How to delete images from a private docker registry

Question

I run a private docker registry  and I want to delete all images but the latest from a repository  I don t want to delete the entire repository  just some of the images inside it  The API docs don t mention a way to do this  but surely it s possible

User · Answer

This docker image includes a bash script that can be used to remove images from a remote v2 registry    https   hub docker com r vidarl remove image from registry

User · Answer

There is also a way you can remove some old images from repository just based on the date when it was created  To do that enter your docker registry container and get the list of manifest s revisions for some specific repository  ls -latr  var lib registry docker registry v2 repositories YOUR REPO  manifests revisions sha256   The output then may be used within the request  with sha256 prefix   curl -v --silent -H  quot Accept  application vnd docker distribution manifest v2 json quot  -X DELETE http   DOCKER REGISTRY HOST 5000 v2 YOUR REPO manifests sha256 OUTPUT LINE  And of course do not forget to execute  garbage-collect  command after that  bin registry garbage-collect  etc docker registry config yml

User · Answer

Currently you cannot use the Registry API for that task  It only allows you to delete a repository or a specific tag   In general  deleting a repository means  that all the tags associated to this repo are deleted   Deleting a tag means  that the association between an image and a tag is deleted   None of the above will delete a single image  They are left on your disk     Workaround  For this workaround you need to have your docker images stored locally   A workaround for your solution would be to delete all but the latest tags and thereby potentially removing the reference to the associated images  Then you can run this script to remove all images  that are not referenced by any tag or the ancestry of any used image   Terminology  images and tags   Consider an image graph like this where the capital letters  A  B       represent short image IDs and  lt - means that an image is based on another image    A  lt - B  lt - C  lt - D   Now we add tags to the picture    A  lt - B  lt - C  lt - D                                    lt version2 gt              lt version1 gt    Here  the tag  lt version1 gt  references the image C and the tag  lt version2 gt  references the image D   Refining your question  In your question you said that you wanted to remove      all images but the latest     Now  this terminology is not quite correct  You ve mixed images and tags  Looking at the graph I think you would agree that the tag  lt version2 gt  represents the latest version  In fact  according to this question you can have a tag that represents the latest version    A  lt - B  lt - C  lt - D                                    lt version2 gt                   lt latest gt              lt version1 gt    Since the  lt latest gt  tag references image D I ask you  do you really want to delete all but image D  Probably not   What happens if you delete a tag   If you delete the tag  lt version1 gt  using the Docker REST API you will get this    A  lt - B  lt - C  lt - D                                    lt version2 gt                   lt latest gt    Remember  Docker will never delete an image  Even if it did  in this case it cannot delete an image  since the image C is part of the ancestry for the image D which is tagged   Even if you use this script  no image will be deleted   When an image can be deleted  Under the condition that you can control when somebody can pull or push to your registry  e g  by disabling the REST interface   You can delete an image from an image graph if no other image is based on it and no tag refers to it    Notice that in the following graph  the image D is not based on C but on B  Therefore  D doesn t depend on C  If you delete tag  lt version1 gt  in this graph  the image C will not be used by any image and this script can remove it    A  lt - B  lt --------- D                                          lt version2 gt                      lt latest gt              lt - C                                lt version1 gt    After the cleanup your image graph looks like this    A  lt - B  lt - D                          lt version2 gt              lt latest gt    Is this what you want

User · Answer

I ve faced same problem with my registry then i tried the solution listed below from a blog page  It works    Step 1  Listing catalogs  You can list your catalogs by calling this url   http   YourPrivateRegistyIP 5000 v2  catalog   Response will be in the following format        repositories          lt name gt                   Step 2  Listing tags for related catalog  You can list tags of your catalog by calling this url   http   YourPrivateRegistyIP 5000 v2  lt name gt  tags list   Response will be in the following format      name    lt name gt    tags          lt tag gt                  Step 3  List manifest value for related tag  You can run this command in docker registry container   curl -v --silent -H  Accept  application vnd docker distribution manifest v2 json  -X GET http   localhost 5000 v2  lt name gt  manifests  lt tag gt  2 gt  amp 1   grep Docker-Content-Digest   awk   print   3      Response will be in the following format   sha256 6de813fb93debd551ea6781e90b02f1f93efab9d882a6cd06bbd96a07188b073   Run the command given below with manifest value   curl -v --silent -H  Accept  application vnd docker distribution manifest v2 json  -X DELETE http   127 0 0 1 5000 v2  lt name gt  manifests sha256 6de813fb93debd551ea6781e90b02f1f93efab9d882a6cd06bbd96a07188b073   Step 4  Delete marked manifests  Run this command in your docker registy container   bin registry garbage-collect   etc docker registry config yml     Here is my config yml  root c695814325f4  etc  cat  etc docker registry config yml version  0 1 log    fields    service  registry storage      cache          blobdescriptor  inmemory     filesystem          rootdirectory   var lib registry     delete          enabled  true http      addr   5000     headers          X-Content-Type-Options   nosniff  health    storagedriver      enabled  true     interval  10s     threshold  3

User · Answer

This is really ugly but it works  text is tested on registry 2 5 1  I did not manage to get delete working smoothly even after updating configuration to enable delete  The ID was really difficult to retrieve  had to login to get it  maybe some misunderstanding  Anyway  the following works    Login to the container  docker exec -it registry sh  Define variables matching your container and container version   export NAME  google cadvisor  export VERSION  v0 24 1   Move to the the registry directory   cd  var lib registry docker registry v2  Delete files related to your hash   find     grep  ls   repositories  NAME  manifests tags  VERSION index sha256   xargs rm -rf  1  Delete manifests   rm -rf   repositories  NAME  manifests tags  VERSION  Logout  exit  Run the GC   docker exec -it registry  bin registry garbage-collect   etc docker registry config yml  If all was done properly some information about deleted blobs is shown

User · Answer

Here is a script based on Yavuz Sert s answer  It deletes all tags that are not the latest version  and their tag is greater than 950     usr bin env bash   CheckTag        Name  1     Tag  2      Skip 0     if     quot   Tag  quot      quot latest quot      then         Skip 1     fi     if     quot   Tag  quot  -ge  quot 950 quot      then         Skip 1     fi     if     quot   Skip  quot      quot 1 quot      then         echo  quot skip   Name    Tag  quot      else         echo  quot delete   Name    Tag  quot          Sha   curl -v -s -H  quot Accept  application vnd docker distribution manifest v2 json quot  -X GET http   127 0 0 1 5000 v2   Name  manifests   Tag  2 gt  amp 1   grep Docker-Content-Digest   awk   print   3             Sha  quot   Sha    r    quot          curl -H  quot Accept  application vnd docker distribution manifest v2 json quot  -X DELETE  quot http   127 0 0 1 5000 v2   Name  manifests   Sha  quot      fi    ScanRepository        Name  1     echo  quot Repository   Name  quot      curl -s http   127 0 0 1 5000 v2   Name  tags list   jq   tags          while IFS   quot  n quot  read -r line  do         line  quot   line   quot   quot          line  quot   line   quot   quot          CheckTag  Name  line     done     JqPath   which jq  if     quot x  JqPath  quot      quot x quot      then   echo  quot Couldn t find jq executable  quot    exit 2 fi  curl -s http   127 0 0 1 5000 v2  catalog   jq   repositories      while IFS   quot  n quot  read -r line  do     line  quot   line   quot   quot      line  quot   line   quot   quot      ScanRepository  line done

User · Answer

There are some clients  in Python  Ruby  etc  which do exactly that  For my taste  it isn t sustainable to install a runtime  e g  Python  on my registry server  just to housekeep my registry      So deckschrubber is my solution   go get github com fraunhoferfokus deckschrubber  GOPATH bin deckschrubber   images older than a given age are automatically deleted  Age can be specified using -year  -month  -day  or a combination of them    GOPATH bin deckschrubber -month 2 -day 13 -registry http   registry 5000     UPDATE  here s a short introduction on deckschrubber

User · Answer

Another tool you can use is registry-cli  For example  this command  registry py -l  quot login password quot  -r https   your-registry example com --delete  will delete all but the last 10 images

User · Answer

Below Bash Script Deletes all the tags located in registry except the latest   for D in  registry-data docker registry v2 repositories    do if   -d    D      then     if   -z    ls -A   D   manifests tags       then         echo        else         for R in   ls -t   D   manifests tags    tail -n  2   do             digest   curl -k -I -s -H -X GET http   xx xx xx xx 5000 v2   basename    D   manifests   R  -H  accept  application vnd docker distribution manifest v2 json     grep Docker-Content-Digest   awk   print  2                 url  http   xx xx xx xx 5000 v2   basename    D   manifests  digest              url   url    r               curl -X DELETE -k -I -s    url -H  accept  application vnd docker distribution manifest v2 json           done     fi fi done   After this Run  docker exec   docker ps   grep registry   awk   print  1     bin registry garbage-collect  etc docker registry config yml

User · Answer

Problem 1 You mentioned it was your private docker registry  so you probably need to check Registry API instead of Hub registry API doc  which is the link you provided  Problem 2 docker registry API is a client server protocol  it is up to the server s implementation on whether to remove the images in the back-end   I guess  DELETE  v1 repositories  namespace   repository  tags  tag    Detailed explanation Below I demo how it works now from your description as my understanding for your questions  I run a private docker registry  I use the default one  and listen on port 5000  docker run -d -p 5000 5000 registry  Then I tag the local image and push into it    docker tag ubuntu localhost 5000 ubuntu   docker push localhost 5000 ubuntu The push refers to a repository  localhost 5000 ubuntu   len  1  Sending image list Pushing repository localhost 5000 ubuntu  1 tags  511136ea3c5a  Image successfully pushed d7ac5e4f1812  Image successfully pushed 2f4b4d6a4a06  Image successfully pushed 83ff768040a0  Image successfully pushed 6c37f792ddac  Image successfully pushed e54ca5efa2e9  Image successfully pushed Pushing tag for rev  e54ca5efa2e9  on  http   localhost 5000 v1 repositories ubuntu tags latest   After that I can use Registry API to check it exists in your private docker registry   curl -X GET localhost 5000 v1 repositories ubuntu tags   quot latest quot    quot e54ca5efa2e962582a223ca9810f7f1b62ea9b5c3975d14a5da79d3bf6020f37 quot    Now I can delete the tag using that API      curl -X DELETE localhost 5000 v1 repositories ubuntu tags latest true  Check again  the tag doesn t exist in my private registry server   curl -X GET localhost 5000 v1 repositories ubuntu tags latest   quot error quot    quot Tag not found quot

User · Answer

The current v2 registry now supports deleting via DELETE  v2  lt name gt  manifests  lt reference gt  See  https   github com docker distribution blob master docs spec api md deleting-an-image Working usage  https   github com byrnedo docker-reg-tool Edit  The manifest  lt reference gt  above can be retrieved from requesting to GET  v2  lt name gt  manifests  lt tag gt  and checking the  Docker-Content-Digest header in the response  Edit 2  You may have to run your registry with the following env set  REGISTRY STORAGE DELETE ENABLED  quot true quot  Edit3  You may have to run garbage collection to free this disk space  https   docs docker com registry garbage-collection

User · Answer

Briefly   1  You must typed following command for RepoDigests of a docker repo      docker inspect  lt registry-host gt   lt registry-port gt   lt image-name gt   lt tag gt   gt  docker inspect 174 24 100 50 8448 example-image latest                    Id    sha256 16c5af74ed970b1671fe095e063e255e0160900a0e12e1f8a93d75afe2fb860c            RepoTags                  174 24 100 50 8448 example-image latest                example-image latest                      RepoDigests                  174 24 100 50 8448 example-image sha256 5580b2110c65a1f2567eeacae18a3aec0a31d88d2504aa257a2fecf4f47695e6                            digest      sha256 5580b2110c65a1f2567eeacae18a3aec0a31d88d2504aa257a2fecf4f47695e6   2  Use registry REST API      curl -u username password -vk -X DELETE registry-host gt   lt registry-port gt  v2  lt image-name gt  manifests   digest       gt curl -u example-user example-password -vk -X DELETE http   174 24 100 50 8448 v2 example-image manifests sha256 5580b2110c65a1f2567eeacae18a3aec0a31d88d2504aa257a2fecf4f47695e6   You should get a 202 Accepted for a successful invocation   3-  Run Garbage Collector  docker exec registry bin registry garbage-collect --dry-run  etc docker registry config yml   registry     registry container name   For more detail explanation enter link description here

User · Answer

Simple ruby script based on this answer  registry cleaner   You can run it on local machine      registry cleaner rb --host https   registry exmpl com --repository name --tags count 4  And then on the registry machine remove blobs with  bin registry garbage-collect  etc docker registry config yml

[docker] How to delete images from a private docker registry?

Examples related to docker

Examples related to docker-registry