我在 Azure Devops 中有一个管道,它的任务是将 Docker 镜像推送到 Azure 容器注册表。我想知道是否有办法阻止此任务覆盖任何现有的 Docker 标签/图像。
最佳答案
By default, a tagged image in Azure Container Registry is mutable, so with appropriate permissions you can repeatedly update and push an image with the same tag to a registry. Container images can also be deleted as needed. This behavior is useful when you develop images and need to maintain a size for your registry.
However, when you deploy a container image to production, you might need an immutable container image. An immutable image is one that you can't accidentally delete or overwrite.
使用 Azure CLI,按标签锁定单个图像:
az acr repository update \
--name myregistry --image myrepo/myimage:tag \
--write-enabled false
您还可以锁定整个存储库:
az acr repository update \
--name myregistry --repository myrepo/myimage \
--write-enabled false
还有一个 --delete-enabled 参数来防止图像或存储库被删除(尽管它们仍然可以被覆盖。)
关于azure - 有没有办法防止覆盖 Azure 容器注册表中的现有标签/图像?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62539266/