SOA/RPC>> harbor-cleaner>> 返回
项目作者: cd1989

项目描述 :
Clean images in Harbor by policies
高级语言: Go
项目地址: git://github.com/cd1989/harbor-cleaner.git
创建时间: 2019-07-09T02:39:57Z
项目社区:https://github.com/cd1989/harbor-cleaner
开源协议:Apache License 2.0
下载


中文

Harbor Cleaner

Clean images in Harbor by policies.

Features

  • Delete tags without side effects As we known when we delete a tag from a repo in docker registry, the underneath manifest is deleted, so are other tags what share the same manifest. In this tool, we protect tags from such situation.
  • Delete by policies Support delete tags by configurable policies
  • Dry run before actual cleanup To see what would be cleaned up before performing real cleanup.
  • Cron Schedule Schedule the cleanup regularly by cron.

Concepts

Image Project Repo Tag
library/busybox:1.30.0 library busybox 1.30.0
release/devops/tools:v1.0 release devops/tools v1.0

Policies

Number Policy

Number policy will retain latest N tags for each repo and remove other old ones. Latest tags are determined by images’ creation time.

  1. numberPolicy:
  2.     number: 5

This policy takes only one argument, the number of tags to retain.

Regex Policy

Regex policy removes images that match the given repo and tag regex patterns. A tag will be removed only when following conditions are all satisfied:

  • It matches at least one repo pattern
  • It matches at least one tag pattern

Regex here are Golang supported regex. For example .* matches all.

  1. regexPolicy:
  2.     repos: [".*"]
  3.     tags: [".*-alpha.*", "dev"]

The above policy config will remove tags from all repos that are ‘dev’ or contain ‘alpha’. For example,

  • dev
  • v1.0.0-alpha
  • v1.4.0-alpha.2
  • 1.0-alpha.5

Recently Not Touched Policy

This policy works depends on Harbor’s access log. It collects images that are recently touched (pull, push, delete), and remove all other images that are not touched recently. It takes a time in second to configure the time period.

  1. notTouchedPolicy:
  2.   time: 604800

How To Use

Get Image

  1. $ make image VERSION=latest

You can also pull one from DockerHub.

  1. $ docker pull k8sdevops/harbor-cleaner:v0.4.0

Configure

  1. # Host of the Harbor
  2. host: https://dev.cargo.io
  3. # Version of the Harbor, e.g. 1.7, 1.4.0
  4. version: 1.7
  5. # Admin account
  6. auth:
  7.   user: admin
  8.   password: Pwd123456
  9. # Projects list to clean images for, it you want to clean images for all
  10. # projects, leave it empty.
  11. projects: []
  12. # Policy to clean images
  13. policy:
  14.   # Policy type, e.g. "number", "regex", "recentlyNotTouched"
  15.   type: number
  17.   # Number policy: to retain the latest N tags for each repo
  18.   # This configure takes effect only when 'policy.type' is set to 'number'
  19.   numberPolicy:
  20.     number: 5
  22.   # Regex policy: only clean images that match the given repo patterns and tag patterns
  23.   # This configure takes effect only when 'policy.type' is set to 'regex'
  24.   regexPolicy:
  25.     # Regex to match repos, a repo will be regarded as matched when it matches any regex in the list
  26.     repos: [".*"]
  27.     # Regex to match tags, a tag will be regarded as matched when it matches any regex in the list
  28.     tags: [".*-alpha.*", "dev"]
  30.   # Recently not touched policy: clean images that not touched within the given time period
  31.   # This configure takes effect only when 'policy.type' is set to 'recentlyNotTouched'
  32.   notTouchedPolicy:
  33.     # Time in second that to check for images
  34.     time: 604800
  36.   # Tags that should be retained anyway, '?', '*' supported.
  37.   retainTags: []
  38. # Trigger for the cleanup, if you only want to run cleanup once, remove the 'trigger' part or leave
  39. # the 'trigger.cron' empty
  40. trigger:
  41.   # Cron expression to trigger the cleanup, for example "0 0 * * *", leave it empty will disable the
  42.   # trigger and fallback to run cleanup once. Note: you may need to quote the cron expression with double quote.
  43.   # Time zone of the cron depends on the running environment, if run in docker container, it's UTC time.
  44.   cron:
  45. # For Harbor version v1.9+, you should configure the XSRF protection. For other version, keep the default values.
  46. xsrf:
  47.   # Refer to 'EnableXSRF' in Harbor config file 'common/config/core/app.conf'.
  48.   enabled: true
  49.   # Refer to 'XSRFKey' in Harbor config file 'common/config/core/app.conf'.
  50.   key: T20zVqpLbDDlQGVIiiwDtAAtsm8bSRjHBJSMyejG

In the policy part, exact one of numberPolicy, regexPolicy, notTouchedPolicy should be configured according to the policy type.

DryRun

  1. $ docker run -it --rm \
  2.     -v <your-config-file>:/workspace/config.yaml \
  3.     k8sdevops/harbor-cleaner:latest --dryrun=true

Clean

  1. $ docker run -it --rm \
  2.     -v <your-config-file>:/workspace/config.yaml \
  3.     k8sdevops/harbor-cleaner:latest

Cron Schedule

Configure the cron trigger and run harbor cleaner container in background.

  1. # Trigger for the cleanup, if you only want to run cleanup once, remove the 'trigger' part or leave
  2. # the 'trigger.cron' empty
  3. trigger:
  4.   # Cron expression to trigger the cleanup, for example "0 0 * * *", leave it empty will disable the
  5.   # trigger and fallback to run cleanup once.
  6.   cron: 0 0 * * *
  1. $ docker run -d --name=harbor-cleaner --rm \
  2.     -v <your-config-file>:/workspace/config.yaml \
  3.     k8sdevops/harbor-cleaner:latest

Supported Version

  • 1.4.x
  • 1.5.x
  • 1.6.x
  • 1.7.x
  • 1.8.x
  • 1.9.x (harbor-cleaner:v0.4.0+)

Harbor 2.x not supported yet.