A command-line tool for managing Docker registry cleanup operations in Astronomer environments
Project description
Astronomer Registry Cleanup Tool
A unified command-line tool for managing Docker registry cleanup operations, including listing repositories and deleting old image tags.
Features
- List Repositories: Browse the registry catalog and list all available repositories
- Delete Old Tags: Remove outdated image tags while preserving the most recent ones
- Flexible Authentication: Support for both local key files and Kubernetes secrets
- Safety Features: Dry-run mode, configurable tag retention, and comprehensive logging
- Kubernetes Integration: Direct integration with Kubernetes secrets for seamless operation
Installation
Prerequisites
- Python 3.10+
- uv for dependency management
Setup
-
Clone and install dependencies:
git clone <repository-url> cd registry-cleanup-master uv sync
-
Install optional dependencies (for Kubernetes support):
uv sync --extra k8s
Authentication Setup
Choose one of the following authentication methods:
Option A: Local Key File (Recommended for testing)
-
Extract TLS key from Kubernetes secret:
mkdir -p keys kubectl get secret -n astronomer astronomer-tls -o jsonpath='{.data.tls\.key}' | base64 -d > keys/tls.key
Note: On macOS, use
base64 -Dinstead ofbase64 -d -
Clean up after use:
rm keys/tls.key
Option B: Direct Kubernetes Secret Access (Recommended for production)
No manual key extraction needed. The tool will automatically access the Kubernetes secret.
Usage
Global Options
uv run astronomer-registry-cleanup [OPTIONS] COMMAND [ARGS]
Global Options:
-r, --registry REGISTRY Registry host (e.g., registry.example.com) [REQUIRED]
-d, --debug Enable debug logging
-n, --namespace NAMESPACE Kubernetes namespace (required with --k8s-secret)
Authentication (choose one):
--k8s-secret SECRET_NAME Get private key from Kubernetes secret
--key-path KEY_PATH Path to private key file (default: ./keys/tls.key)
Commands
1. List Repositories
List all repositories in the registry catalog:
# List all repositories
uv run astronomer-registry-cleanup -r registry.example.com list-repos
# List only client names (removes /airflow suffix)
uv run astronomer-registry-cleanup -r registry.example.com list-repos --clients-only
# Using Kubernetes secret
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer list-repos
2. Delete Old Image Tags
Remove outdated image tags while preserving recent ones:
# Dry run (recommended first step)
uv run astronomer-registry-cleanup -r registry.example.com delete-tags modern-rocket-1234 -p deploy --dry-run
# Actually delete tags
uv run astronomer-registry-cleanup -r registry.example.com delete-tags modern-rocket-1234 -p deploy
# Using Kubernetes secret with debug logging
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer -d delete-tags modern-rocket-1234 -p cli --dry-run
Delete Tags Options:
client: Airflow deployment release name (e.g.,modern-rocket-1234)-p, --prefix: Tag prefix pattern (e.g.,deploy,cli)--dry-run: Show what would be deleted without actually deleting
Tag Retention Policy
- Default retention: 3 most recent tags are always preserved
- Latest tag protection: The newest tag with the specified prefix is never deleted
- Pattern matching: Only tags matching
prefix-numberpattern are considered for deletion
Examples
Complete Workflow Example
# 1. List all client deployments
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer list-repos --clients-only
# 2. Check what would be deleted for a specific client
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer delete-tags modern-rocket-1234 -p deploy --dry-run
# 3. Delete old tags if the dry run looks good
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer delete-tags modern-rocket-1234 -p deploy
# 4. Run garbage collection on the registry to free disk space
kubectl exec -n astronomer -ti $(kubectl -n astronomer get pods -l component=registry -o jsonpath="{.items[*].metadata.name}") -c registry -- registry garbage-collect /etc/docker/registry/config.yml
Batch Operations
For multiple clients, you can combine commands:
# Get list of clients
CLIENTS=$(uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer list-repos --clients-only)
# Process each client
for client in $CLIENTS; do
echo "Processing $client..."
uv run astronomer-registry-cleanup -r registry.example.com --k8s-secret astronomer-tls -n astronomer delete-tags "$client" -p deploy --dry-run
done
Registry Garbage Collection
After deleting tags, run garbage collection to actually free disk space:
kubectl exec -n astronomer -ti $(kubectl -n astronomer get pods -l component=registry -o jsonpath="{.items[*].metadata.name}") -c registry -- registry garbage-collect /etc/docker/registry/config.yml
Note: This command may take a long time and will pause after "marking blob" messages before starting to delete files.
Troubleshooting
Common Issues
- "No module named 'jwt'": Run
uv syncto install dependencies - "kubernetes package required": Install with
uv sync --extra k8s - "tls.key not found in secret": Verify the secret name and namespace
- Occasional 404 errors: These are usually safe to ignore during tag deletion
Debug Mode
Enable debug logging for detailed operation information:
uv run astronomer-registry-cleanup -d -r registry.example.com ...
Development
For development and testing:
# Install development dependencies
uv sync --extra dev
# Run linting
uv run ruff check .
uv run ruff format .
Migration from Legacy Scripts
This tool replaces the previous separate scripts:
delete-old-image-tags.py→main.py delete-tagslist-catalog-repositories.py→main.py list-repos
The new unified interface provides better error handling, logging, and more flexible authentication options.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file astronomer_registry_cleanup-0.1.1.tar.gz.
File metadata
- Download URL: astronomer_registry_cleanup-0.1.1.tar.gz
- Upload date:
- Size: 34.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
929eeb4c0a2a1f082081c50fe0ffc7d9583fc415dae7dc8f0c1f7b76598df6fb
|
|
| MD5 |
3c84af0d8e43ea41ded35231886715a7
|
|
| BLAKE2b-256 |
a780aace00e5d6fb17723bbb2c86b039cff078b7c026493c6e544b0a00998060
|
File details
Details for the file astronomer_registry_cleanup-0.1.1-py3-none-any.whl.
File metadata
- Download URL: astronomer_registry_cleanup-0.1.1-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
835432483e6623d69e72af2c6b914373094d87e9e021b87c466f4c9bce31b90e
|
|
| MD5 |
bb9ff8f4e1ae8d33ba010083b7263e4e
|
|
| BLAKE2b-256 |
6c121b9480d358071b91e74aed91025434525b532dab522b46ebd4b3ff73638a
|
