Search code examples
google-container-registry

Weird SHA1-like tags on gcr images

We're noticing weird SHA1-like tags on our gcr images. The nature of these tags are that

  • they are the same size as SHA1, i.e. exactly 40 hexadecimal characters
  • we didn't create them
  • any image that is tagged by us does not have this weird SHA1-like tag

What are these tagged images and can they be deleted?

Solution

  • The "weird SHA1-like tags" in your Container Registry images is created automatically by Cloud Build. Check this related StackOverflow answer.

    As an example, here's an image that is created when I deployed an application on App Engine: enter image description here

    Upon navigating, here's the details: enter image description here

    Yes, there's an option removing or deleting unused image from the container registry.

    Just a note, the container images delete command deletes the specified image from the registry, and all associated tags are also deleted.

    For example, in order to list all untagged images in a project, first filter digests that lack tags using this command: gcloud container images list-tags [HOSTNAME]/[PROJECT-ID]/[IMAGE] --filter='-tags:*' --format="get(digest)" --limit=$BIG_NUMBER

    Another option is, gcloud container images list-tags [HOSTNAME]/[PROJECT-ID]/[IMAGE] --format=json --limit=unlimited, this will give you an easily consumable json blob of information for images in a repository (such as digests with associated tags).

    Then, you can iterate over and delete with this command: gcloud container images delete [HOSTNAME]/[PROJECT-ID]/[IMAGE]@DIGEST --quiet