a Go application to remove images from a remote Docker Registry
./docker-registry-cleaner -project=kube00-XXX -registryURL="https://us.gcr.io" -username='_token' -password=$(gcloud auth print-access-token) -logLevel=info -filter="^kube00-XXX/us.gcr.io/imagename/imagename2:1234"
/v2
endpoint
https://us.gcr.io
for the US registry. Can also be https://gcr.io
gcloud projects list
_token
gcloud auth print-access-token
debug
you will also get the HTTP calls to the Registry..*
as tag versionproject/image:v1.2.3
project/image:.*
project/image:.*
AND -deleteUntagged
optionAs a reminder, you can also do all this by hand using curl
. If you're on Google Container Registry, you can do :
curl -ks -u "oauth2accesstoken:$(gcloud auth print-access-token)" https://us.gcr.io/v2/project/project-name/tags/list | jq '.'
You need Go v1.19 or newer to build.
go build
Removed vendors, updated to run with Go 1.19
It seems the SHA256 part of the manifest is needed, at least for Google Container registry...No error is returned but it does nothing if sha256 is not there...
Also, when deletting tags, we delete the image. This will silentely fail if there are other tags that are not deleted. I introduced a new option deleteUntagged
so it will also remove images without tags when deleting .*
.
Turn out the digest is like sha256:b618c166f0b066dd9bba7...
while you only need the hash to delete the image (b618c166f0b066dd9bba7...
)
After code update, I have a 202 from the registry... but the image is in fact never deleted (at least on Google GCR)
As of now this tool is working to list images from a Google registry. It does not work to remove images. The error is :
Delete https://us.gcr.io/v2/kube00-XXXX/imagename/imagename2/manifests/sha256:5104db36afd2ea4a3977174e8ee1ce0fcec5678401a50d1a1cbcf240f2fd7da2:
http: non-successful response
status=404
body={
"errors":[
{"code":"NAME_UNKNOWN",
"message":"Failed to compute blob liveness for manifest: 'sha256:5104db36afd2ea4a3977174e8ee1ce0fcec5678401a50d1a1cbcf240f2fd7da2'"
}]
}