When dealing with docker container images in Google Cloud, Artifact Registry is used as a storage location for them.
However, as you store container images, more and more old images will remain, and you will eventually reach the capacity beyond the free quota.
This costs you more and more money.
However, Google cloud has 'cleanup policies' that automatically deletes old container images.
This article summarises how to use that cleanup policies to automatically remove old container images.
What is Artifact Registry?
Artifact Registry is a Google Cloud service that can complement and manage docker container images. You can operate and execute applications by linking the images stored here to CloudRun or CloudRun Jobs.
By integrating with services such as Cloud Build, it is also possible to automatically store container images and set up automatic deployment to services like Cloud Run.
There is also a similar service called Container Registry, but this one is deprecated and it is recommended to use Artifact Registry.
So, Artifact Registry is required when dealing with container images in Google Cloud.
Artifact Registry pricing
As for the pricing that you may be concerned about, the configurations are categorized into the following three types.
- Storage
- Data transfer
- Vulnerability scanning
Data transfer is free f charge within the same location.
Storage is what my be charged for here.
Up to 0.5GB of capacity is free, but beyond that it costs about $0.10 per month in 1GB increments.
In my case, I use three kind of container images, a image's capacity is 11MB. So, all of my container image's capacity is 30~50MB. It is not over 0.5GB within free.
In my case, I run about three container images, which are about 11MB each, so all together are about 30~50MB. I never exceed the free quota of 0.5MB.
However, if Artifact Registry is not specifically configured, the old container image will remain after each reflection of the latest container image.
As these unused images accumulate, they exceed 0.5GB by leeway.
So old container images need to be deleted, but I would like to be automatic.
It is the cleanup policies that can do this.
What's cleanup policies?
Cleanup policy is a function that automatically deletes container images, etc, stored in the Artifact Registry based on pre-defined content.
delete policy and conditional keep policy
The cleanup policy is designed to set two types.
- delete policy
- conditional keep policy
As the name suggests, these set the conditions for deleting and retaining images respectively.
It is important to note that if only a "condition keep policy" is set, nothing is deleted. Container images will not be performed unless a "delete policy" is set.
So, for example, "You want to saved latest two container image, delete others"
So, for example, if you want to "keep the two most recent container images and delete everything else", the setting must be set up as follows.
- delete policy: Remove images with or without tags.
- condition keep policy: Only the two most recent versions are retained.
I write after about especially methods.
Specific settings are described below.
Constraints
Cleanup policies have the following restrictions.
- Deletions and retentions triggered by the clean-up policy are performed once per day (it is not known at what point in time they are performed).
- Deletions triggered by delete policies are up to 30,000 per repository, per day
- Up to 10 clean-up policies per repository
It is important to note that the clean-up policy is only executed once a day.
It is also not clear at what time of the day it is executed, so depending on the timing, container images may not be removed.
If you have automated CloudBuild or Github Actions to reflect the main repository in the ArtifactRegistry every time it is updated, and you reflect it many times a day, in some cases the container image may remain undeleted.
The policy will be executed again the next day and the image will be deleted, but be aware that if the storage capacity is squeezed while it is not deleted, the billing amount may increase.
How to set up automatically deletion
Condition of automatically deletion
In this case, the container image is set to be automatically deleted with the following content.
- Only the two most recent container images are retained, all other images are deleted.
Therefore, set up a "delete policy" and "keep condition policy" with the following details.
- delete policy: remove images with or without tags.
- condition keep policy: only the two most recent versions are retained.
How to set up
Go to Google Cloud and navigate to the Artifact Registry page.
A list of repositories will appear, select the target repository.
Click on "EDIT REPOSITORY"
Scroll to below, select "Cleanup policies" and "Delete artifacts".
From here, set up "delete policy" and "keep condition".
Click on "ADD A CLEANUP POLICY".
First, set "delete policy".
Fill in "name" and select "Conditional delete".
Leave the "Tag state" as "Any tag state".
Finally, click on "DONE" in the bottom right-hand corner.
Second, "condition keep policy".
Click on "ADD A CLEANUP POLICY" again to create a new policy.
Fill in "name" and select "Keep most recent versions" as the policy types.
"Keep points" should be "2".
Finally, click on "DONE" in the bottom right-hand corner.
Finally, click on the "Update" button at the bottom and you are done.
The timing of when the policy is executed is random, but after some time only the two latest versions of the images in the repository will be available.
Summary.
"Cleanup policies" can now be set to automatically remove old container images.
If you use Artifact Registry, set this to avoid unnecessary charges.
Top comments (0)