ACR Tags are overwriting

Question

I am trying to push docker images in Azure Container Registry (ACR). When I push an image with a tag, and next time another modified image with the same tag, I lost access to the previous image.

Is there any way to manage the old images with same tag in ACR?

---

When I tried to push a Docker Image in ACR with tag v1.0 it was pushed successfully. After that I made some changes in Docker image and again pushed it on ACR with tag v1.0.

This overwrites my previous image from ACR.

However, in Amazon Web Services (AWS) ECR service, the old images are kept but with null tags. Is there any way in Azure to keep old images as in AWS?

Answer 1

In Azure Container Registry, if you push an image with the same tag as an existing one, the tag will point to the new image, and the old one will not be accessible through that tag anymore. Tags in Docker are mutable, which means when you push a new image with the same tag, the tag is moved from the old image to the new image.

However, the old image layers still exist in the ACR, and you can access them using their digest (a unique identifier for an image). Azure does not automatically untag the old image as AWS ECR does, where it assigns a null tag, but the old image remains accessible if you know the digest. Example-

Here it shows two tags (latest and v1) which appear to point to the same manifest based on their identical digests.

To manage old images when pushing new ones with the same tag, you should:

1. Use Unique Tags: Tag images with unique values each time you push, such as appending the build number, commit hash, or timestamp to the tag.

2. Reference by Digest: Even after an image is overwritten by a new tag, you can pull the old image if you know its digest. References:

• Deploying containers in Azure - Azure Container Registry
• Automatically purge images from an Azure container registry
• Delete container images in Azure Container Registry - Automatically purge tags and manifests