使用 Azure CLI 刪除 Azure Container Registry 中的容器映射Delete container images in Azure Container Registry using the Azure CLI

若要維護 Azure Container Registry 的大小,您應該定期刪除過時的映像資料。To maintain the size of your Azure container registry, you should periodically delete stale image data. 雖然有些部署至生產環境的容器映像可能需要較長時間的儲存,但其他容器映像通常可以更快速地刪除。While some container images deployed into production may require longer-term storage, others can typically be deleted more quickly. 例如,在自動化建置和測試案例中,您的登錄可以快速地填入可能永遠不會部署的映像,並可在完成建置和測試行程後立刻清除。For example, in an automated build and test scenario, your registry can quickly fill with images that might never be deployed, and can be purged shortly after completing the build and test pass.

您可以用數種不同的方式刪除映像資料,因此務必了解每項刪除作業對於儲存體使用量有何影響。Because you can delete image data in several different ways, it's important to understand how each delete operation affects storage usage. 本文涵蓋數個刪除影像資料的方法:This article covers several methods for deleting image data:

  • 刪除存放庫:刪除存放庫內的所有映像和所有唯一層次。Delete a repository: Deletes all images and all unique layers within the repository.
  • 標記刪除:刪除映像、標記、映像參考的所有唯一層次,以及與映像相關聯的所有其他標記。Delete by tag: Deletes an image, the tag, all unique layers referenced by the image, and all other tags associated with the image.
  • 資訊清單摘要刪除:刪除映像、映像參考的所有唯一層次,以及與映像相關聯的所有標記。Delete by manifest digest: Deletes an image, all unique layers referenced by the image, and all tags associated with the image.

提供範例腳本以協助自動執行刪除作業。Sample scripts are provided to help automate delete operations.

如需這些概念的簡介, 請參閱關於登錄、存放庫和映射For an introduction to these concepts, see About registries, repositories, and images.

刪除存放庫Delete repository

刪除存放庫即可刪除存放庫中的所有映像,包括所有標籤、唯一層次及資訊清單。Deleting a repository deletes all of the images in the repository, including all tags, unique layers, and manifests. 當您刪除儲存機制時, 會復原參照該存放庫中唯一層之映射所使用的儲存空間。When you delete a repository, you recover the storage space used by the images that reference unique layers in that repository.

下列 Azure CLI 命令可刪除 "acr-helloworld" 存放庫以及該存放庫內的所有標記和資訊清單。The following Azure CLI command deletes the "acr-helloworld" repository and all tags and manifests within the repository. 如果登錄中的任何其他映射未參考已刪除之資訊清單所參考的圖層, 其層級資料也會一併刪除, 並復原儲存空間。If layers referenced by the deleted manifests are not referenced by any other images in the registry, their layer data is also deleted, recovering the storage space.

 az acr repository delete --name myregistry --repository acr-helloworld

依標記刪除Delete by tag

您可以在刪除作業中指定存放庫名稱和標記,以從存放庫中刪除個別映像。You can delete individual images from a repository by specifying the repository name and tag in the delete operation. 當您依標記刪除時,會復原映像中任何唯一層次 (並未由登錄中任何其他映像共用的層次) 所使用的儲存空間。When you delete by tag, you recover the storage space used by any unique layers in the image (layers not shared by any other images in the registry).

若要依標記刪除, 請使用az acr repository delete , 並在--image參數中指定映射名稱。To delete by tag, use az acr repository delete and specify the image name in the --image parameter. 映像獨有的所有層次,與該映像相關聯的任何其他標記都會遭到刪除。All layers unique to the image, and any other tags associated with the image are deleted.

例如,從 "myregistry" 登錄中刪除 "acr-helloworld:latest" 映像:For example, deleting the "acr-helloworld:latest" image from registry "myregistry":

$ az acr repository delete --name myregistry --image acr-helloworld:latest
This operation will delete the manifest 'sha256:0a2e01852872580b2c2fea9380ff8d7b637d3928783c55beb3f21a6e58d5d108' and all the following images: 'acr-helloworld:latest', 'acr-helloworld:v3'.
Are you sure you want to continue? (y/n): y

提示

「依標記」刪除不應該與刪除標記 (取消標記) 混淆。Deleting by tag shouldn't be confused with deleting a tag (untagging). 您可以使用 Azure CLI 命令az acr repository untag來刪除標記。You can delete a tag with the Azure CLI command az acr repository untag. 當您 untag 映射時, 不會釋放任何空間, 因為它的資訊清單和圖層資料會保留在登錄中。No space is freed when you untag an image because its manifest and layer data remain in the registry. 只有標記參考本身會被刪除。Only the tag reference itself is deleted.

依資訊清單摘要刪除Delete by manifest digest

資訊清單摘要可以與一個、零個或多個標記產生關聯。A manifest digest can be associated with one, none, or multiple tags. 當您依摘要刪除時,由資訊清單參考的所有標記都會遭到刪除,因為任何層次的層次資料對映像而言都是唯一的。When you delete by digest, all tags referenced by the manifest are deleted, as is layer data for any layers unique to the image. 共用的層次資料不會遭到刪除。Shared layer data is not deleted.

若要依摘要刪除,首先針對包含所要刪除映像的存放庫列出資訊清單摘要。To delete by digest, first list the manifest digests for the repository containing the images you wish to delete. 例如:For example:

$ az acr repository show-manifests --name myregistry --repository acr-helloworld
[
  {
    "digest": "sha256:0a2e01852872580b2c2fea9380ff8d7b637d3928783c55beb3f21a6e58d5d108",
    "tags": [
      "latest",
      "v3"
    ],
    "timestamp": "2018-07-12T15:52:00.2075864Z"
  },
  {
    "digest": "sha256:3168a21b98836dda7eb7a846b3d735286e09a32b0aa2401773da518e7eba3b57",
    "tags": [
      "v2"
    ],
    "timestamp": "2018-07-12T15:50:53.5372468Z"
  }
]

接下來, 在az acr repository delete命令中指定您想要刪除的摘要。Next, specify the digest you wish to delete in the az acr repository delete command. 此命令的格式為:The format of the command is:

az acr repository delete --name <acrName> --image <repositoryName>@<digest>

例如,若要刪除前面輸出中所列的最後一個資訊清單 (含標記 "v2"):For example, to delete the last manifest listed in the preceding output (with the tag "v2"):

$ az acr repository delete --name myregistry --image acr-helloworld@sha256:3168a21b98836dda7eb7a846b3d735286e09a32b0aa2401773da518e7eba3b57
This operation will delete the manifest 'sha256:3168a21b98836dda7eb7a846b3d735286e09a32b0aa2401773da518e7eba3b57' and all the following images: 'acr-helloworld:v2'.
Are you sure you want to continue? (y/n): y

acr-helloworld:v2映射會從登錄中刪除, 如同該映射獨有的任何圖層資料。The acr-helloworld:v2 image is deleted from the registry, as is any layer data unique to that image. 如果資訊清單與多個標記相關聯,也會一併刪除所有相關聯的標記。If a manifest is associated with multiple tags, all associated tags are also deleted.

依時間戳記刪除摘要Delete digests by timestamp

若要維護存放庫或登錄的大小, 您可能需要定期刪除早于特定日期的資訊清單摘要。To maintain the size of a repository or registry, you might need to periodically delete manifest digests older than a certain date.

下列 Azure CLI 命令會以遞增的順序, 列出存放庫中比指定時間戳記更早的所有資訊清單摘要。The following Azure CLI command lists all manifest digest in a repository older than a specified timestamp, in ascending order. 以適合您環境的值取代 <acrName><repositoryName>Replace <acrName> and <repositoryName> with values appropriate for your environment. 時間戳記可以是完整的日期時程表達式或日期, 如下列範例所示。The timestamp could be a full date-time expression or a date, as in this example.

az acr repository show-manifests --name <acrName> --repository <repositoryName> \
--orderby time_asc -o tsv --query "[?timestamp < '2019-04-05'].[digest, timestamp]"

識別過時的資訊清單摘要之後, 您可以執行下列 Bash 腳本, 以刪除比指定時間戳記更舊的資訊清單摘要。After identifying stale manifest digests, you can run the following Bash script to delete manifest digests older than a specified timestamp. 它需要 Azure CLI 和 xargsIt requires the Azure CLI and xargs. 根據預設,此指令碼不會執行任何刪除。By default, the script performs no deletion. ENABLE_DELETE 值變更為 true,以啟用映像刪除。Change the ENABLE_DELETE value to true to enable image deletion.

警告

請小心使用下列範例腳本--已刪除的映射資料無法復原。Use the following sample script with caution--deleted image data is UNRECOVERABLE. 如果您有依資訊清單摘要提取映射的系統 (相對於映射名稱), 則不應該執行這些腳本。If you have systems that pull images by manifest digest (as opposed to image name), you should not run these scripts. 刪除資訊清單摘要將會導致這些系統無法從您的登錄中提取映射。Deleting the manifest digests will prevent those systems from pulling the images from your registry. 請考慮採用唯一的標記配置, 這是建議的最佳作法, 而不是依資訊清單提取。Instead of pulling by manifest, consider adopting a unique tagging scheme, a recommended best practice.

#!/bin/bash

# WARNING! This script deletes data!
# Run only if you do not have systems
# that pull images via manifest digest.

# Change to 'true' to enable image delete
ENABLE_DELETE=false

# Modify for your environment
# TIMESTAMP can be a date-time string such as 2019-03-15T17:55:00.
REGISTRY=myregistry
REPOSITORY=myrepository
TIMESTAMP=2019-04-05  

# Delete all images older than specified timestamp.

if [ "$ENABLE_DELETE" = true ]
then
    az acr repository show-manifests --name $REGISTRY --repository $REPOSITORY \
    --orderby time_asc --query "[?timestamp < '$TIMESTAMP'].digest" -o tsv \
    | xargs -I% az acr repository delete --name $REGISTRY --image $REPOSITORY@% --yes
else
    echo "No data deleted."
    echo "Set ENABLE_DELETE=true to enable deletion of these images in $REPOSITORY:"
    az acr repository show-manifests --name $REGISTRY --repository $REPOSITORY \
   --orderby time_asc --query "[?timestamp < '$TIMESTAMP'].[digest, timestamp]" -o tsv
fi

刪除已取消標記的映像Delete untagged images

資訊清單摘要一節所述,使用現有標記推送已修改的映像會取消標記先前推送的映像,因而產生孤立 (或「懸盪」) 的映像。As mentioned in the Manifest digest section, pushing a modified image using an existing tag untags the previously pushed image, resulting in an orphaned (or "dangling") image. 先前推送映像的資訊清單以及其層次資料都會保留在登錄中。The previously pushed image's manifest--and its layer data--remains in the registry. 考量以下事件順序:Consider the following sequence of events:

  1. 推送具有 latest 標記的映像 acr-helloworlddocker push myregistry.azurecr.io/acr-helloworld:latestPush image acr-helloworld with tag latest: docker push myregistry.azurecr.io/acr-helloworld:latest

  2. 檢查 acr-helloworld 存放庫的資訊清單:Check manifests for repository acr-helloworld:

    $ az acr repository show-manifests --name myregistry --repository acr-helloworld
    [
      {
        "digest": "sha256:d2bdc0c22d78cde155f53b4092111d7e13fe28ebf87a945f94b19c248000ceec",
        "tags": [
          "latest"
        ],
        "timestamp": "2018-07-11T21:32:21.1400513Z"
      }
    ]
    
  3. 修改 acr-helloworld DockerfileModify acr-helloworld Dockerfile

  4. 推送具有 latest 標記的映像 acr-helloworlddocker push myregistry.azurecr.io/acr-helloworld:latestPush image acr-helloworld with tag latest: docker push myregistry.azurecr.io/acr-helloworld:latest

  5. 檢查 acr-helloworld 存放庫的資訊清單:Check manifests for repository acr-helloworld:

    $ az acr repository show-manifests --name myregistry --repository acr-helloworld
    [
      {
        "digest": "sha256:7ca0e0ae50c95155dbb0e380f37d7471e98d2232ed9e31eece9f9fb9078f2728",
        "tags": [
          "latest"
        ],
        "timestamp": "2018-07-11T21:38:35.9170967Z"
      },
      {
        "digest": "sha256:d2bdc0c22d78cde155f53b4092111d7e13fe28ebf87a945f94b19c248000ceec",
        "tags": [],
        "timestamp": "2018-07-11T21:32:21.1400513Z"
      }
    ]
    

如您在序列中最後一個步驟的輸出中所見, 現在有一個孤立的資訊清單, "tags"其屬性為空白清單。As you can see in the output of the last step in the sequence, there is now an orphaned manifest whose "tags" property is an empty list. 此資訊清單以及它所參考的任何唯一層次資料,仍存在於登錄中。This manifest still exists within the registry, along with any unique layer data that it references. 若要刪除這類孤立映像及其層次資料,您必須依資訊清單摘要刪除To delete such orphaned images and their layer data, you must delete by manifest digest.

刪除所有已取消標記的映像Delete all untagged images

您可以使用下列 Azure CLI 命令,列出存放庫中所有已取消標記的映像。You can list all untagged images in your repository using the following Azure CLI command. 以適合您環境的值取代 <acrName><repositoryName>Replace <acrName> and <repositoryName> with values appropriate for your environment.

az acr repository show-manifests --name <acrName> --repository <repositoryName> --query "[?tags[0]==null].digest"

在腳本中使用此命令, 您可以刪除存放庫中的所有未標記映射。Using this command in a script, you can delete all untagged images in a repository.

警告

請小心使用下列範例指令碼--無法復原已刪除的映像資料。Use the following sample scripts with caution--deleted image data is UNRECOVERABLE. 如果您有依資訊清單摘要提取映射的系統 (相對於映射名稱), 則不應該執行這些腳本。If you have systems that pull images by manifest digest (as opposed to image name), you should not run these scripts. 刪除已取消標記的映像,會導致這些系統無法從登錄中提取映像。Deleting untagged images will prevent those systems from pulling the images from your registry. 請考慮採用唯一的標記配置, 這是建議的最佳作法, 而不是依資訊清單提取。Instead of pulling by manifest, consider adopting a unique tagging scheme, a recommended best practice.

Bash 中的 Azure CLIAzure CLI in Bash

下列 Bash 指令碼會從存放庫中刪除所有已取消標記的映像。The following Bash script deletes all untagged images from a repository. 它需要 Azure CLI 和 xargsIt requires the Azure CLI and xargs. 根據預設,此指令碼不會執行任何刪除。By default, the script performs no deletion. ENABLE_DELETE 值變更為 true,以啟用映像刪除。Change the ENABLE_DELETE value to true to enable image deletion.

#!/bin/bash

# WARNING! This script deletes data!
# Run only if you do not have systems
# that pull images via manifest digest.

# Change to 'true' to enable image delete
ENABLE_DELETE=false

# Modify for your environment
REGISTRY=myregistry
REPOSITORY=myrepository

# Delete all untagged (orphaned) images
if [ "$ENABLE_DELETE" = true ]
then
    az acr repository show-manifests --name $REGISTRY --repository $REPOSITORY  --query "[?tags[0]==null].digest" -o tsv \
    | xargs -I% az acr repository delete --name $REGISTRY --image $REPOSITORY@% --yes
else
    echo "No data deleted."
    echo "Set ENABLE_DELETE=true to enable image deletion of these images in $REPOSITORY:"
    az acr repository show-manifests --name $REGISTRY --repository $REPOSITORY --query "[?tags[0]==null]" -o tsv
fi

PowerShell 中的 Azure CLIAzure CLI in PowerShell

下列 PowerShell 指令碼會從存放庫中刪除所有已取消標記的映像。The following PowerShell script deletes all untagged images from a repository. 它需要 PowerShell 和 Azure CLI。It requires PowerShell and the Azure CLI. 根據預設,此指令碼不會執行任何刪除。By default, the script performs no deletion. $enableDelete 值變更為 $TRUE,以啟用映像刪除。Change the $enableDelete value to $TRUE to enable image deletion.

# WARNING! This script deletes data!
# Run only if you do not have systems
# that pull images via manifest digest.

# Change to '$TRUE' to enable image delete
$enableDelete = $FALSE

# Modify for your environment
$registry = "myregistry"
$repository = "myrepository"

if ($enableDelete) {
    az acr repository show-manifests --name $registry --repository $repository --query "[?tags[0]==null].digest" -o tsv `
    | %{ az acr repository delete --name $registry --image $repository@$_ --yes }
} else {
    Write-Host "No data deleted."
    Write-Host "Set `$enableDelete = `$TRUE to enable image deletion."
    az acr repository show-manifests --name $registry --repository $repository --query "[?tags[0]==null]" -o tsv
}

自動清除標記和資訊清單 (預覽)Automatically purge tags and manifests (preview)

做為腳本 Azure CLI 命令的替代方案,請執行隨選或排程的 ACR 工作,以刪除比特定期間還舊的所有標記,或符合指定的名稱篩選器。As an alternative to scripting Azure CLI commands, run an on-demand or scheduled ACR task to delete all tags that are older than a certain duration or match a specified name filter. 如需詳細資訊,請參閱從 Azure container Registry 自動清除映射For more information, see Automatically purge images from an Azure container registry.

選擇性地為每個登錄設定保留原則,以管理未標記的資訊清單。Optionally set a retention policy for each registry, to manage untagged manifests. 當您啟用保留原則時,登錄中沒有任何相關聯的標記和基礎層資料的映射資訊清單,會在設定的期間之後自動刪除。When you enable a retention policy, image manifests in the registry that don't have any associated tags, and the underlying layer data, are automatically deleted after a set period.

後續步驟Next steps

如需 Azure Container Registry 中映像儲存體的詳細資訊,請參閱 Azure Container Registry 中的容器映像儲存體For more information about image storage in Azure Container Registry see Container image storage in Azure Container Registry.