Azure 容器注册表中的容器映像存储Container image storage in Azure Container Registry

每个基本、标准和高级 Azure 容器注册表均受益于高级 Azure 存储功能,如静态加密(以确保映像数据安全)和地域冗余(以实现映像数据保护)。Every Basic, Standard, and Premium Azure container registry benefits from advanced Azure storage features like encryption-at-rest for image data security and geo-redundancy for image data protection. 以下部分介绍 Azure 容器注册表 (ACR) 中映射存储的功能和限制。The following sections describe both the features and limits of image storage in Azure Container Registry (ACR).

静态加密Encryption-at-rest

注册表中的所有容器映像均已进行静态加密。All container images in your registry are encrypted at rest. Azure 在存储映像之前自动对其进行加密,当应用程序和服务请求映像时即时对其进行解密。Azure automatically encrypts an image before storing it, and decrypts it on-the-fly when you or your applications and services pull the image. (可选)使用客户管理的密钥应用附加的加密层。Optionally apply an additional encryption layer with a customer-managed key.

异地冗余存储Geo-redundant storage

Azure 使用异地冗余存储方案来防止容器映像丢失。Azure uses a geo-redundant storage scheme to guard against loss of your container images. Azure 容器注册表会自动将容器映像复制到多个地理位置相距遥远的数据中心,以防止其在区域存储失败时丢失。Azure Container Registry automatically replicates your container images to multiple geographically distant data centers, preventing their loss in the event of a regional storage failure.

异地复制Geo-replication

对于需要更高可用性保证的方案,请考虑使用高级注册表的异地复制功能。For scenarios requiring even more high-availability assurance, consider using the geo-replication feature of Premium registries. 异地复制可帮助在全部区域失败(而不仅仅是一个存储失败)时,防止丢失对注册表的访问权限。Geo-replication helps guard against losing access to your registry in the event of a total regional failure, not just a storage failure. 异地复制还提供了其他好处,如临近网络映像存储,以便在分布式开发或部署方案中实现更快地推送和拉取。Geo-replication provides other benefits, too, like network-close image storage for faster pushes and pulls in distributed development or deployment scenarios.

可缩放存储Scalable storage

Azure 容器注册表允许你根据需要创建任意数量的存储库、映像、层或标记,直到达到注册表存储限制为止。Azure Container Registry allows you to create as many repositories, images, layers, or tags as you need, up to the registry storage limit.

大量的存储库和标记可能会影响注册表的性能。Very high numbers of repositories and tags can impact the performance of your registry. 按照注册表维护例程定期删除不使用的存储库、标记和映像,并有选择地为未标记的清单设置保留策略Periodically delete unused repositories, tags, and images as part of your registry maintenance routine, and optionally set a retention policy for untagged manifests. 已删除的注册表资源(如存储库、映像和标记)在删除后无法恢复。Deleted registry resources such as repositories, images, and tags cannot be recovered after deletion. 有关删除注册表资源的详细信息,请参阅删除 Azure 容器注册表中的容器映像For more information about deleting registry resources, see Delete container images in Azure Container Registry.

存储成本Storage cost

有关定价的完整详细信息,请参阅 Azure 容器注册表定价For full details about pricing, see Azure Container Registry pricing.

后续步骤Next steps

有关基本、标准和高级容器注册表的详细信息,请参阅 Azure 容器注册表服务层级For more information about Basic, Standard, and Premium container registries, see Azure Container Registry service tiers.