[pkg/oci] Delete image with digest #328
Conversation
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
somtochiama
force-pushed
the
delete-oci
branch
from
2bbb67a to
86e7bfe
Compare
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
|
Please either add a link to the issue this PR resolves or provide a little more context in the PR description. 🙏🏻 |
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
|
The registry server logs are very verbose and distracting. I'd like to discard them by doing import (
...
dcontext "github.com/distribution/distribution/v3/context"
"github.com/sirupsen/logrus"
...
)
...
// Discard the registry server logs.
config.Log.AccessLog.Disabled = true
logger := logrus.New()
logger.SetOutput(io.Discard)
dcontext.SetDefaultLogger(logrus.NewEntry(logger))before creating a new registry in Line 55 in 38b2cb2 |
oci/client/delete.go
Outdated
| // as it doesn't let you delete an image if a tag still references it. | ||
| // This doesn't work with ECR/GHCR since they don't support DELETE according | ||
| // to the docker API spec. | ||
| func (c *Client) Delete(ctx context.Context, url string, tag string) error { |
There was a problem hiding this comment.
Would it be better to replace redundant tag argument with a delete option which can have an attribute for deleting by using digest? I believe that'd be less confusing than passing the tag when it's already in the URL. The consumer of this (flux CLI) can conditionally set the delete option based on the host name, if it's ECR or GHCR.
There was a problem hiding this comment.
You are right about removing the tag argument but don't think we should add deleting by using digest as an option, since we always delete using the digest (GCP doesn't permit deletion if the image still has a tag, and deleting the tag only deletes the tag, not the image itself. Azure doesn't allow deletion using tags).
We could still add a delete option but right now I am not sure what should be in it.
@stefanprodan suggested putting this issue on hold while we figure out if we do want to add this feature given the limited support for Docker DELETE API in some registries and how best to go about it.
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Part of flux2#2882.
Follow up to #321
This pull request uses the image digest to delete the image instead of tags.
ECR/GHCR doesn't support using the docker Delete API (which is what crane uses) to delete images; therefore, it won't work for them.
Provider Specific Considerations
405 Unsupportederror. Deleting images is allowed using the Github API. For us to support this, it would require getting an authentication token from the user. For more info, see https://github.com/orgs/community/discussions/26267404 Not Found.GOOGLE_MANIFEST_DANGLING_TAG: Manifest is still referenced by one or more tagsCurrently, we delete the tag first, then delete the image. But if there are other tags still referencing the image, the delete will failNotes:
Deletion by tag means using a tag as reference in the URL ->
ghcr.io/podinfo:v0.0.1Deletion by image means using a digest as the reference in the URL
ghcr.io/podinfo@sha256:4ed5..... This deletes the layer in the container registryThis pull request is currently on hold while we decide if we still want to support deletion and how best to go about it.
Signed-off-by: Somtochi Onyekwere somtochionyekwere@gmail.com