Re: Artifact Registry cleanup policies not deletin...

suncoast-system · 11-14-2023 08:31 AM

I have a registry set up on Artifact Registry with a cleanup ploicy of "keep only 1 version" and I have package prefixes set yet no images are deleted....or at least not ones I expect to be deleted. I search for log entries using the following format:

protoPayload.resourceName="projects/<project id>/locations/us/repositories/gcr.io"

protoPayload.methodName="google.devtools.artifactregistry.v1.ArtifactRegistry.BatchDeleteVersions"

But no logs ever appear. Is there something to starting the process or telling it to run?

SanketK

Hi @suncoast-system ,

Once you create the policy by following this document: https://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy
, you can confirm if this is applied to your repository by viewing your cleanup policies in the Repository details section by clicking Show more.
Also, you can perform a dry run as shown in this doc and confirm the cleanup via cloud audit logs.

Kind Regards,

SanketK

suncoast-system

It looks like it is setup right... Im not sure how to run a dry run...I have selected the radio button and save the page but it dosent seem to do anything..I dont see anything in the logs, I dont see anything that says "run this action". Am I missgin ssomething? I think if I can run a dry run that might give a hint of how to start theactual delete.

SanketK

Hi @suncoast-system ,

As per the shared document, policy changes take effect in approximately one day. To test a dry run, you can follow the steps mentioned here:

https://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy#dry-run

You must enable data write type of audit logs to see the cleanup entries in the audit logs.

suncoast-system

I have had the cleanup policy enabled for weeks and it hassnt taken effect on images like this though... It seems like it shold be set and forget but its not working that way.

SanketK

Hi @suncoast-system ,

Can you try the dry run via command line using the below format?

gcloud artifacts repositories set-cleanup-policies REPOSITORY \
    --project=PROJECT_ID \
    --location=LOCATION \
    --policy=POLICY_FILE \
    --dry-run

Then, run a logging read via:

gcloud logging read 'protoPayload.serviceName="artifactregistry.googleapis.com" AND protoPayload.request.parent="projects/PROJECT_ID/locations/LOCATION/repositories/REPOSITORY" AND protoPayload.request.validateOnly=true' \
    --resource-names="projects/PROJECT_ID" \
    --project=PROJECT_ID

Lastly, it would be interesting to look at the policy file itself.

Kind Regards,

SanketK

suncoast-system

Ran the commands and found nothing

suncoast-system

I tried this as well

SanketK

Hi @suncoast-system ,

Can you dry run a delete policy first?

{
  "name": "DELETE_POLICY_NAME",
  "action": {"type": "Delete"},
  "condition": {
    "tagState": "TAG_STATUS",
    "tagPrefixes": ["TAG_PREFIXES"],
    "versionNamePrefixes": ["VERSION_PREFIXES"],
    "packageNamePrefixes": ["PACKAGE_PREFIXES"],
    "olderThan": "OLDER_THAN_DURATION",
    "newerThan": "NEWER_THAN_DURATION"
  }
}

If this works, try a conditional keep policy and do a dry run and check if log entries are as expected. Finally, we can focus on most recent versions keep policy.

Kind Regards,

SanketK

suncoast-system

So just try any one of these to see if it works? I dont need a value for every one of them?

suncoast-system

I added these policies to the registry...will see if they help...

SanketK

@suncoast-system - Sure, this looks good. Lets try this to check if we are seeing the deletion works and whether it gets logged.

Kind Regards,

SanketK

suncoast-system

Interesting.... It deleted all images...it didnt keep at least 1. Its good that its deleting images now..but I do need it to keep the latest one. Any ideas?

suncoast-system

So delete works now but it is deleting all images and not stopping at the latest one. Do you have any ideas? This is almost worse....all my images get deleted after 2 days and I need to rebuild the image every few days...

suncoast-system

Any thoughts?

jino1

Facing same issue, same scenario

MaxEITSy2jDZJKh

+1 with same issue and same scenario

jawadarshad

I have the same issue.

kxxil01

+1 with this issues, its really bother me so much:(

jdogg

This is not working for me, either. Why is it listed as an option if it doesn't actually do what it says?

jino1

Hi

The clean-up policy “Keep most recent versions” would mean that the specified number of versions of the images are always retained within the repository and does not necessarily mean the other versions are deleted. Therefore, you can use the keep most recent versions policy in conjunction with a delete policy to delete the versions of the images based on a specific condition to delete the images other than the most recent versions. You need to set at least one delete policy to view the results of your keep policy.

Thank you.

Artifact Registry cleanup policies not deleting as expected