In our ECR, we are pushing many images everyday with tag 16_XXXX. Some of the pushed images are not stable version of the application. When there is a stable version, we are retagging the image with tag 16.XXXX.
We have set up a lifecycle policy to clean up images with 16_XXXX tag at imageCountMoreThan (500). Since there are images with two tags (i.e. stable version) (e.g. 16_0715 and 16.0715), will they be cleaned up too?
We don't want to delete all the stable versions of images. Is there a way to retag the image and remove the old tag just to except it in ECR lifecycle policy?
Thanks!
A lifecycle policy contains one or more rules, where each rule defines an action for Amazon ECR. This provides a way to automate the cleaning up of your container images by expiring images based on age or count. You should expect that after creating a lifecycle policy, the affected images are expired within 24 hours.
To create a lifecycle policy (AWS Management Console)Open the Amazon ECR console at https://console.aws.amazon.com/ecr/repositories . From the navigation bar, choose the Region that contains the repository for which to create a lifecycle policy. In the navigation pane, choose Repositories.
To create a lifecycle ruleSign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to create a lifecycle rule for. Choose the Management tab, and choose Create lifecycle rule.
Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service that is secure, scalable, and reliable. Amazon ECR supports private repositories with resource-based permissions using AWS IAM.
If you only have one rule, it will indeed delete your Stable images.
However, you can accomplish this with 2 rules in a policy. A rule at priority 10 will keep your Stable images (16.XXXX) safe, and a rule at priority 20 will 'see' the number of tags with your Unstable versions (16_XXXX) but will be unable to ever delete a Stable image because it is at a higher priority. Here's an example:
{
"rules": [
{
"rulePriority": 10,
"description": "Keep Stable Images",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["16."],
"countType": "imageCountMoreThan",
"countNumber": 9999
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 20,
"description": "Delete Old Unstable Images",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["16_"],
"countType": "imageCountMoreThan",
"countNumber": 500
},
"action": {
"type": "expire"
}
}
]
}
Source: I wrote the rule evaluation logic for Lifecycle Policies :) You can also check the docs, at the bottom of this page describes some facts about the system that users can take advantage of: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
An image that matches the tagging requirements of a rule cannot be expired by a rule with a lower priority.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With