doc/user/packages/container_registry/delete_container_registry_images.md
{{< details >}}
{{< /details >}}
You can delete container images from your container registry.
To automatically delete container images based on specific criteria, use garbage collection. Alternatively, you can use a 3rd-party tool to create a CI/CD job for deleting container images from specific projects.
To delete specific container images from a project or group, you can use the GitLab UI or GitLab API.
[!warning] Deleting container images is a destructive action and can't be undone. To restore a deleted container image, you must rebuild and re-upload it.
Deleting a container image on GitLab Self-Managed instances doesn't free up storage space, it only marks the image as eligible for deletion. To actually delete unreferenced container images and recover storage space, GitLab Self-Managed instance administrators must run garbage collection.
The container registry on GitLab.com includes an automatic online garbage collector. With the automatic garbage collector, the following are automatically scheduled for deletion in 24 hours if left unreferenced:
The online garbage collector is an instance-wide feature, and applies to all namespaces.
To delete container images using the GitLab UI:
In the top bar, select Search or go to and find your project or group.
For:
From the Container Registry page, you can select what you want to delete, by either:
On the dialog, select Remove tag.
Container repositories that fail deletion more than 10 times automatically stop attempting to delete images.
You can use the API to automate the process of deleting container images. For more information, see the following endpoints:
[!note] GitLab CI/CD doesn't provide a built-in way to remove your container images. This example uses a third-party tool called
regctlthat talks to the GitLab Registry API. For assistance with this third-party tool, see the issue tracker for regclient.
The following example defines two stages: build, and clean. The build_image job builds a container
image for the branch, and the delete_image job deletes it. The reg executable is downloaded and used to
remove the container image matching the $CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG
predefined CI/CD variable.
To use this example, change the IMAGE_TAG variable to match your needs.
stages:
- build
- clean
build_image:
image: docker:20.10.16
stage: build
services:
- docker:20.10.16-dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when: never
- if: $CI_COMMIT_BRANCH
delete_image:
stage: clean
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
REGCTL_VERSION: v0.6.1
rules:
- if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
image: alpine:latest
script:
- apk update
- apk add curl
- curl --fail-with-body --location "https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64" > /usr/bin/regctl
- chmod 755 /usr/bin/regctl
- regctl registry login ${CI_REGISTRY} -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD}
- regctl tag rm $IMAGE
[!note] You can download the latest
regctlrelease from the releases page, then update the code example by changing theREGCTL_VERSIONvariable defined in thedelete_imagejob.
You can create a per-project cleanup policy to ensure older tags and images are regularly removed from the container registry.