Configure ACR retention policies#
Cost Optimization · Container Registry · Preview · 2020_12
Use a retention policy to cleanup untagged manifests.
Description#
Retention policy is a configurable option of Premium Azure Container Registry (ACR). When a retention policy is configured, untagged manifests in the registry are automatically deleted. A manifest is untagged when a more recent image is pushed using the same tag. i.e. latest.
The retention policy (in days) can be set to 0-365. The default is 7 days.
To configure a retention policy, the container registry must be using a Premium SKU.
Recommendation#
Consider enabling a retention policy for untagged manifests.
Examples#
Configure with Azure template#
To deploy Container Registries that pass this rule:
- Set
properties.retentionPolicy.statustoenabled.
For example:
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2021-06-01-preview",
"name": "[parameters('registryName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Premium"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"adminUserEnabled": false,
"policies": {
"quarantinePolicy": {
"status": "enabled"
},
"trustPolicy": {
"status": "enabled",
"type": "Notary"
},
"retentionPolicy": {
"status": "enabled",
"days": 30
}
}
}
}
Configure with Bicep#
To deploy Container Registries that pass this rule:
- Set
properties.retentionPolicy.statustoenabled.
For example:
resource acr 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = {
name: registryName
location: location
sku: {
name: 'Premium'
}
identity: {
type: 'SystemAssigned'
}
properties: {
adminUserEnabled: false
policies: {
quarantinePolicy: {
status: 'enabled'
}
trustPolicy: {
status: 'enabled'
type: 'Notary'
}
retentionPolicy: {
status: 'enabled'
days: 30
}
}
}
}
Notes#
Retention policies for Azure Container Registry is currently in preview.
Links#
- Scalable storage
- Set a retention policy for untagged manifests
- Lock a container image in an Azure container registry
- Azure deployment reference