registry delete private warehouse image

Posted by dombrorj on Thu, 30 Dec 2021 15:00:11 +0100

1, Query image digest value

The command is as follows. Note that "Accept: application/vnd.docker.distribution.manifest.v2+json" should be added to the request header, otherwise an error digest will be returned.

curl --header "Accept:application/vnd.docker.distribution.manifest.v2+json" -I -XGET http://10.19. 154.240: 5000 / V2 / test (image path) / Tomcat (image name) / manifests / v1 1.0 (mirror version)

Return example:

HTTP/1.1 200 OK
Content-Length: 1583
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:fb26b27060091b971a1e9ec332c15eeac09a079a4c201808426adae940cb4d86
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:fb26b27060091b971a1e9ec332c15eeac09a079a4c201808426adae940cb4d86"
X-Content-Type-Options: nosniff
Date: Wed, 22 Dec 2021 08:10:27 GMT

2, Delete according to digest

1. The command line calls to delete the interface

After obtaining digest in the previous step, use the command line to call the following interface:

curl -X DELETE http://10.19.154.240:5000/v2/test/tomcat/manifests/sha256:fb26b27060091b971a1e9ec332c15eeac09a079a4c201808426adae940cb4d86

At this time, if the deletion is successful, call
curl -X GET http://10.19.154.240:5000/v2/test/tomcat/tags/list Time
The tags in the returned result are null. Example:

{"name":"test/tomcat","tags":null}

2. For possible problems, return UNSUPPORTED when deleting

If the deletion fails, the following information is returned:

{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}

This is because the docker registry does not allow deleting images by default. There are two ways to solve this problem.

Solution 1

In the configuration file config Add delete:enabled: true field in YML
① Enter the docker container (only containers in operation can enter)

docker exec -it <container ID|Container name> /bin/sh
cd /var/lib/registry/

② Modify config YML file

Open config YML file

cd /etc/docker/registry/
vi config.yml

Add delete:enabled: true under storage: for example, note that there is a space after enabled: and it cannot be omitted. If no space is added, the container will fail to start.

version: 0.1
log:
  fields:
    service: registry
storage:
  cache: 
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
http:        
  addr: :5000                        
  headers:                           
    X-Content-Type-Options: [nosniff]
health:          
  storagedriver: 
    enabled: true
    interval: 10s
    threshold: 3

③ Exit container: enter exit or press Ctrl + D
④ Restart the container for the changes to take effect

docker restart docker-registry

⑤ If the container is not started normally after restart, and docker start cannot start the container, it is likely that it is due to the previous config The YML file is corrupted. You can use docker logs -f CONTAINER_NAME to view the error log. If it is config Because the container is not started and cannot enter the container, the YML file can only be copied out and changed, and then copied back to overwrite the original file. An example is as follows:

[yogi@master ~]$ docker cp docker-registry:/etc/docker/registry/config.yml .
[yogi@master ~]$ vi config.yml 
[yogi@master ~]$ docker cp config.yml docker-registry:/etc/docker/registry
[yogi@master ~]$ docker start docker-registry

Solution 2

Specify the following environment variable when starting registry: - e REGISTRY_STORAGE_DELETE_ENABLED=true
Note that during startup, it refers to docker run instead of docker start. Therefore, if a container is already running, this method is not recommended, because this method can only stop the previous registry container, Re run a new registry container (it cannot have the same name as the previous container, but because the previous container has stopped, the port number can be the same, which is equivalent to directly discarding the previous container).

3, Clear blobs using registry gc

After the second step is successful, you can no longer pull the image, but the disk space is not released. You need to use registry gc to clean up invalid blobs.

docker exec docker-registry(Container name) bin/registry garbage-collect /etc/docker/registry/config.yml

You can also enter the container and then use registry gc. Before and after use, use the du -sch command to see the disk occupation to judge whether the space is released.

docker exec -it docker-registry /bin/sh
cd /var/lib/registry/
du -sch
registry garbage-collect /etc/docker/registry/config.yml
du -sch

Unfortunately, even though blobs have been cleaned up, curl is still used http://10.19.154.240:5000/v2/_catalog When I write this blog, I can still see the image name deleted before. This problem has not been solved yet. If you know the reason, you are welcome to communicate with me~

Topics: Docker registry

Hot Topics

©2024 Programmer Think