Creating a lifecycle policy
You can only set a lifecycle policy for a repository. To find out the name of a repository, request a list of repositories in the registry.
- In the management console
, select the folder where the registry was created. - In the list of services, select Container Registry.
- Select the registry and click the row with its name.
- Select the repository and click the row with its name.
- In the left-hand panel, click
Lifecycle. - In the top-right corner, click Create.
- Set the lifecycle policy parameters:
- (Optional) Name.
- (Optional) Description.
- Status: Lifecycle policy status after its creation. We do not recommend creating an
ACTIVE
policy right away. - Under Lifecycle policy rules, add rules:
-
Click Add.
-
Set the rule parameters:
- Tag regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the
test.*
regular expression retrieves all images with tags starting withtest
. - Untagged: Flag indicating that the rule applies to Docker images without tags.
- Expire period, in days: Time after which the lifecycle policy may apply to the Docker image.
- Retained top: Number of Docker images that are not deleted even if they match the rule.
- (Optional) Description.
- Tag regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the
-
- Click Create.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
-
Prepare policy rules and save them to a file named
rules.json
.Example of the contents of a file with rules, where:
description
: Description of the policy rule.tag_regexp
: Docker image tag for filtering. Java regular expressions are supported. For example, thetest.*
regular expression retrieves all images with tags starting withtest
.untagged
: Flag indicating that the rule applies to Docker images without tags.expire_period
: Time after which the lifecycle policy may apply to the Docker image. This parameter is formatted as a number and a unit of measure, such ass
,m
,h
, ord
(seconds, minutes, hours, or days).expire_period
must be a multiple of 24 hours.retained_top
: Number of Docker images that are not deleted even if they match the rule.
[ { "description": "delete prod Docker images older than 60 days but retain 20 last ones", "tag_regexp": "prod", "expire_period": "60d", "retained_top": 20 }, { "description": "delete all test Docker images except 10 last ones", "tag_regexp": "test.*", "retained_top": 10 }, { "description": "delete all untagged Docker images older than 48 hours", "untagged": true, "expire_period": "48h" } ]
-
Create a lifecycle policy by running the command:
yc container repository lifecycle-policy create \ --repository-name crp3cpm16edq********/ubuntu \ --name test-policy \ --description "disabled lifecycle-policy for tests" \ --rules ./rules.json
Where:
-
--repository-name
: Repository name. -
--rules
: Path to the file with the policy description. -
--description
: Description of the lifecycle policy (optional). -
--name
: Policy name (optional). The naming requirements are as follows:- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
Note
The default policy is created with the
DISABLED
status. We do not recommend creating an active policy with the--active
flag right away.Result:
id: crp6lg1868p3******** name: test-policy repository_id: crp3cpm16edq******** ... - description: delete all untagged Docker images older than 48 hours expire_period: 172800s untagged: true
The
expired_period
parameter value in the response is displayed in seconds. This is a technical constraint, the format will be changed. -
-
Make sure that the policy is created by running the command:
yc container repository lifecycle-policy list --repository-name crp3cpm16edq********/ubuntu
Where
repository-name
is the repository name.Result:
+----------------------+-------------+----------------------+----------+---------------------+-------------------------------+ | ID | NAME | REPOSITORY ID | STATUS | CREATED | DESCRIPTION | +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+ | crp6lg1868p3******** | test-policy | crp3cpm16edq******** | DISABLED | 2020-05-28 15:05:58 | disabled lifecycle-policy for | | | | | | | tests | +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the parameters of the resources you want to create:
resource "yandex_container_repository_lifecycle_policy" "my_lifecycle_policy" { name = "<policy_name>" status = "<policy_status>" repository_id = "<repository_id>" rule { description = "<rule_description>" untagged = true tag_regexp = ".*" retained_top = 1 expire_period = "48h" } }
Where:
name
: Policy name.status
: Policy status; the possible values areactive
anddisabled
.repository_id
: Repository ID.rule
: Section with the policy rule. It contains the following parameters:description
: Description of the rule.untagged
: If the parameter is set totrue
, the rule applies to all Docker images that do not have a tag.tag_regexp
: Docker image tag for filtering. Java regular expressions are supported. For example, thetest.*
regular expression retrieves all images with tags starting withtest
.retained_top
: Number of Docker images that are not deleted even if they meet the lifecycle policy rules.expire_period
: Time after which the lifecycle policy applies to the Docker image. This parameter comes as a numeral with a unit of measure, such ass
,m
,h
, ord
(seconds, minutes, hours, or days).expire_period
must be a multiple of 24 hours.
For more information about the
yandex_container_repository_lifecycle_policy
resource parameters in Terraform, see the provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-
This will create a lifecycle policy in the specified repository. You can check the new policy and its configuration using the management console
yc container repository lifecycle-policy list --registry-id <registry_ID>
To create a lifecycle policy, use the Create method for the LifecyclePolicyService resource.
Tip
You can test the lifecycle policy to check what Docker images comply with the policy rules. Docker images are not actually deleted during dry runs.