There seems to be no simple method to do remove images from the registry as of today and looks like its a feature for registry 2.1 milestone.
One of the options what we have today with this not working
anovil@ubuntu-anovil remove-registry]$ curl -X DELETE localhost:5000/v2/alpine/manifests/v1
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
[anovil@ubuntu-anovil remove-registry]$
is to manually remove it from the registry itself. Just to avoid removing wrong file accidentally, I tested it with this script from github. I take no guarantee on how this script works (though I checked it quickly before I tested it).
So, I made a test and that seems to work :)
[1] I presume that, you are running a registry with docker itself.
[anovil@ubuntu-anovil remove-registry]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88f8e1a1d7a7 registry:2 "/bin/registry /etc/d" 37 minutes ago Up 37 minutes 0.0.0.0:5000->5000/tcp registry
[anovil@ubuntu-anovil remove-registry]$
[2] I created a minimal Dockerfile with just FROM alpine
content and created alpine:v1 and pushed to my private registry running on localhost:5000. Querying it from registry, it returned as expected.
[anovil@ubuntu-anovil remove-registry]$ curl -X GET localhost:5000/v2/alpine/tags/list
{"name":"alpine","tags":["v1"]}
[anovil@ubuntu-anovil remove-registry]$
[3] Then I log into the registry with docker exec
and checked the disk usage before I do my experiment
root@88f8e1a1d7a7:/# du -sch /var/lib/registry/
2.5M /var/lib/registry/
2.5M total
root@88f8e1a1d7a7:/#
[4] After returning back to my host I copied a heavy file (mongodb.tgz) into my container and created a built and pushed version v2.
[anovil@ubuntu-anovil remove-registry]$ docker build -t localhost:5000/alpine:v2 .
Sending build context to Docker daemon 61.99 MB
Step 1 : FROM alpine
---> 2314ad3eeb90
Step 2 : COPY mongodb.tgz /mongodb.tgz
---> d7c7645a3fe2
Successfully built d7c7645a3fe2
[anovil@ubuntu-anovil remove-registry]$ docker push localhost:5000/alpine:v2
The push refers to a repository [localhost:5000/alpine] (len: 1)
d7c7645a3fe2: Pushed
5ff05309724e: Image already exists
v2: digest: sha256:7bea1ec2910170bd88412b622aee6129791673cf1fd8c0e1e34f15ec26428774 size: 4467
[anovil@ubuntu-anovil remove-registry]$
[5] After checking the size again in the registry, it has increased to 62MB:
root@88f8e1a1d7a7:/# du -sch /var/lib/registry/
62M /var/lib/registry/
62M total
root@88f8e1a1d7a7:/#
[6] In order to run delete_docker_registry_image
, you need to get the script into the container which is hosting the registry, one option to do this is with curl. Also, this script requires jq
.
root@88f8e1a1d7a7:/# apt-get update && apt-get install -y curl jq
...
root@88f8e1a1d7a7:/#
[7] Run the script, try with --dry-run
option first and do not forget the version tag (v2 in this case), there is also a good -h
root@88f8e1a1d7a7:/# delete_docker_registry_image --image alpine:v2 --dry-run
DRY_RUN: would have deleted tag directory: repositories/alpine/_manifests/tags/v2
DRY_RUN: would have deleted manifest revision: repositories/alpine/_manifests/revisions/sha256/7bea1ec2910170bd88412b622aee6129791673cf1fd8c0e1e34f15ec26428774
DRY_RUN: would have deleted directory: blobs/sha256/e2/e2cc9aed084e01fa5cf93c09121035ac4d712113425ae68b678c28591beec5c6
DRY_RUN: would have deleted directory: blobs/sha256/7a/7ada67971e952e353ab14d8f9bdd4e41e4c41099b05a5da09f2700b51d93908a
DRY_RUN: would have deleted directory: blobs/sha256/7b/7bea1ec2910170bd88412b622aee6129791673cf1fd8c0e1e34f15ec26428774
DRY_RUN: would have deleted layer metadata directory: repositories/alpine/_layers/sha256/e2cc9aed084e01fa5cf93c09121035ac4d712113425ae68b678c28591beec5c6
root@88f8e1a1d7a7:/# delete_docker_registry_image --image alpine:v2
root@88f8e1a1d7a7:/#
[8] And voila !!
root@88f8e1a1d7a7:/# du -sch /var/lib/registry/
2.5M /var/lib/registry/
2.5M total
root@88f8e1a1d7a7:/#
Best Answer
There is currently no api to delete a specific tag. Theoretically you could push a new (possibly empty) manifest to an existing tag, and then delete that. Otherwise, you'll want to track all tags and manifests in your cleanup routine to identify what is safe to delete.
Update:
Tag deletion was added to the now 1.0 OCI distribution-spec. With that, pull request (#3427) was approved to distribution/distribution which is the upstream for the registry image. Its got a milestone of the 3.0 release, so this may be a feature that gets added in the future.
I've also been working on regclient which implements both the tag delete API, and falls back to pushing an empty manifest and deleting that. For a CLI, regclient includes regctl which would look like: