Housekeep your local image registry

Image by 👀 Mabel Amber, who will one day from Pixabay

You may have a local image registry setup (using docker.io/registry:2) where you manage your own images. But after a while, housekeeping is required.

Remove individual image

Instead of calling some of the registry API through curl, let’s use the tool called crane from the go-containerregistry repo.

Download the tool from releases, untar it,

sudo mv crane /usr/local/bin

Now login to the local registry

crane auth login localhost:5000 -u username -p password

List the catalog,

crane catalog localhost:5000 --insecure

As I am using self-sign cert, add the — insecure flag. If the cert is updated in the system’s trusted cert and you are running the command locally on the server, then this flag is not required.

From the above output, select a repo, list all its tags,

$ crane ls localhost:5000/cp/ibm-mqadvanced-server --insecure
9.2.0.0-r2-amd64
9.2.0.0-r1-amd64
9.2.0.0-r2
9.1.5.0-r2-amd64
9.2.0.0-r2-s390x

Now let's say we want to remove the tag “9.2.0.0-r1-amd64” from the registry. First get the digest value of the image,

$ crane --insecure digest localhost:5000/cp/ibm-mqadvanced-server:9.2.0.0-r1-amd64
sha256:10353222ecf9c0bd09034820d5c14a8ce03b9ffc18c9e148b99f7171da9be825

Then delete it with the delete command

$ crane delete localhost:5000/cp/ibm-mqadvanced-server@sha256:10353222ecf9c0bd09034820d5c14a8ce03b9ffc18c9e148b99f7171da9be825

List the tags again to confirm the tag are removed,

$ crane ls localhost:5000/cp/ibm-mqadvanced-server
9.2.0.0-r2-amd64
9.2.0.0-r2
9.1.5.0-r2-amd64
9.2.0.0-r2-s390x

It’s noticed that for the registry image, you will need to have the environment variable REGISTRY_STORAGE_DELETE_ENABLED=true to allow the DELETE API.

If you are running CI/CD pipelines, it’s recommended to clean up some of the old images/tags as part of the pipeline.

Garbage Cleaning