You may have a local image registry setup (using docker.io/registry:2) where you manage your own images. But after a while, housekeeping is required.
Remove individual image
Instead of calling some of the registry API through curl, let’s use the tool called crane from the go-containerregistry repo.
Download the tool from releases, untar it,
sudo mv crane /usr/local/bin
Now login to the local registry
crane auth login localhost:5000 -u username -p password
List the catalog,
crane catalog localhost:5000 --insecure
As I am using self-sign cert, add the — insecure flag. If the cert is updated in the system’s trusted cert and you are running the command locally on the server, then this flag is not required.
From the above output, select a repo, list all its tags,
$ crane ls localhost:5000/cp/ibm-mqadvanced-server --insecure
Now let's say we want to remove the tag “126.96.36.199-r1-amd64” from the registry. First get the digest value of the image,
$ crane --insecure digest localhost:5000/cp/ibm-mqadvanced-server:188.8.131.52-r1-amd64
Then delete it with the delete command
$ crane delete localhost:5000/cp/ibm-mqadvanced-server@sha256:10353222ecf9c0bd09034820d5c14a8ce03b9ffc18c9e148b99f7171da9be825
List the tags again to confirm the tag are removed,
$ crane ls localhost:5000/cp/ibm-mqadvanced-server
It’s noticed that for the registry image, you will need to have the environment variable
REGISTRY_STORAGE_DELETE_ENABLED=true to allow the DELETE API.
If you are running CI/CD pipelines, it’s recommended to clean up some of the old images/tags as part of the pipeline.