I'm a bit confused about GitLab's registry cleanup policy.
I have several registries with tags for the image foo
being pushed every few weeks or so, named foo:v1.0.0
, foo:v1.0.1
etc. The tag latest
is always pushed alongside the versioned tags. However, latest
is never used in production in order to pin the dependencies.
I would like to keep the most recent 1 tag, and clear out any tags older than, say, 30 days.
I currently have the following policy set:
I would expect only two tags to be inside my repository ( latest
and, eg foo:v1.0.1
), yet, there are 15, dating back to 6 months ago and earlier.
Now, when I look at the "Keep the most recent line" — what does "1 tag per image name" mean here, exactly? Is the "image name" the name of the image, eg foo
, then the policy should not leave 15 images in my repository, only 1.
If "image name" is actually the name plus the tag (eg, foo:v1.0.0
), what is the purpose of this setting? It means that any image will be kept!
I guess I could remove the keep rules, but I also do not want to simply delete all images except the latest
one, since latest
is never used in production, and in case that I don't update an image within 30 days, that will be deleted to, and I cannot deploy anymore.
Is there a good solution to this, other than writing my own cleanup script?
what does "1 tag per image name" mean here, exactly?
"image name" really means 'repository' in the docker registry API sense of the word. I'm guessing the GitLab UI avoids this term to prevent conflation with 'repository' in the git/project sense of the word, since it would be confusing because a single GitLab project/repo can hold many separate docker images.
So, suppose you have two images myproject/foo
and myproject/bar
, "1 tag per image" means 1 tag for the image myproject/foo
and 1 tag for myproject/bar
. It does not mean a combination of image and tag.
Your keep rule of .*
is preventing any tags from being cleaned up, per step 4 of the cleanup policy :
The cleanup policy:
- Collects all tags for a given repository in a list.
- Excludes the tag named
latest
from the list.- Evaluates the
name_regex
(tags to expire), excluding non-matching names from the list.- Excludes from the list any tags matching the
name_regex_keep
value (tags to preserve).- Excludes any tags that do not have a manifest (not part of the options in the UI).
- Orders the remaining tags by
created_date
.- Excludes from the list the N tags based on the
keep_n
value (Number of tags to retain).- Excludes from the list the tags more recent than the
older_than
value (Expiration interval).- Finally, the remaining tags in the list are deleted from the Container Registry.
So, you would probably want to change your keep regex to match only the images you would want to keep -- like the tags you use in production (eg v.+
to match tags starting with v
).
I've given up trying to understand how the cleanup policies work, and instead wrote a Python script that does the entire cleanup.
The code can be found in this Gist .
The basic idea is to:
customer-v1.2.3
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.