Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I cleanly remove a container image from the Google Container Registry?

I have pushed container images using gcloud docker push to the Google Container Registry. Two questions:

How do I cleanly remove a pushed container image from the registry? (I know I can remove a tag to an image and make it not accessible anymore.)

There are a bunch of Docker layers that an image brings with it. I want to remove all the unused layers with an image deletion.

like image 570
4 revs, 2 users 76% Avatar asked Nov 17 '15 11:11

4 revs, 2 users 76%


2 Answers

UPDATE: You can now delete individual container images straight from the UI.

  1. Go to the Container Registry page.
  2. You should see a list of container images. Click the one you want to delete. Container Registry
  3. Select one or more tags, and click the delete button. Select and Delete images

As of Nov 2015: There is no way to currently delete a single container image from the registry cleanly. Right now, it is basically all or nothing. The GCR team is working on this!

Original Answer: I can't think of an easy way to delete individual images. You can delete ALL of the images by deleting the Cloud Storage bucket with gsutil rb gs://artifacts.<PROJECT-ID>.appspot.com. You can also use the storage browser and try to delete individual parts (https://console.developers.google.com/storage/browser/artifacts..appspot.com) but you would have to know the Docker hashes for each layer!

like image 156
Sandeep Dinesh Avatar answered Oct 08 '22 00:10

Sandeep Dinesh


This can be done via Gcloud which means it can be done from the CLI or in a code pipeline (say at the end of CD).

As documented by Google, you can collect a list of all untagged images with:

gcloud container images list-tags  [HOSTNAME]/[PROJECT-ID]/[IMAGE] --filter='-tags:*' --format="get(digest)" --limit=$BIG_NUMBER

And then delete an image with:

gcloud container images delete  [HOSTNAME]/[PROJECT-ID]/[IMAGE]@DIGEST --quiet

where the above command is run for each output (DIGEST) from the first command.

A rough scripted example would be running the following post gcloud auth:

gcloud container images list-tags gcr.io/myProject/myApp --filter='-tags:*' --format="get(digest)" --limit=10 > tags && while read p; do gcloud container images delete "gcr.io/myProject/myApp@$p" --quiet; done < tags

A Github actions post CD image cleanup task would look like:

    needs: [CI, Build_myApp]
    runs-on: ubuntu-latest
    steps:
      - name: 'Authenticate to Gcloud'
        uses: google-github-actions/setup-gcloud@master
        with:
          project_id: myProject
          service_account_email: [email protected]
          service_account_key: ${{ secrets.CONTAINER_ADMIN_NP_SA }}
          export_default_credentials: true
      - name: 'Cleanup untagged images in nonprod'
        run: gcloud container images list-tags gcr.io/myProject/myApp --filter='-tags:*' --format="get(digest)" --limit=10 > tags && while read p; do gcloud container images delete "gcr.io/myProject/myApp@$p" --quiet; done < tags

like image 34
Jake Nelson Avatar answered Oct 08 '22 00:10

Jake Nelson