Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Container Registry
  • Getting started
  • Yandex Container Solution
    • Overview
    • Docker image
    • Docker volume
    • Registry
    • Repository
    • Docker image lifecycle policy
    • Vulnerability scanner
    • Cloud Functions trigger
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Troubleshooting
  • FAQ

In this article:

  • Lifecycle policy statuses
  • Lifecycle policy rules
  • Resolving rule conflicts
  • Use cases
  1. Concepts
  2. Docker image lifecycle policy

Docker image lifecycle policy

Written by
Yandex Cloud
Updated at April 18, 2025
  • Lifecycle policy statuses
  • Lifecycle policy rules
  • Resolving rule conflicts
  • Use cases

A Docker image lifecycle policy lets you set rules for deleting Docker images automatically.

You can configure a lifecycle policy using the Yandex Cloud CLI.

Warning

You can only set a lifecycle policy for a repository. The policy applies to Docker images whose names match the repository name exactly. There is no support for prefix matching. You cannot set a policy for a repository group, registry, folder, or cloud.

Lifecycle policy statusesLifecycle policy statuses

A lifecycle policy can have the following statuses:

  • ACTIVE: The policy is active and regularly deletes Docker images according to the rules you set.
  • DISABLED: The policy is disabled and does not delete Docker images from the repository. You can use policies in this status to create and test rules.

Note

The default policy is created with the DISABLED status. For information on activating a policy, see Updating a lifecycle policy status.

A repository can only have one active policy and several disabled ones. You can disable the active policy at any time.

You can perform dry runs to check which Docker images will be deleted according to the rules of the current policy.

Lifecycle policy rulesLifecycle policy rules

Prior to deletion, Docker images are first filtered by tag and then checked against lifecycle policy rules. If an image matches several rules at the same time, the rule conflict is automatically resolved.

Warning

To create a rule, specify at least one tag-based filter and set at least one delete condition.

When creating a lifecycle policy, you can place rules in a separate JSON file. Use the parameters below to configure lifecycle policy rules:

  1. Filtering Docker images by tag:
    • tag_regexp: Tag to specify a filter as a regular expression.

      Use cases of tag_regexp:

      • .*: All images with tags.
      • prefix.*: Images with tags that start with prefix.
    • untagged: Tag to apply the rule to untagged Docker images.

  2. Conditions for deleting Docker images:
    • expire_period: Period of time that must pass after creating a Docker image for it to satisfy the automatic deletion criteria. It must be a multiple of 24 hours.
    • retained_top: Number of Docker images (meeting the specified tag-based filter conditions) to be retained even if the period set in expire_period has already expired.

Example of a JSON file with rulesExample of a JSON file with rules

The Test rule deletes all images that meet the following conditions:

  • Tag starts with test.
  • Older than 80 days.

This rule will keep 20 images.

The Untagged rule deletes all images that meet the following conditions:

  • No tags.
  • Older than 48 hours.
[
  {
    "description": "Test",
    "tag_regexp": "test.*",
    "expire_period": "80d",
    "retained_top": 20
  },
  {
    "description": "Untagged",
    "untagged": true,
    "expire_period": "48h"
  }
]

Where:

  • description: Description of the policy rule.
  • tag_regexp: Docker image tag for filtering. The test.* regular expression for tag_regexp retrieves all images with tags starting with test.
  • untagged: Flag indicating that the rule applies to Docker images without tags.
  • expire_period: Time after which the lifecycle policy may apply to the Docker image. This parameter comes as a number followed by a unit of measurement: s, m, h, or d (seconds, minutes, hours, or days). expire_period must be a multiple of 24 hours.
  • retained_top: Number of Docker images that are not deleted even if they match the rule.

Resolving rule conflictsResolving rule conflicts

  • If a Docker image filtered by tag only falls under a single delete rule, it is deleted according to this rule's settings.
  • If a Docker image filtered by tag falls under several conflicting rules, it is deleted only if all the rules require it. If there is at least one rule saying that a Docker image shouldn't be deleted, the image is retained.

Use casesUse cases

  • Storing Docker images created in Yandex Managed Service for GitLab projects

Was the article helpful?

Previous
Repository
Next
Vulnerability scanner
© 2025 Direct Cursus Technology L.L.C.