- Published on
Automating Image Cleanup in Azure Container Registry with ACR Tasks
Table of Contents
Introduction
Container registries can quickly become cluttered with outdated and unused images, leading to increased costs and management overhead. This guide demonstrates how to implement automated cleanup in Azure Container Registry (ACR) using ACR tasks, along with best practices for image management.
Why Automate Image Cleanup?
- Cost Optimization: Reduce storage costs by removing unused images
- Performance: Improve registry performance with fewer images to index
- Compliance: Maintain governance by enforcing image retention policies
- Security: Reduce attack surface by removing potentially vulnerable old images
Setting Up Automated Cleanup
Basic Cleanup Task
Here's a simple task to get started:
az acr task create \
--registry <your-registry-name> \
--name PurgeOldImagesTask \
--cmd "acr purge --filter '.*:.*' --ago 30d --untagged --keep 10" \
--schedule "0 0 * * *" \
--context /dev/null \
--commit-trigger-enabled false
Advanced Cleanup Scenarios
For more granular control, consider these examples:
# Clean specific repositories
az acr task create \
--registry <your-registry-name> \
--name CleanupProdImages \
--cmd "acr purge --filter 'prod/.*:.*' --ago 60d --keep 5" \
--schedule "0 1 * * *"
# Multiple cleanup rules
az acr task create \
--registry <your-registry-name> \
--name ComplexCleanup \
--cmd "acr purge --filter 'dev/.*:.*' --ago 7d --keep 3 && \
acr purge --filter 'test/.*:.*' --ago 14d --keep 5 && \
acr purge --filter 'prod/.*:.*' --ago 90d --keep 10" \
--schedule "0 2 * * *"
Best Practices
Image Tagging Strategy
- Use semantic versioning (e.g.,
v1.2.3) - Include build information (e.g.,
v1.2.3-build.123) - Add environment tags (e.g.,
v1.2.3-prod)
Retention Policies
- Development: 7-14 days retention
- Staging: 30 days retention
- Production: 90+ days retention
- Keep at least 3 versions per environment
Monitoring and Troubleshooting
Monitor Cleanup Tasks
# View task execution history
az acr task list-runs --registry <your-registry-name>
# Get detailed logs for a run
az acr task logs --registry <your-registry-name> --run-id <run-id>
Common Issues
Task fails to delete images
- Verify service principal permissions
- Check image locks and repository policies
Missing important images
- Adjust
--keepparameter - Implement image locking for critical versions
- Adjust
Conclusion
A well-maintained container registry is crucial for efficient DevOps operations. By implementing automated cleanup with ACR tasks and following these best practices, you can maintain a clean, cost-effective, and secure registry.
Additional Resources
Related Posts
Build, Version and Publish .Net Application to ACR using GitHub Actions
In this article, we will see how to build, version and publish .Net application to Azure Container Registry (ACR) using GitHub Actions.
Cert Manager and Nginx Ingress Controller on AKS Cluster with static IP
In this we will setup Cert Manager and Nginx Ingress Controller on AKS Cluster
Create AKS cluster and ACR with Terraform
In this we will create Azure Kubernetes (AKS) cluster and Azure Container Registry (ACR).