Archive for the ‘Docker’ Category

Logging docker to GCR registry

February 2, 2017 Leave a comment

I close my eyes, only for a moment
And the moment’s gone
All my dreams pass before my eyes, a curiosity
(Kansas – Dust in the wind)

Docker daemon can access images from multiple docker registries. Some registry can be read-only for unauthenticated users while private registries usually require authentication even for pulling images. Configuration of registries and authentication is stored in ~/.docker/config.json .

When you want to log in to docker registry, you can simply run:

docker login <registry_uri>

Command will create an entry in the ~/.docker/config.json looking like:

"": {
    "auth": "Tag3iekueep9raN9lae6Ahv9Maeyo1ee",
    "email": ""

But, if you want to use GCR (Google Container Registry), there is a problem – there is no password provided.

Google suggests using gcloud for accessing all of their services. To log in with your user credentials, simply run the following command:

docker login -e \
   -u oauth2accesstoken \
   -p "$(gcloud auth print-access-token)" \

If you are setting a service account, then you need to use it’s private key, which Google distributes in JSON format:

docker login \
   -e \
   -u _json_key \
   -p "$(cat GCE_project-name_serviceaccount_<someid>.json)" \

Now you can pull existing images from your private registry:

docker pull

Isn’t it cool?

Categories: Cloud, Docker, GCE, Linux Tags: , ,

Deleting images from docker registry

January 23, 2017 Leave a comment


Something has got to give
These things I just don’t want you to see
(Dark Tranquillity – Format C for Cortex)

Docker registry is not really a user friendly piece of software. There is no fancy GUI and more importantly documentation is sparse.

So, if you run it for a long time, chance is you’ll end up with bunch of tagged images wasting space in your registry. How to delete old images? There is a way, but it’s not really a nice one.

Each image name is consisted of repository name and of an image tag. This combination links hashes of image layers. So, to delete image, we need to find correct repository name, image tag and then list corresponding image hashes.

First, prepare some env variables which we’re gonna use later:

export REG_PASS='<user>:<password>'
export HDR='Accept: application/vnd.docker.distribution.manifest.v2+json'
export REG_URI=''
alias curl_reg="curl --user $REG_PASS -H $HDR"

Now lets list all available repositories:

curl_reg "${REG_URI}/_catalog"

Following command will show us the list of all the tags available within the specific repository:

curl_reg "${REG_URI}/<repository>/tags/list"

Now, lets say we want to delete an image with tag 5. We need to find the root hash of that specific tag:

curl_reg -s "${REG_BASEURI}/<repository>/manifests/53" \
            | jq '.config.digest'

Once we have a hash, it’s easy peasy:

curl_reg -X DELETE "${REG_BASEURI}/<repository>/manifests/<SHA256sum>"

And that’s it.

Note: This won’t free the disk space. Docker registry garbage collector frees up disk space and it should be run automatically within next 24 hours. If you want to run it manually, you can do it by connecting to the host hosting the registry and running the following command:

docker exec -it <registry_container_id> \
       bin/registry garbage-collect /etc/docker/registry/config.yml

And that’s it!

Note that this procedure should work for v2 images, but if you still have v1 images floating around your registry, you could use the delete-docker-registry-image to delete them.

Categories: Docker, Linux Tags: ,
%d bloggers like this: