Kubernetes / OpenShift Container Platform (OCP) などの Container Orchestrator や docker / podman などの Container 実行環境などでは、Container Image を保管・共有する Image Registry (以降 Registry) が必要です。
Docher Hub や各 Cloud Provider が提供する Registry などがありますが、個別に Registry を構築する必要がある場合、無料で簡易に実装できる候補の1つとして CNCF (Cloud Native Computing Foundation) Distribution Registry (旧 Docker Registry) が挙げられます。OCP の Restricted Network (Air Gapped Network) 環境でも使用可能です。
ここでは、簡単に CNCF Distribution Registry の構築・使用方法をご紹介します。
Configuration / Deployment
以下を参考に Registry の構成を行います。
YAML による構成定義の作成が基本で、上記中の List of configuration options の他に以下の Sample が提供されています。
また、上記 YAML 各 Parameter の Path に相当する環境変数で定義する事も可能です。例えば、 List of configuration options 中の .storage.delete.enabled を設定する環境変数は、以下のようになります。
# Path of .storage.delete.enabled
$ yq -o json List_of_configuration_options.yaml | jq -cr 'paths' | grep -Ei 'delete.*enabled'
["storage","delete","enabled"]
# Target Environment Variable Name
$ yq -o json List_of_configuration_options.yaml | jq -r 'paths as $P | "REGISTRY_" + ($P | map(tostring | ascii_upcase) | @tsv | gsub("\t"; "_"))' | grep -Ei 'delete.*enabled'
REGISTRY_STORAGE_DELETE_ENABLED
# Sample Configuration
REGISTRY_STORAGE_DELETE_ENABLED=true
YAML と環境変数はどちらか一方でも併用でも可能で、環境変数が優先されます。
今回は、以下のような Bash Script を使用してみます。
予め、htpasswd で認証情報を作成して /opt/registry/auth/htpasswd として配置し、openssl で証明書を作成して /opt/registry/certs/{domain.crt,domain.key} として配置しておきます。
#!/bin/bash -x
# start.sh
IMAGE="docker.io/library/registry:3"
SERVER_PORT="9999"
podman run --name distribution-registry \
-p $SERVER_PORT:5000 \
-v /opt/registry/data:/var/lib/registry:z \
-v /opt/registry/auth:/auth:z \
-v /opt/registry/certs:/certs:z \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM=basic-realm \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_STORAGE_DELETE_ENABLED=true \
-d $IMAGE
Start / Stop
start.sh で起動してみます。
$ ./start.sh
+ IMAGE=docker.io/library/registry:3
+ SERVER_PORT=9999
+ podman run --name distribution-registry -p 9999:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -v /opt/registry/certs:/certs:z -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_REALM=basic-realm -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -e REGISTRY_STORAGE_DELETE_ENABLED=true -d docker.io/library/registry:3
4aabf7e90142dfe9b5ef498a0ad8933010672fbb3317d3df422280f81a990036
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4aabf7e90142 docker.io/library/registry:3 /etc/distribution... 5 seconds ago Up 5 seconds 0.0.0.0:9999->5000/tcp, 5000/tcp distribution-registry
今回は簡易な実装としたため、停止は podman stop / rm で行います。
$ podman stop distribution-registry
distribution-registry
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4aabf7e90142 docker.io/library/registry:3 /etc/distribution... About a minute ago Exited (2) 5 seconds ago 0.0.0.0:9999->5000/tcp, 5000/tcp distribution-registry
$ podman rm distribution-registry
distribution-registry
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Access Check
Registry API Version
以下のように docker-distribution-api-version: registry/2.0 が表示されれば、Registry HTTP API V2 対応であることが分かります。
$ curl -skIL https://registry.local:9999/v2
HTTP/2 301
content-type: text/html; charset=utf-8
docker-distribution-api-version: registry/2.0
location: /v2/
date: Tue, 07 Oct 2025 03:57:40 GMT
HTTP/2 401
content-type: application/json
docker-distribution-api-version: registry/2.0
www-authenticate: Basic realm="basic-realm"
content-length: 87
date: Tue, 07 Oct 2025 03:57:40 GMT
Repository List
認証登録した User/Password を使用して参照する事ができます。ここでは、何も登録 (Push) していないため [] と表示されています。
$ curl -u user:user -skL https://registry.local:9999/v2/_catalog | jq -r .
{
"repositories": []
}
Listening Port
-p 9999:5000 で指定した Listening Port を確認してみます。
Server Side
# Port 9999
$ lsof -nP -iTCP:9999 -sTCP:LISTEN
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
conmon 1096125 root 5u IPv4 770411588 0t0 TCP *:9999 (LISTEN)
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8add8794a2d9 docker.io/library/registry:3 /etc/distribution... 23 minutes ago Up 23 minutes 0.0.0.0:9999->5000/tcp, 5000/tcp distribution-registry
$ podman inspect 8add8794a2d9 | jq -r '.[].State.ConmonPid'
1096125
$ pstree -Aalcp 1096125
conmon,1096125 --api-version 1 -c 8add8794a2d9fd966686103576e34e2f0e06d ~省略~
`-registry,1096127 serve /etc/distribution/config.yml
|-{registry},1096129
|-{registry},1096130
|-{registry},1096131
|-{registry},1096132
|-{registry},1096133
`-{registry},1096134
Container side
# Port 5000
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8add8794a2d9 docker.io/library/registry:3 /etc/distribution... About an hour ago Up About an hour 0.0.0.0:9999->5000/tcp, 5000/tcp distribution-registry
$ podman exec -it distribution-registry sh -c "ps -ef; netstat -tulnp | grep '1/registry'"
PID USER TIME COMMAND
1 root 0:00 registry serve /etc/distribution/config.yml
224 root 0:00 sh -c ps -ef; netstat -tulnp | grep '1/registry'
225 root 0:00 ps -ef
tcp 0 0 :::5001 :::* LISTEN 1/registry
tcp 0 0 :::5000 :::* LISTEN 1/registry
Login
podman や skopeo で Registry に Login します。初期設定で使用している場合は両者で Credential を共用しているため、いずれかで Login するだけで利用可能です。
$ podman login -u user -p user registry.local:9999
Login Succeeded!
$ skopeo login --get-login registry.local:9999
user
$ skopeo logout registry.local:9999
Removed login credentials for registry.local:9999
$ podman login --get-login registry.local:9999
Error: not logged into registry.local:9999
なお、以下に類似の状況で Login できない場合、主な原因は2つです。
$ podman login -u user -p user localhost:9999
Error: authenticating creds for "localhost:9999": pinging container registry localhost:9999: Get "https://localhost:9999/v2/": tls: failed to verify certificate: x509: certificate is valid for registry.local, not localhost
- Registry 証明書の
Subject Alternative Name (SAN)と、指定した URL が合致していない。この場合、以下の要領で証明書の SAN を確認する事ができます。
$ SERVER="registry.local:9999"
$ openssl s_client -connect $SERVER -showcerts </dev/null 2>/dev/null | openssl x509 -noout -text | grep -A1 "Subject Alternative Name"
X509v3 Subject Alternative Name:
DNS:registry.local
- Registry 証明書を Truststore に登録していない。この場合、以下の要領で登録します。
Push
podman
docker.io/library/postgres:18 を Registry に Push してみます。
# Pull
$ podman pull docker.io/library/postgres:18
Trying to pull docker.io/library/postgres:18...
Getting image source signatures
Copying blob 203b16f56a7d done |
Copying blob 8c7716127147 done |
Copying blob edd90ab5059f done |
Copying blob 1014e14b3351 done |
Copying blob f0d70120d9e2 done |
Copying blob dd6d7b9d8ba8 done |
Copying blob 751039babae5 done |
Copying blob f5af7533693a done |
Copying blob 9a68d6020eab done |
Copying blob f69a7c424b50 done |
Copying blob eed0ac863490 done |
Copying blob 2433c366ca00 done |
Copying blob a585c5f82f15 done |
Copying blob af60ce4418c9 done |
Copying config 194f5f2a90 done |
Writing manifest to image destination
194f5f2a900a5775ecff2129be107adc7c1ce98b89ac00ca0bed141310b7e6cd
# Tag
$ podman tag docker.io/library/postgres:18 registry.local:9999/test/postgres:18_from_dockerio
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.local:9999/test/postgres 18_from_dockerio 194f5f2a900a 12 days ago 463 MB
docker.io/library/postgres 18 194f5f2a900a 12 days ago 463 MB
# Push
$ podman push registry.local:9999/test/postgres:18_from_dockerio
Getting image source signatures
Copying blob dad63314a339 done |
Copying blob a9b74bbbba24 done |
Copying blob 60587f31ccd4 done |
Copying blob 1d46119d249f done |
Copying blob af76e12aa831 done |
Copying blob 01e8a18dc9b2 done |
Copying blob 04d52f0a5b32 done |
Copying blob ca7f2e5210d6 done |
Copying blob aae2dbb17823 done |
Copying blob c9655bf591ee done |
Copying blob 62f0a60f9afc done |
Copying blob 30d59a0e59ba done |
Copying blob e4a2b82444b1 done |
Copying blob 88763bd2f916 done |
Copying config 194f5f2a90 done |
Writing manifest to image destination
skopeo copy
skopeo copy で docker.io/library/alpine:3.22 を Registry の Postgres と同じ Repository に Push してみます。
$ skopeo copy docker://docker.io/library/alpine:3.22 docker://registry.local:9999/test/postgres:alpine_3.22_from_dockerio
Getting image source signatures
Copying blob 9824c27679d3 done |
Copying config 9234e8fb04 done |
Writing manifest to image destination
podman / skopeo 実行後の Registry は以下のようになります。
$ curl -u user:user -skL https://registry.local:9999/v2/_catalog | jq -r .
{
"repositories": [
"test/postgres"
]
}
$ curl -u user:user -sk https://registry.local:9999/v2/test/postgres/tags/list | jq -r .
{
"name": "test/postgres",
"tags": [
"18_from_dockerio",
"alpine_3.22_from_dockerio"
]
}
Pull
skopeo copy で Pull した Image を Pull してみます。
$ podman image ls | grep alpine_3.22
$ podman pull registry.local:9999/test/postgres:alpine_3.22_from_dockerio
Trying to pull registry.local:9999/test/postgres:alpine_3.22_from_dockerio...
Getting image source signatures
Copying blob 9824c27679d3 done |
Copying config 9234e8fb04 done |
Writing manifest to image destination
9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
$ podman image ls 9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.local:9999/test/postgres alpine_3.22_from_dockerio 9234e8fb04c4 2 months ago 8.6 MB
Delete Tags
Registry から特定の Tag を削除してみます。この機能は以下の設定によって使用可能になっています。
REGISTRY_STORAGE_DELETE_ENABLED=true
skopeo delete
skopeo delete で削除した後、Garbage Collection を実行します。
# Check Repository
$ curl -u user:user -skL https://registry.local:9999/v2/_catalog | jq -r .
{
"repositories": [
"test/postgres"
]
}
# Check Tag List
$ skopeo list-tags docker://registry.local:9999/test/postgres
{
"Repository": "registry.local:9999/test/postgres",
"Tags": [
"18_from_dockerio",
"alpine_3.22_from_dockerio"
]
}
# Check with skopeo
$ skopeo inspect docker://registry.local:9999/test/postgres:alpine_3.22_from_dockerio | jq -r '.Name'
registry.local:9999/test/postgres
# Delete Tag
$ skopeo --debug delete docker://registry.local:9999/test/postgres:alpine_3.22_from_dockerio
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/001-rhel-shortnames.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/002-rhel-shortnames-overrides.conf"
DEBU[0000] Found credentials for registry.local:9999/test/postgres in credential helper containers-auth.json in file /run/user/0/containers/auth.json
DEBU[0000] No signature storage configuration found for registry.local:9999/test/postgres:alpine_3.22_from_dockerio, using built-in default file:///var/lib/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry.local:9999
DEBU[0000] GET https://registry.local:9999/v2/
DEBU[0000] Ping https://registry.local:9999/v2/ status 401
DEBU[0000] GET https://registry.local:9999/v2/test/postgres/manifests/alpine_3.22_from_dockerio
DEBU[0000] DELETE https://registry.local:9999/v2/test/postgres/manifests/sha256:eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f
DEBU[0000] Deleting /var/lib/containers/sigstore/test/postgres@sha256=eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f/signature-1
# Check Tag List again
$ skopeo list-tags docker://registry.local:9999/test/postgres
{
"Repository": "registry.local:9999/test/postgres",
"Tags": [
"18_from_dockerio"
]
}
# Check blob status with Garbage Collection dry-run
$ podman exec -it distribution-registry bin/registry garbage-collect -d /etc/distribution/config.yml
DEBU[0000] using "text" logging formatter
test/postgres
test/postgres: marking manifest sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
~中略~
go.version=go1.23.7 instance.id=3a9e81c0-8c42-452b-8d57-e392e013efce service=registry
16 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
blob eligible for deletion: sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8
blob eligible for deletion: sha256:eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f
test/postgres: layer link eligible for deletion: sha256:9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
test/postgres: layer link eligible for deletion: sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8
# Execute Gargage Collection
$ podman exec -it distribution-registry bin/registry garbage-collect -m /etc/distribution/config.yml
DEBU[0000] using "text" logging formatter
test/postgres
test/postgres: marking manifest sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
~中略~
go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
16 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/92/9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516 environment=development go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
blob eligible for deletion: sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/98/9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8 environment=development go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
blob eligible for deletion: sha256:eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ea/eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f environment=development go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
test/postgres: layer link eligible for deletion: sha256:9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/9234e8fb04c47cfe0f49931e4ac7eb76fa904e33b7f8576aec0501c085f02516/link environment=development go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
test/postgres: layer link eligible for deletion: sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8/link environment=development go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
curl
Media Type (Content Type)
curl の場合、Container Image Manifest の Media Type を Content Type として指定する必要があります。下記 Link 先のDocker(前者)では4種類、Open Container Initiative (OCI)(後者)では Docker のものと合わせて5種類が提示されている点に注意が必要です。
How to check Media Type
skopeo または curl で確認する方法をご紹介します。
# How to check with skopeo
$ skopeo inspect --raw docker://registry.local:9999/test/postgres:18_from_dockerio | jq -r '.mediaType'
application/vnd.oci.image.manifest.v1+json
# How to check with curl #1 : Accept */*
# エラーの場合は次の方法で確認
$ curl -u user:user -sk -H "Accept: */*" https://registry.local:9999/v2/test/postgres/manifests/18_from_dockerio | jq -r .
{
"errors": [
{
"code": "MANIFEST_UNKNOWN",
"message": "OCI manifest found, but accept header does not support OCI manifests"
}
]
}
# How to check with curl #2-1 : Accept で可能性のある Media Type を全て指定した Manifest で確認
$ curl -u user:user -skL -H \
"Accept: application/vnd.oci.image.manifest.v1+json, \
application/vnd.docker.distribution.manifest.v2+json, \
application/vnd.docker.distribution.manifest.list.v2+json, \
application/vnd.oci.image.index.v1+json, \
application/vnd.oci.image.config.v1+json" \
https://registry.local:9999/v2/test/postgres/manifests/18_from_dockerio | jq -r '.mediaType'
application/vnd.oci.image.manifest.v1+json
# How to check with curl #2-2 : Accept で可能性のある Media Type を全て指定した HTTP Header で確認
$ curl -u user:user -skLI -H \
"Accept: application/vnd.oci.image.manifest.v1+json, \
application/vnd.docker.distribution.manifest.v2+json, \
application/vnd.docker.distribution.manifest.list.v2+json, \
application/vnd.oci.image.index.v1+json, \
application/vnd.oci.image.config.v1+json" \
https://registry.local:9999/v2/test/postgres/manifests/18_from_dockerio
HTTP/2 200
content-type: application/vnd.oci.image.manifest.v1+json
docker-content-digest: sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
docker-distribution-api-version: registry/2.0
etag: "sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702"
content-length: 3055
date: Wed, 08 Oct 2025 02:24:21 GMT
curl
skopeo が使用できない場合等を想定した実行例をご紹介します。
# Check Repository
$ curl -u user:user -skL https://registry.local:9999/v2/_catalog | jq -r .
{
"repositories": [
"test/postgres"
]
}
# Check Tag List
$ curl -u user:user -sk https://registry.local:9999/v2/test/postgres/tags/list | jq -r .
{
"name": "test/postgres",
"tags": [
"18_from_dockerio"
]
}
# Check Meida Type
# Option : 方法によって Content Digest の確認と同時に実施可能
$ curl -u user:user -skL -H \
"Accept: application/vnd.oci.image.manifest.v1+json, \
application/vnd.docker.distribution.manifest.v2+json, \
application/vnd.docker.distribution.manifest.list.v2+json, \
application/vnd.oci.image.index.v1+json, \
application/vnd.oci.image.config.v1+json" \
https://registry.local:9999/v2/test/postgres/manifests/18_from_dockerio | jq -r '.mediaType'
application/vnd.oci.image.manifest.v1+json
# Check Content Digest
$ curl -u user:user -skLI -H "Accept: application/vnd.oci.image.manifest.v1+json" https://registry.local:9999/v2/test/postgres/manifests/18_from_dockerio
HTTP/2 200
content-type: application/vnd.oci.image.manifest.v1+json
docker-content-digest: sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
docker-distribution-api-version: registry/2.0
etag: "sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702"
content-length: 3055
date: Wed, 08 Oct 2025 02:40:01 GMT
# Delete Tag
$ curl -u user:user -vk -X DELETE https://registry.local:9999/v2/test/postgres/manifests/sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
~中略~
> DELETE /v2/test/postgres/manifests/sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702 HTTP/2
> Host: registry.local:9999
~中略~
< HTTP/2 202
< docker-distribution-api-version: registry/2.0
< content-length: 0
< date: Wed, 08 Oct 2025 02:42:30 GMT
<
* Connection #0 to host registry.local left intact
# Check Tag List again
$ curl -u user:user -sk https://registry.local:9999/v2/test/postgres/tags/list | jq -r .
{
"name": "test/postgres",
"tags": []
}
# Execute Gargage Collection
$ podman exec -it distribution-registry bin/registry garbage-collect -m /etc/distribution/config.yml
DEBU[0000] using "text" logging formatter
test/postgres
test/postgres: marking manifest sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
~中略~
go.version=go1.23.7 instance.id=0670e9dd-4c9c-4f77-bde2-221e050b7cb8 service=registry
0 blobs marked, 16 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:2562fff2ef3c56d4d1eecf14505cb6eb103dcdd2ea152d811e291cf3ea69154b
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/25/2562fff2ef3c56d4d1eecf14505cb6eb103dcdd2ea152d811e291cf3ea69154b environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:6515891581f1a25abd87747e2daf0137254e2dc22eafa50b06618e5d788c40e7
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/65/6515891581f1a25abd87747e2daf0137254e2dc22eafa50b06618e5d788c40e7 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:782e95fdb2ac862ee216f740fa1a44254dae29833cc09548a9ec07bd23a96da8
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/78/782e95fdb2ac862ee216f740fa1a44254dae29833cc09548a9ec07bd23a96da8 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:d623c59952a1597bcd519a9168a6c51743c1d9fe0a64a3d4f0ad5af0468a0622
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/d6/d623c59952a1597bcd519a9168a6c51743c1d9fe0a64a3d4f0ad5af0468a0622 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:02f22cdbc46ac5cf9b5228b532258419bd4aaae625db0e363c52ac958a1f8d17
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/02/02f22cdbc46ac5cf9b5228b532258419bd4aaae625db0e363c52ac958a1f8d17 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:295f7626628778ec46a3cb8bf5e21bccf84e56a9c70d42458cb4cd0624a01d4f
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/29/295f7626628778ec46a3cb8bf5e21bccf84e56a9c70d42458cb4cd0624a01d4f environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/5b/5b3318cac5eeafc6df523cad0d9656a4cfb5d734d6de709344000562ca537702 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:e0749df5d9a5a77a65efde4ad0814521b7b444b9d94db31de5f703e95b62d52c
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/e0/e0749df5d9a5a77a65efde4ad0814521b7b444b9d94db31de5f703e95b62d52c environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:01df8e6fd8a92caaa8ab2586f9b27bd0c189548a5e1d1875d9e81b7c8532cce6
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/01/01df8e6fd8a92caaa8ab2586f9b27bd0c189548a5e1d1875d9e81b7c8532cce6 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:49a9a34fdae5ebbd5941d9764ed83bd89a297aa1baa25de3d2ef9186e136f6c2
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/49/49a9a34fdae5ebbd5941d9764ed83bd89a297aa1baa25de3d2ef9186e136f6c2 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:7baf396ba5c83270437c322c6fd5002ea815f335edb8e5ccefa8a524f7b2b1cc
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/7b/7baf396ba5c83270437c322c6fd5002ea815f335edb8e5ccefa8a524f7b2b1cc environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:82130ec74c5ce979108632c87b214296e37fbf8d2f7e0b2eceb8e8013bdc589b
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/82/82130ec74c5ce979108632c87b214296e37fbf8d2f7e0b2eceb8e8013bdc589b environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:b239802fd1aeed86abb973df72fd88c4d2852070ef75d6a8cc081bbe8fd6cf56
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/b2/b239802fd1aeed86abb973df72fd88c4d2852070ef75d6a8cc081bbe8fd6cf56 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:eef08a8ab4df9d20cdccd7815cf3821793b1b13efec8b21d664ea4493ab6acb2
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/ee/eef08a8ab4df9d20cdccd7815cf3821793b1b13efec8b21d664ea4493ab6acb2 environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:194f5f2a900a5775ecff2129be107adc7c1ce98b89ac00ca0bed141310b7e6cd
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/19/194f5f2a900a5775ecff2129be107adc7c1ce98b89ac00ca0bed141310b7e6cd environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
blob eligible for deletion: sha256:7393a67c1a27ef539f21d98f66dd2144229b759d2de149379596608fa0782ccd
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/73/7393a67c1a27ef539f21d98f66dd2144229b759d2de149379596608fa0782ccd environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:01df8e6fd8a92caaa8ab2586f9b27bd0c189548a5e1d1875d9e81b7c8532cce6
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/01df8e6fd8a92caaa8ab2586f9b27bd0c189548a5e1d1875d9e81b7c8532cce6/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:02f22cdbc46ac5cf9b5228b532258419bd4aaae625db0e363c52ac958a1f8d17
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/02f22cdbc46ac5cf9b5228b532258419bd4aaae625db0e363c52ac958a1f8d17/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:194f5f2a900a5775ecff2129be107adc7c1ce98b89ac00ca0bed141310b7e6cd
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/194f5f2a900a5775ecff2129be107adc7c1ce98b89ac00ca0bed141310b7e6cd/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:2562fff2ef3c56d4d1eecf14505cb6eb103dcdd2ea152d811e291cf3ea69154b
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/2562fff2ef3c56d4d1eecf14505cb6eb103dcdd2ea152d811e291cf3ea69154b/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:295f7626628778ec46a3cb8bf5e21bccf84e56a9c70d42458cb4cd0624a01d4f
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/295f7626628778ec46a3cb8bf5e21bccf84e56a9c70d42458cb4cd0624a01d4f/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:49a9a34fdae5ebbd5941d9764ed83bd89a297aa1baa25de3d2ef9186e136f6c2
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/49a9a34fdae5ebbd5941d9764ed83bd89a297aa1baa25de3d2ef9186e136f6c2/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:6515891581f1a25abd87747e2daf0137254e2dc22eafa50b06618e5d788c40e7
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/6515891581f1a25abd87747e2daf0137254e2dc22eafa50b06618e5d788c40e7/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:7393a67c1a27ef539f21d98f66dd2144229b759d2de149379596608fa0782ccd
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/7393a67c1a27ef539f21d98f66dd2144229b759d2de149379596608fa0782ccd/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:782e95fdb2ac862ee216f740fa1a44254dae29833cc09548a9ec07bd23a96da8
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/782e95fdb2ac862ee216f740fa1a44254dae29833cc09548a9ec07bd23a96da8/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:7baf396ba5c83270437c322c6fd5002ea815f335edb8e5ccefa8a524f7b2b1cc
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/7baf396ba5c83270437c322c6fd5002ea815f335edb8e5ccefa8a524f7b2b1cc/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:82130ec74c5ce979108632c87b214296e37fbf8d2f7e0b2eceb8e8013bdc589b
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/82130ec74c5ce979108632c87b214296e37fbf8d2f7e0b2eceb8e8013bdc589b/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:b239802fd1aeed86abb973df72fd88c4d2852070ef75d6a8cc081bbe8fd6cf56
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/b239802fd1aeed86abb973df72fd88c4d2852070ef75d6a8cc081bbe8fd6cf56/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:d623c59952a1597bcd519a9168a6c51743c1d9fe0a64a3d4f0ad5af0468a0622
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/d623c59952a1597bcd519a9168a6c51743c1d9fe0a64a3d4f0ad5af0468a0622/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:e0749df5d9a5a77a65efde4ad0814521b7b444b9d94db31de5f703e95b62d52c
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/e0749df5d9a5a77a65efde4ad0814521b7b444b9d94db31de5f703e95b62d52c/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
test/postgres: layer link eligible for deletion: sha256:eef08a8ab4df9d20cdccd7815cf3821793b1b13efec8b21d664ea4493ab6acb2
INFO[0000] Deleting layer link path: /docker/registry/v2/repositories/test/postgres/_layers/sha256/eef08a8ab4df9d20cdccd7815cf3821793b1b13efec8b21d664ea4493ab6acb2/link environment=development go.version=go1.23.7 instance.id=1cc98109-590d-4d08-a1ad-3fa27971af87 service=registry
Delete Repositories
Registry HTTP API V2 には特定の Repository を削除する機能がありません。よって Registry の実装に依存する事になりますが、CNCF Distribution Registry には古くからその機能が存在しないようです。
Repository が保管されている Filesystem 上で該当 Directory を削除する必要があります。今回の例では以下の設定を使用しています。
-v /opt/registry/data:/var/lib/registry:z
正式手順として提供されていませんが、多くの事例で実績のある手順は以下のとおりです。なお、Registry Container を停止した状態で Server 側から実施 / 削除後の Container 再起動等の考慮事項の有無は状況によって異なる可能性があります。
# 念のため、全ての Tag を削除した状態で実施
$ curl -u user:user -skL https://myregistry.com:9999/v2/_catalog | jq -r .
{
"repositories": [
"test/postgres"
]
}
$ curl -u user:user -skL https://myregistry.com:9999/v2/test/postgres/tags/list | jq -r .
{
"name": "test/postgres",
"tags": []
}
# Container から該当 Directory を削除
$ podman exec -it distribution-registry sh -c 'ls -l /var/lib/registry/docker/registry/v2/repositories'
total 0
drwxr-xr-x 3 root root 22 Oct 9 03:00 test
$ podman exec -it distribution-registry sh -c 'rm -rf /var/lib/registry/docker/registry/v2/repositories/test'
$ podman exec -it distribution-registry sh -c 'ls -l /var/lib/registry/docker/registry/v2/repositories'
total 0
# Check Repository
$ curl -u user:user -skL https://myregistry.com:9999/v2/_catalog | jq -r .
{
"repositories": []
}