览) 。Under Policies, select Retention (Preview).
  2. 在“状态”中,选择“禁用” 。In Status, select Disabled. 选择“保存”。Select Save.

后续步骤Next steps