Hi I want to delete a docker image from my private registry the steps that I did was:
I already did what the solution of How can I use the Docker Registry API V2 to delete an image from a private registry? recommended and it did not work
I did a HEAD request to get the Docker-Content-Digest
curl --cacert ~/Documents/certificates//ca.pem --key ~/Documents/certificates//key.pem --cert ~/Documents/certificates/certificate.p12 --pass certpass -I https://myprivateregistry/v2/imagename/manifests/tag
Then using the Dcker-content-digest from the previous step I did a delete request:
curl --cacert ~/Documents/certificates//ca.pem --key ~/Documents/certificates//key.pem --cert ~/Documents/certificates/certificate.p12 --pass certpass --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://myprivateregisty/v2/imagename/manifests/dockercontentdigestgotfrompreviousstep
I got this error:
{"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown"}]}
In all likelihood, it means, that you have deleted the manifest, and this is right first step. To delete actual data from disk, you need to run docker registry garbage collector on registry host machine.
docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml
The info is from that comment
Also, as some adv, I want to propose you to check my docker registry web UI =) There is the possibility to delete an images from registry right with that UI.
Related
I can see my docker registry by
curl -X GET "https://mylogin:mypass#myregistry.mydomain.io:myport/v2/_catalog"
or
curl -X GET "https://mylogin:mypass#myregistry.mydomain.io:myport/v2/myimage/manifests/latest"
but if I start container
sudo docker run -it https://mylogin:mypass#myregistry.mydomain.io:myport/myimage:latest
I receive error
docker: invalid reference format
https://mylogin:mypass#myregistry.mydomain.io:myport/myimage:latest
To login to your registry server, first run:
docker login myregistry.mydomain.io
Then pull the image with:
docker pull myregistry.mydomain.io:myport/myimage:latest
There should be no https:// or user credentials in the image name you pull.
How do you get the digest of a container image running on a pod in kubernetes?
Based on the screen-shot below, I would like to be able to retrieve d976aea36eb5 from the pod (logs, YAML etc. whatever is the way to get it)
What I can get from YAML://Deployment/spec/template/spec/containers/image is mysolution.host which is the common name of the image.
If this isn't possible via the kubernetes API, you can do it through the docker registry API.
What you're looking for is the image's digest, which is the sha256 hash of its manifest. The "Name" column in the screenshot of GCR's UI is the truncated digest of the image.
The string us.gcr.io/my-project-37111/mysolution.host represents a repository, which is just a collection of images. These images can be referenced by their digest or by a tag.
You can list all the tags in your repository using gcloud:
$ gcloud container images list-tags us.gcr.io/my-project-37111/mysolution.host
That will show you the truncated digest as well. For the full digest, you can use the --format=json flag:
$ gcloud container images list-tags --format=json us.gcr.io/my-project-37111/mysolution.host
If you happen to know the tag (0.0.5-linux for the highlighted image), you can call the registry API directly:
$ curl \
-H "Accept: *" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-I https://us.gcr.io/v2/my-project-37111/mysolution.host/manifests/0.0.5-linux |
grep "digest"
Given a docker registry managing multiple docker repositories, how do I delete one of the repositores?
Given docker repositories repo1 and repo2.
$ curl -X GET localhost:5000/v2/_catalog
{"repositories":["repo1", "repo2"]}
I want to remove repository repo1 so _catalog does not list repo1, like
$ curl -X GET localhost:5000/v2/_catalog
{"repositories":["repo2"]}
Currently, repository repo1 only has the default "latest" image tag
$ curl -X GET localhost:5000/v2/repo1/tags/list
{"name":"repo1","tags":["latest"]}
(Maybe that affects being able to delete repo1?)
I have tried...
The following commands returned 404 page not found:
$ curl -X DELETE localhost:5000/v1/repositories/repo1
$ curl -X DELETE localhost:5000/v2/repositories/repo1
$ curl -X DELETE localhost:5000/v2/repo1
And the following returned {"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
$ curl -X DELETE localhost:5000/v2/repo1/manifests/latest
Using versions
The remote docker-registry is registry/2.0
curl -vX GET localhost:5000/v2/
< HTTP/1.1 200 OK
...
< Docker-Distribution-Api-Version: registry/2.0
...
and
$ /bin/registry github.com/docker/distribution v2.4.1
by enabling DELETE API you're only able to delete the TAG not the whole repository from v2/_catalog.
in order to do this, you should:
1. enable DELETE API:
1.1 by config.yml : storage.delete.enabled:true
1.2 by env: -e REGISTRY_STORAGE_DELETE_ENABLED=true
2. get the tag reference via GET /v2/<name>/manifests/<tag>
(don't forget to have Header Accept: application/vnd.docker.distribution.manifest.v2+json).
in response headers, you have docker-content-digest: <sha256:xxx>
3. send DELETE /v2/<name>/manifests/<sha256:xxx>
4. run garbage collector: bin/registry garbage-collect /etc/docker/registry/config.yml
5. remove files: rm -r /var/lib/registry/docker/registry/v2/repositories/<name>/<tag>
finally: now you can see
curl -X GET localhost:5000/v2/_catalog
{"repositories":["repo2", "repo3"]}
ps.
consequences of 5: https://github.com/docker/distribution/issues/2983#issuecomment-530251232
There is no API to delete a repository. You need to delete individual tags or manifests within the repository. And until OCI's distribution-spec, there wasn't even an API to delete tags, you need to delete image manifests by digest, which deletes all tags pointing to that same digest.
To delete manifests, first ensure that you have enabled deletion according to this documentation before attempting anything. In your configuration of the registry, you would add the following section:
delete:
enabled: true
That can also be set by starting your registry container with the REGISTRY_STORAGE_DELETE_ENABLED=true environment variable specified.
Then you can call the manifest delete API:
curl -X DELETE \
-s "https://registry.example.org/v2/${repo}/manifests/${sha}"
If you want a wrapper around this to handle auth, and even support tag deletion, see regclient's regctl CLI that I've written. Google's crane and RedHat's skopeo may also provide this.
Once the manifests are deleted, you still need to clean the other items the manifest pointed to with a garbage collection (this needs to be done when no writes are occurring):
docker exec registry /bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged
That said, you'll still reach the point where the repository itself is not removed. You can delete the entire directory from the filesystem of the registry. But I would recommend getting support for this implemented from the project. See this issue for more details on getting the capability added to the official registry image.
I want to promote image from test to prod environment. How do I use "curl POST" to tag and push an image thru docker registry API v2? (Docker API 1.22)
The equivalent command are:
docker tag my_testrepo:6000/new_test_image:test_tag myprod_repo:5000/new_prod_image:tag
docker push myprod_repo:5000/new_prod_image:tag
How do I use curl command to tag an image into a repo:
POST /images/test/tag?repo=myrepo&force=0&tag=v42 HTTP/1.1
Could not find any instructions. Tried many times, all failed.
While researching this issue I stumbled upon this question. The solution I found resolved around this blog post. Credit to wheleph for the solution.
Essentially there is no method to tag an existing image, you can simply download the manifest of the existing tag, and re-upload the manifest as a new tag:
curl /v2/mybusybox/manifests/latest -H 'accept: application/vnd.docker.distribution.manifest.v2+json' > manifest.json
Then upload that manifest file back up.
curl -XPUT '/v2/mybusybox/manifests/new_tag' -H 'content-type: application/vnd.docker.distribution.manifest.v2+json' -d '#manifest.json'
The screenshot shows what I get from http api
When I enter:
curl -X GET registry.yiqixie.com:5000/v2/
It returns something that I can't read:
For a remote registry, you should access it through https.
And you can add a -v in order to see the encoding of the answer.
curl -k -v -X GET https://registry.yiqixie.com:5000/v2/_catalog
Make sure your bash supports utf8.