Introduction Link to heading

Azure Container Registry (ACR) is a powerful service for storing and managing Docker container images. However, over time, the number of container images in your registry can accumulate, leading to increased storage costs and management overhead. To keep your ACR efficient and cost-effective, it’s essential to periodically clean up old and unused images.

In this guide, we’ll walk you through creating a Bash script to automate Azure Container Registry cleanup. We’ll cover:

  1. Configuration: Define parameters for the script, including your ACR name and cleanup threshold.
  2. Exemption List: Specify repositories exempt from deletion.
  3. Execution: Run the script to clean up your ACR.
  4. Logging and Reporting: Capture cleanup details in a report for auditing.

Prerequisites Link to heading

  • Azure CLI: Install the Azure CLI on your local machine. You can download it here.
  • Azure Container Registry: You should have an Azure Container Registry set up and have the necessary permissions to manage it.

Script Development Link to heading

In this section, we’ll develop a Bash script to list and delete old container images.

Configuration: Link to heading

It is important to configure some essential parameters and settings before you begin creating your Bash script for the batch cleanup of your Azure Container Registry (ACR). The steps involved in configuration are as follows:

  • Azure Container Registry Name (registry_name): Replace “your-acr-name” in the script with the actual name of your Azure Container Registry. This variable defines the ACR where the cleanup will take place.

  • Maximum Threshold (maxthreshold): Set the maxthreshold variable to specify the maximum number of images you want to retain in your ACR. Images exceeding this threshold will be candidates for deletion.

  • Initialization (totalImagesDeleted, totalImagesRetained, totalImagesFailed): For purposes of reporting and logging, youwant to define variables to track the cleanup progress. Initialize counters to keep track of the number of images deleted, retained, and those that failed to delete.

  • Log Messages (log_messages): Create an array (log_messages) to store log messages. Each log message corresponds to the status of an image (deleted, retained, or failed to delete).

    Example:

        registry_name="mycontainerregistry"
    maxthreshold=10
    totalImagesDeleted=0
    totalImagesRetained=0
    totalImagesFailed=0
    log_messages=()
Exemption List: Link to heading

You might want to exclude some repositories from the cleanup process when you do a batch cleanup of your Azure Container Registry (ACR). Keeping important images or repositories that should never be deleted can benefit greatly from this. This is the way to make and deal with an exclusion list:

  • Creating the Exemption List (exempted_repositories): To create an exemption list, define an array named exempted_repositories within your Bash script. Add the names of the repositories you want to exempt from deletion to the exempted_repositories array. These repositories will be excluded from the cleanup process, ensuring their images are retained.

  • Exempted Repository Usage: When iterating through your ACR’s tags, you can check if the current repository is in the exemption list before attempting deletion. If it’s exempted, skip the deletion process for that repository. Keep the exemption list updated as your requirements change. You can add or remove repositories from the list as needed.

    Example:

        exempted_repositories=("critical_repo1" "important_repo2")
    for tag in $tags; do
        if [[ "${exempted_repositories[@]}" =~ "$repo" ]]; then
            log_messages+=("Exempted: $repo:$tag")
            continue  # Skip deletion
        fi
    done

You can fine-tune your control over which repositories should not be touched during the batch cleanup by creating and maintaining an exemption list. Optimizing your ACR effectively, this ensures that important images or repositories are preserved while unnecessary ones are deleted.

Excecution Link to heading

Within your Bash script, the deletion of images is handled using the az acr repository delete command provided by the Azure CLI. This command allows you to delete a specific image (tag) within a repository.

Example:

    az acr repository delete --name "$registry_name" --image "$repo:$tag" --yes
  • The –name flag specifies the name of your Azure Container Registry ($registry_name in the script).
  • The –image flag specifies the image to delete, where $repo represents the repository name, and $tag represents the tag of the image.
  • The –yes flag is used to confirm the deletion without prompting for confirmation. This command is executed within a loop, iterating through the ACR’s tags, and deleting images that exceed the defined threshold.

By running your cleanup script, you initiate the deletion process for images that meet the criteria for removal. As the script executes, it uses the az acr repository delete command to delete images while skipping exempted repositories, if any are defined.

Logging & Reporting: Link to heading

To maintain transparency and track the progress of your batch cleanup of an Azure Container Registry (ACR), it’s essential to implement a robust logging and reporting system. Here’s how to formulate logs and reports effectively:

  • Log Messages (log_messages): In your Bash script, create an array called log_messages. This array will be used to store various log messages throughout the cleanup process.
  • Logging During Cleanup: As the script iterates through the ACR’s tags, log messages are added to the log_messages array to record the status of each image. These messages include whether an image was deleted, retained, or failed to delete.
  • Summary Information: After processing all tags, the script generates summary information. This includes the total number of images deleted, images retained, and images that failed to delete.
  • Saving Logs to a File (log_file): To store the log messages persistently, you can save them to a text file. This text file serves as a detailed record of the cleanup process.
  • Optional Console Logging: Optionally, you can echo the log messages to the console as the script runs. This provides real-time feedback during the cleanup process.
  • By formulating logs and reports in this manner, you create a comprehensive audit trail of the batch cleanup process. This information allows you to analyze the results, identify any issues, and maintain a clear record of image management activities in your ACR.

Exploring the Batch Cleanup Process: A Complete Example Link to heading

Let’s dive into the entire batch cleanup process for your Azure Container Registry (ACR). Below is a complete example of the Bash script, showcasing how exemption lists, execution, and detailed logging and reporting are incorporated.

    #!/bin/bash

    # Define your Azure Container Registry name
    registry_name="myregistry"

    # Define the maximum threshold for images to retain
    maxthreshold=5

    # Create an array to store log messages
    log_messages=()

    # Initialize counters for logging
    totalImagesDeleted=0
    totalImagesRetained=0
    totalImagesFailed=0

    # Log the current date and time in the report
    log_messages+=("Report generated on $(date)")

    # Define the list of repositories to delete
    repositories_to_delete=("repo1" "repo2" "repo3")

    # Log the repositories subject to trimming
    log_messages+=("Repositories subject to trimming:")
    for repo in "${repositories_to_delete[@]}"; do
        log_messages+=("- $repo")
    done
    log_messages+=("Max allowed images per repository: $maxthreshold")

    # Log a separator
    log_messages+=("----------------------------------------------------")

    # Loop through repositories to delete
    for repo in "${repositories_to_delete[@]}"; do
        # List tags in the repository
        tags=$(az acr repository show-tags --name "$registry_name" --repository "$repo" --orderby time_asc --output tsv)
        totalImages="$(echo "$tags" | wc -w)"

        # Log the tags to be deleted in this repository
        log_messages+=("Repository: $repo")
        log_messages+=("Total images: $totalImages")

        if [ $totalImages -le $maxthreshold ]; then
            log_messages+=("No deletion required: $totalImages meets allowed threshold")
            log_messages+=("---")
            continue
        fi

        tagCounter=$(expr $totalImages - $maxthreshold)
        log_messages+=("Expected total images to delete: $tagCounter")

        deletedTagCounter=0
        log_messages+=("Deleting images...")

        for tag in $tags; do
            if [ $deletedTagCounter -le $(expr $tagCounter - 1) ]; then
                # Delete the tag
                if az acr repository delete --name "$registry_name" --image "$repo:$tag" --yes; then
                    log_messages+=("- $repo:$tag")
                    ((deletedTagCounter++))
                else
                    log_messages+=("Failed to delete: $repo:$tag")
                    ((totalImagesFailed++))
                fi
            else
                break
            fi
        done

        # Log the total number of deleted tags for this repository
        log_messages+=("Total images deleted in $repo: $deletedTagCounter")
        log_messages+=("---")
        ((totalImagesDeleted+=deletedTagCounter))
        ((totalImagesRetained+=totalImages-deletedTagCounter))
    done

    # Log a separator
    log_messages+=("----------------------------------------------------")

    # Log summary information
    log_messages+=("Cleanup summary:")
    log_messages+=("Total Images Deleted: $totalImagesDeleted")
    log_messages+=("Total Images Retained: $totalImagesRetained")
    log_messages+=("Total Images Failed to Delete: $totalImagesFailed")

    # Save the log to a text file
    log_file="cleanup_log.txt"
    printf "%s\n" "${log_messages[@]}" > "$log_file"

    # Print the log file path
    echo "Cleanup log saved as $log_file"
  • The script defines variables for the ACR name (registry_name) and the maximum threshold (maxthreshold) for images to retain.
  • It initializes arrays to store log messages and counters for logging.
  • The script lists repositories to delete, logs them, and sets a maximum threshold.
  • It iterates through repositories, listing tags, and performing deletions while tracking successes and failures.
  • Detailed log messages are collected throughout the process, including successful deletions and failures.
  • The script logs a summary of the cleanup, including the total number of images deleted, retained, and those that failed to delete.
  • Finally, it saves the log to a text file and prints the log file’s path.

Executing your batch cleanup script for an Azure Container Registry (ACR) involves running the script in your terminal. Here’s how to do it:

  • Open your terminal or command prompt.
  • Navigate to the directory where your cleanup script is located.
  • Execute the script by running the following command: (Replace cleanup_script.sh with the actual name of your cleanup script)
    bash cleanup_script.sh

In the next sections of this guide, we’ll explore Part 2, which covers creating an Azure Pipeline to automate this batch cleanup process.