A local private Docker container image registry does not allow deleting container images by default, this is the same behavior when a local Docker registry was deployed on a BCM cluster either deployed via WebUI or CLI.
Docker registry service has the “delete” parameter set to “false” by default. This means that the images cannot be deleted from the registry. Refer to upstream Docker Registry docs below for more details:
https://distribution.github.io/distribution/about/configuration/#delete
An attempt to delete a recently pushed container image with the default configuration would result into the below error message:
[root@BCM10 ~]# docker push master.cm.cluster:5000/hello-world:v10
The push refers to repository [master.cm.cluster:5000/hello-world]
63a41026379f: Layer already exists
v10: digest: sha256:7565f2c7034d87673c5ddc3b1b8e97f8da794c31d9aa73ed26afffa1c8194889 size: 524
[root@bcm10 ~]# curl -kX DELETE https://master.cm.cluster:5000/v2/hello-world/manifests/sha256:7565f2c7034d87673c5ddc3b1b8e97f8da794c31d9aa73ed26afffa1c8194889
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
[root@bcm10 ~]#
To resolve this issue then we need to enable deletion support in Docker Registry managed by BCM.
In the example below, Docker Registry has been installed using “cm-container-registry-setup” on the head node, we will need modify the template that cmdaemon uses to write out the “config.json” file used by Docker registry, otherwise the changes will be overwritten if they were done manually outside of cmdaemon, then wait for a few seconds till cmdaemon restarts the Docker registry service to apply the changes.
Follow these steps to enable deletion support on Docker registry:
- Determine which node has the “generic::docker_registry” role, in this case it is the head node “bcm10“:
[root@bcm10 ~]# cmsh [bcm10]% device roleoverview Role Nodes Categories Configuration Overlays Nodes up ------------------------- ------------------------------------------ ----------- ---------------------------------- --------- [..] generic::docker_registry bcm10 1 of 1
- Modify the template used by BCM to create the default “config.json” file on the head node “bcm10“:
[bcm10]% device use master; roles; use generic::docker_registry; configurations; use config [bcm10->device[bcm10]->roles[generic::docker_registry]->configurations[config]]% set template
- Add ‘{“delete”: {“enabled”: true}}‘ under the “storage” stanza, contents of the template file should be similar to this:
{ "http": { "addr": ":${port}", "headers": {"X-Content-Type-Options": ["nosniff"]}, "host": "${domain}", "relativeurls": false, "tls": { "certificate": "/cm/local/apps/docker-registry/var/etc/${domain}:${port}.crt", "key": "/cm/local/apps/docker-registry/var/etc/${domain}:${port}.key" } }, "storage": { "filesystem": { "rootdirectory": "${spool_dir}" }, "delete": { "enabled": true } }, "version": "0.1" } - Commit the changes and wait till cmdaemon restarts Docker registry service to apply the changes:
[bcm10->device*[bcm10*]->roles*[generic::docker_registry*]->configurations*[config*]]% commit [bcm10->device[bcm10]->roles[generic::docker_registry]->configurations[config]]% Tue Feb 18 15:50:07 2025 [notice] bcm10: Service docker-registry was restarted [bcm10->device[bcm10]->roles[generic::docker_registry]->configurations[config]]%
- Now Deleting the container image with tag “v10” returns HTTP status code 202 “Accepted”:
[root@bcm10 ~]# curl -w "%{http_code}\n" -kX DELETE https://master.cm.cluster:5000/v2/hello-world/manifests/sha256:7565f2c7034d87673c5ddc3b1b8e97f8da794c31d9aa73ed26afffa1c8194889 202