I have pushed container images using gcloud docker push
to the Google Container Registry. Two questions:
How do I cleanly remove a pushed container image from the registry? (I know I can remove a tag to an image and make it not accessible anymore.)
There are a bunch of Docker layers that an image brings with it. I want to remove all the unused layers with an image deletion.
UPDATE: You can now delete individual container images straight from the UI.
As of Nov 2015: There is no way to currently delete a single container image from the registry cleanly. Right now, it is basically all or nothing. The GCR team is working on this!
Original Answer: I can't think of an easy way to delete individual images. You can delete ALL of the images by deleting the Cloud Storage bucket with gsutil rb gs://artifacts.<PROJECT-ID>.appspot.com
. You can also use the storage browser and try to delete individual parts (https://console.developers.google.com/storage/browser/artifacts..appspot.com) but you would have to know the Docker hashes for each layer!
This can be done via Gcloud which means it can be done from the CLI or in a code pipeline (say at the end of CD).
As documented by Google, you can collect a list of all untagged images with:
gcloud container images list-tags [HOSTNAME]/[PROJECT-ID]/[IMAGE] --filter='-tags:*' --format="get(digest)" --limit=$BIG_NUMBER
And then delete an image with:
gcloud container images delete [HOSTNAME]/[PROJECT-ID]/[IMAGE]@DIGEST --quiet
where the above command is run for each output (DIGEST) from the first command.
A rough scripted example would be running the following post gcloud auth:
gcloud container images list-tags gcr.io/myProject/myApp --filter='-tags:*' --format="get(digest)" --limit=10 > tags && while read p; do gcloud container images delete "gcr.io/myProject/myApp@$p" --quiet; done < tags
A Github actions post CD image cleanup task would look like:
needs: [CI, Build_myApp]
runs-on: ubuntu-latest
steps:
- name: 'Authenticate to Gcloud'
uses: google-github-actions/setup-gcloud@master
with:
project_id: myProject
service_account_email: [email protected]
service_account_key: ${{ secrets.CONTAINER_ADMIN_NP_SA }}
export_default_credentials: true
- name: 'Cleanup untagged images in nonprod'
run: gcloud container images list-tags gcr.io/myProject/myApp --filter='-tags:*' --format="get(digest)" --limit=10 > tags && while read p; do gcloud container images delete "gcr.io/myProject/myApp@$p" --quiet; done < tags
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With