Menu
We have a GitLab CI pipeline which builds a new Docker image based on an external ETCD snapshot of a Hashicorp Vault secrets back-end. The image is for disaster recovery so we don't have any interest in keeping old versions in the registry.
Is there any way of purging GitLab registry container images which are older than a certain date. Or to keep a maximum number of recent images and delete the rest?
Thanks
S
249
In Milestone 8.8, GitLab launched the MVC of the Container Registry. This feature integrated the Docker Distribution registry into GitLab so that any GitLab user could have a space to publish and share container images.
ci_registry_image (String) The address of the project's Container Registry. Only available if the Container Registry is enabled for the project. ci_registry_password (String) The password to push containers to the project's GitLab Container Registry. Only available if the Container Registry is enabled for the project.
Container Registry is a service for storing private container images. It provides a subset of features provided by Artifact Registry, a universal repository manager and the recommended service for managing container images and other artifacts in Google Cloud.
run this command:
sudo gitlab-ctl registry-garbage-collect -m
GitLab 12.8 (Feb. 2020) introduced "Tag expiration policy".
And GitLab 13.0 (May 2020) enhances that feature with:
Define policies to ensure important images are never deleted
When using GitLab’s Image Expiration Policy, there is no way to express something such as “no matter what, don’t delete this tag”.
This introduces risk into the deletion process, as it’s possible to delete release or master images, which should be immutable.
In 13.0 we are excited to announce that you can now update your project’s expiration policy to identify images you never want deleted.
Simply enable the policy and use regex to identify the image you want to preserve.
See documentation and issue.
And with GitLab 13.5 (October 2020):
Major improvements to the Container Registry cleanup policy
When using the cleanup policy for tags to remove unwanted tags from your Container Registry, you may have noticed that the tags aren’t always removed like you’d expect them to be.
As a result, it’s likely that you had to manually intervene by using the GitLab API to delete registry tags in bulk, or you ignored the problem and subsequently experienced higher storage costs.There are two potential issues that may have caused problems. The first issue is related to gitlab-#219915. This issue resolved a bug where some policies created in the user interface were failing, because the
userwasn’t passed to theDeleteTagService.In addition, you may have encountered an issue in which the policy ran, but only partially completed. This occurs when a policy attempts to delete many images and instead times out. If that happens, it will continue removing the tags in the policy’s next scheduled run. Moving forward, you will see a warning to signal that there are partially-run policies remaining. That way you can decide if you want to manually intervene or not.
We have several other improvements planned for this feature, including support for all historical projects and a preview of tags that will be removed.
See Documentation and Issue.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
