개요
Reigistry의 이미지를 삭제하는 방법은 리포지토리(repository)내의 지정 버전(Tag)를 삭제, 리포지토리 삭제 두가지의 방법이 있다. 이 두가지 방법에 대해서 알아보도록 한다.
구성환경
Docker 19.03.5 , Registry 2.7.1
리포지토리내 지정 버전(Tag) 삭제
방법 1 : registry REST API 를 이용한 방법
*** curl 명령어로 이미지 삭제하고자 할때, Registry 서비스 시작시 -e REGISTRY_STORAGE_DELETE_ENABLED=true 환경변수를 지정하여야 한다.
1. 리포지토리 조회
- Usage : curl -X GET <Repository URL/v2/_catalog>
| shell> curl -X GET https://registry.hoya.com/v2/_catalog {"repositories":["debian","ubuntu"]} |
** 사용자 인증을 요구하는 Registry 일 경우 --user <username>:<password> 옵션을 curl 뒤에 추가한다.
예) curl --user user1:password123 -X GET ......
2. 삭제할 리포지토리의 Tag 조회
- Usage : curl -X GET <Repository URL/v2/<repository 이름>/tag/list
| shell> curl -X GET https://registry.hoya.com/v2/ubuntu/tags/list {"name":"ubuntu","tags":["17.04","18.04"]} |
3. content digest(hash) 조회(registry 컨테이너가 작동중인 노드에서 실행)
- Usage : curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET <Repository URL>/v2/<Repository 이름>/manifests/<Tag> 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'
예시 1) * registry가 설치된 서버에서 실행
| shell> curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://registry.hoya.com/v2/ubuntu/manifests/17.04 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}' sha256:213e05583a7cb8756a3f998e6dd65204ddb6b4c128e2175dcdf174cdf1877459 |
- Usage 2 : curl -XGET -v -H "Accept: application/vnd.docker.distribution.manifest.v2+json" <Repository URL>/v2/<Repository 이름>/manifests/<Tag>
예시 2)
|
shell> curl -XGET -v -H "Accept: application/vnd.docker.distribution.manifest.v2+json" https://registry.hoya.com/v2/ubuntu/manifests/17.04 .... 생략 .... |
4. manifest 삭제
- Usage 1 : curl -X DELETE <Repository URL>/v2/<Repository 이름>/manifests/<content digest>
- Usage 2 : curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://registry.hoya.com/v2/ubuntu/manifests/<content digest>
| shell> curl -X DELETE https://registry.hoya.com/v2/ubuntu/manifests/sha256:213e05583a7cb8756a3f998e6dd65204ddb6b4c128e2175dcdf174cdf1877459 |
- 확인
| shell> curl -X GET https://registry.hoya.com/v2/ubuntu/tags/list {"name":"ubuntu","tags":["18.04"]} |
5. GC(Garbage Collection) 실행 : Garbage 이미지 삭제
- Usage : docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml
| shell> docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml ubuntu ubuntu: marking manifest sha256:e5dd9dbb37df5b731a6688fa49f4003359f6f126958c9c928f937bec69836320 ubuntu: marking blob sha256:4e5021d210f65ebe915670c7089120120bc0a303b90208592851708c1b8c04bd ubuntu: marking blob sha256:5bed26d33875e6da1d9ff9a1054c5fef3bbeb22ee979e14b72acf72528de007b ubuntu: marking blob sha256:f11b29a9c7306674a9479158c1b4259938af11b97359d9ac02030cc1095e9ed1 ubuntu: marking blob sha256:930bda195c84cf132344bf38edcad255317382f910503fef234a9ce3bff0f4dd ubuntu: marking blob sha256:78bf9a5ad49e4ae42a83f4995ade4efc096f78fd38299cf05bc041e8cdda2a36 6 blobs marked, 7 blobs and 0 manifests eligible for deletion blob eligible for deletion: sha256:213e05583a7cb8756a3f998e6dd65204ddb6b4c128e2175dcdf174cdf1877459 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/21/213e05583a7cb8756a3f998e6dd65204ddb6b4c128e2175dcdf174cdf1877459 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:43a98c1873995475a895f3d79f405232ef5230076b3f610c949c2e8341743af7 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/43/43a98c1873995475a895f3d79f405232ef5230076b3f610c949c2e8341743af7 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:6b1bb01b3a3b72463ae8ac5666d57b28f1a21d5256271910ac8df841aa04ecd1 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/6b/6b1bb01b3a3b72463ae8ac5666d57b28f1a21d5256271910ac8df841aa04ecd1 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:c2ca09a1934b951505ecc4d6b2e4ab7f9bf27bcdfb8999d0181deca74daf7683 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/c2/c2ca09a1934b951505ecc4d6b2e4ab7f9bf27bcdfb8999d0181deca74daf7683 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:d6c3619d2153ffdefa4a9c19f15c5d566ce271b397a84537baa9ee45b24178f2 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/d6/d6c3619d2153ffdefa4a9c19f15c5d566ce271b397a84537baa9ee45b24178f2 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:fe1cc5b9183012672af35205799ac5b6a70bc68762011fe82257d5dabf5ba966 INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/fe/fe1cc5b9183012672af35205799ac5b6a70bc68762011fe82257d5dabf5ba966 go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry blob eligible for deletion: sha256:0efe07335a049e6afcd757db2d17ba37a12b717eb807acb03ddf3cd756b9fc2a INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/0e/0efe07335a049e6afcd757db2d17ba37a12b717eb807acb03ddf3cd756b9fc2a go.version=go1.11.2 instance.id=06369c7e-e842-4488-b6ff-971c3b451172 service=registry shell> |
6. 레지스트리 서버 재시작
| shell> docker stop registry shell> docker start registry |
방법 2 : Registry 파일시스템내에서 파일 삭제
예시) ubuntu 레파지토리에서 17.04 Tag를 가진 이미지 삭제
|
shell> curl -X GET https://registry.hoya.com/v2/_catalog shell> curl -X GET https://registry.hoya.com/v2/ubuntu/tags/list shell> curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://registry.hoya.com/v2/ubuntu/manifests/17.04 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}' shell> docker exec -it registry sh => registry container에 shell로 접속 shell> docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml shell> docker stop registry |
리포지토리 삭제
예시) ubuntu 리파지토리 삭제
|
shell> curl -X GET https://registry.hoya.com/v2/_catalog shell> docker exec -it registry sh => registry container에 shell로 접속 shell> docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml shell> docker stop registry |
- TroubleShooting
증상 ) curl 명령어를 이용하여 삭제시 아래(붉은 글씨) 와 오류가 발생할 경우
| > DELETE /v2/ubuntu/manifests/sha256:e5dd9dbb37df5b731a6688fa49f4003359f6f126958............... > User-Agent: curl/7.29.0 > Host: registry.hoya.com > Accept: application/vnd.docker.distribution.manifest.v2+json > < HTTP/1.1 405 Method Not Allowed < Content-Type: application/json; charset=utf-8 < Docker-Distribution-Api-Version: registry/2.0 < X-Content-Type-Options: nosniff < Date: Thu, 02 Apr 2020 03:24:55 GMT < Content-Length: 78 < {"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]} * Connection #0 to host registry.hoya.com left intact |
원인)
registry 시작시 환경변수 -e REGISTRY_STORAGE_DELETE_ENABLED=true 를 지정하지 않았을 경우 DELETE 메소드가 허용되지 않는다.
조치)
Registry 시작시 "-e REGISTRY_STORAGE_DELETE_ENABLED=true" 환경변수를 추가해서 서비스를 시작한다.
- TroubleShooting
증상) curl 명령어 실행시 아래와 같은 오류 발생
- 데비안, 우분투
| shell> curl -X GET https://registry.hoya.com/v2/_catalog curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. shell> |
- CentOS
| shell> curl -X GET https://registry.hoya.com/v2/_catalog curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. shell> |
원인)
registry 컨터이너가 사설 인증서를 사용해서 서비스를 할경우 curl 에서 인증서 오류 발생
조치)
1. 데비안, 우분투
/usr/local/share/ca-certificates 디렉토리에 사설 rootca 인증서를 등록후 update-ca-certificates 명령어 실행
| shell> cp rootca.crt /usr/local/share/ca-certificates shell> update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. shell> |
2. CentOS
/etc/pki/ca-trust/source/anchors/ 디렉토리에 사설 rootca 인증서를 등록후 update-ca-trust명령어 실행
| shell> cp rootca.crt /etc/pki/ca-trust/source/anchors/ shell> update-ca-trust |
3. curl 명령어에 -k 또는 --inscure 옵션 사용
| shell> curl -k https://www.domain.com OR shell> curl --insecure https://www.domain.com |
'가상화 > Kubernetes' 카테고리의 다른 글
| [Docker] docker-compose 활용 (0) | 2020.04.04 |
|---|---|
| [Docker] Priviate registry 구성 #3 - 인증 구성 (0) | 2020.04.03 |
| [kubernetes] NFS 구성 (0) | 2020.04.01 |
| [Docker] Priviate registry 구성 #2 - TLS 구성 (0) | 2020.03.31 |
| [Docker] Priviate registry 구성 #1 - 설치 (0) | 2020.03.31 |
