Docker Registry 2.0 - how to delete unused images? -

we updated our private docker registry official registry 2.0. version can delete docker images identified hashtag (see https://docs.docker.com/registry/spec/api/#deleting-an-image) still don't see way cleanup old images.

as our ci server continously producing new images, need method delete images private registry no longer identified named tag.

if there's no built-in way achieve this, think custom script possibly work, don't see v2 api method either list stored hashtags of image..

how can keep private registry clean? hints?

this doable, although ugly. need running (i think) registry 2.3 or greater, , have enabled deleting (registry_storage_delete_enabled=true env var or equivalent). example commands below assume local filestore in /srv/docker-registry, i'd surprised if equivalent couldn't cooked other storage backends.

for each repository wish tidy up, need enumerate digest references no longer required. easiest way per-tag, using latest example in case, you'd like:

ls /srv/docker-registry/v2/repositories/<repo>/_manifests/tags/index/latest/index/sha256 -t | tail -n +3 

this list 3 recent digests pushed latest tag. alternately, if don't care tags much, want keep last few references pushed, can do:

ls /srv/docker-registry/v2/repositories/<repo>/_manifests/revisions/sha256 -t | tail -n +3 

then, delete references don't need:

for hash in ls /srv/docker-registry/v2/repositories/<repo>/_manifests/tags/index/latest/index/sha256 -t | tail -n +3); curl -x delete https://registry:5000/v2/<repo>/manifests/sha256:$hash; done 

finally, need gc run, because registry implements "soft deletes", doesn't delete anything, makes unavailable:

docker exec docker-registry /bin/registry garbage-collect /path/to/config.yml 

yes, messy hell, grovelling around in backend storage, because there's no api method enumerate digests associated given tag, that's way cookie crumbles.