Azure – ACR cleaning

Kubernetes - Azure ACR cleaning

As you may have noticed, when you add new versions of images to ACR (Azure Container Registry), its capacity is constantly increasing, this is because old versions of manifests are not removed automatically and their number is growing.

ACR usage
ACR (Azure Container Registry) - services
ACR (Azure Container Registry) - repository count
ACR (Azure Container Registry) - SKU

As I started with ACR, it was not possible to use the GUI to clean the Registry from “untagged manifests” and it had to be done manually. Now it is available but with a higher SKU, if someone doesn’t want to raise their ACR to a higher level and pay more, I will show you how to do it the old way.

We execute the command from the CLI after logging in to the tenant and the subscription in which our Container Registry is:

az login

Jeśli ktoś ma więcej subskrypcji może zobaczyć ich spis:

az account list --output table

I lepiej przełączyć się na odpowiednią:

az account set --subscription "subscription_name"

Określamy zmienne, wpisujemy nazwy naszego Azure Container Registry i czyszczonego repository:

REGISTRY= registry_name
REPOSITORY= repository_name

Now we can see all unassigned manifests for the tags in our “Repository” and in the next step remove them so they don’t take up unnecessary space:

az acr repository show-manifests --name $REGISTRY --repository $REPOSITORY  --query "[?tags[0]==null].digest" -o tsv | xargs -I% az acr repository delete --name $REGISTRY --image [email protected]% --yes

We must repeat the above commands for each repository in the registry, specifying the appropriate variable values.

Such cleaning has to be repeated from time to time depending on how often you save new images in ACR.

I have the entire process automated. There is a special user or actually “App registrations” who logs in, has ACR permissions to read “Reader” and remove “AcrDelete“, executes a script that removes unassigned manifests.

And it looks like this:

# logowanie do azure i czyszczenie 
- az login --service-principal --username $APP_ID --tenant $SP_TENANT_ID  --password $SP_PASS
- az account set --subscription  $_SUBSCRIPTION
- chmod +x clear_acr.sh
- ./clear_acr.sh

If anyone needs more information about ACR, as always, find it in Microsoft’s documentation at: https://docs.microsoft.com/en-us/azure/container-registry/

Leave a Reply

Your email address will not be published. Required fields are marked *