Contact UsGet started

Creating a lifecycle policy

Written by
Updated at November 14, 2024

You can only set a lifecycle policy for a repository. To find out the name of a repository, request a list of repositories in the registry.

  1. In the management console, select the folder where the registry was created.
  2. In the list of services, select Container Registry.
  3. Select the registry and click the row with its name.
  4. Select the repository and click the row with its name.
  5. In the left-hand panel, click Lifecycle.
  6. In the top-right corner, click Create.
  7. Set the lifecycle policy parameters:
    • (Optional) Name.
    • (Optional) Description.
    • Status: Lifecycle policy status after its creation. We do not recommend creating an ACTIVE policy right away.
    • Under Lifecycle policy rules, add rules:

      1. Click Add.

      2. Set the rule parameters:

        • Tag regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
        • Untagged: Flag indicating that the rule applies to Docker images without tags.
        • Expire period, in days: Time after which the lifecycle policy may apply to the Docker image.
        • Retained top: Number of Docker images that are not deleted even if they match the rule.
        • (Optional) Description.
  8. Click Create.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

  1. Prepare policy rules and save them to a file named rules.json.

    Example of the contents of a file with rules, where:

    • description: Description of the policy rule.
    • tag_regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
    • untagged: Flag indicating that the rule applies to Docker images without tags.
    • expire_period: Time after which the lifecycle policy may apply to the Docker image. This parameter is formatted as a number and a unit of measure, such as s, m, h, or d (seconds, minutes, hours, or days). expire_period must be a multiple of 24 hours.
    • retained_top: Number of Docker images that are not deleted even if they match the rule.
    [
  {
    "description": "delete prod Docker images older than 60 days but retain 20 last ones",
    "tag_regexp": "prod",
    "expire_period": "60d",
    "retained_top": 20
  },
  {
    "description": "delete all test Docker images except 10 last ones",
    "tag_regexp": "test.*",
    "retained_top": 10
  },
  {
    "description": "delete all untagged Docker images older than 48 hours",
    "untagged": true,
    "expire_period": "48h"
  }
]

  2. Create a lifecycle policy by running the command:

    yc container repository lifecycle-policy create \
  --repository-name crp3cpm16edq********/ubuntu \
  --name test-policy \
  --description "disabled lifecycle-policy for tests" \
  --rules ./rules.json

    Where:

    • --repository-name: Repository name.

    • --rules: Path to the policy description file.

    • --description (optional): Lifecycle policy description.

    • --name (optional): Policy name. The naming requirements are as follows:

      • The name must be from 3 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter and the last character cannot be a hyphen.

    Note

    The default policy is created disabled (DISABLED status). We do not recommend creating an active policy (--active flag) right away.

    Result:

    id: crp6lg1868p3********
name: test-policy
repository_id: crp3cpm16edq********
...
- description: delete all untagged Docker images older than 48 hours
  expire_period: 172800s
  untagged: true

    The expired_period parameter value in the response is displayed in seconds. This is a technical constraint, the format will be changed.

  3. Make sure that the policy is created by running the command:

    yc container repository lifecycle-policy list --repository-name crp3cpm16edq********/ubuntu

    Where repository-name is the repository name.

    Result:

    +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
|          ID          |    NAME     |    REPOSITORY ID     |  STATUS  |       CREATED       |          DESCRIPTION          |
+----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
| crp6lg1868p3******** | test-policy | crp3cpm16edq******** | DISABLED | 2020-05-28 15:05:58 | disabled lifecycle-policy for |
|                      |             |                      |          |                     | tests                         |
+----------------------+-------------+----------------------+----------+---------------------+-------------------------------+

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. In the configuration file, describe the parameters of the resources you want to create:

    resource "yandex_container_repository_lifecycle_policy" "my_lifecycle_policy" {
  name          = "<policy_name>"
  status        = "<policy_status>"
  repository_id = "<repository_ID>"

  rule {
    description   = "<rule_description>"
    untagged      = true
    tag_regexp    = ".*"
    retained_top  = 1
    expire_period = "48h"
  }
}

    Where:

    • name: Policy name.
    • status: Policy status. It can either be true or false.
    • repository_id: Repository ID.
    • rule: Section with the policy rule. Contains the following parameters:
      • description: Rule description.
      • untagged: If the parameter is set to true, the rule applies to all Docker images that do not have a tag.
      • tag_regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
      • retained_top: Number of Docker images that will not be deleted even if they match the lifecycle policy rules.
      • expire_period: Time after which the lifecycle policy applies to the Docker image. This parameter comes as a number followed by a unit of measurement: s, m, h, or d (seconds, minutes, hours, or days). expire_period must be a multiple of 24 hours.

    For more information about the yandex_container_repository_lifecycle_policy resource parameters in Terraform, see the relevant provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

This will create a lifecycle policy in the specified repository. You can check the new policy and its settings using the management console or this CLI command:

 yc container repository lifecycle-policy list --registry-id <registry_ID>

To create a lifecycle policy, use the Create method for the LifecyclePolicyService resource.

Tip

You can test the lifecycle policy to check what Docker images comply with the policy rules. Docker images are not actually deleted during dry runs.

Previous
Getting information about existing lifecycle policies
Next
Updating a lifecycle policy