Typically we build images tagged as "latest" after SCM change automatically in CI and we push them to registry. It is basically the same as with SNAPSHOT deployed by maven. As result there are many "dangling" images that in our case take significant amount of space.
Usually when you re-build image, meaning you tag newly build image with an already existing tag, you will see "dangling" image in "docker images" output. And you would delete it with:
docker rmi $(docker images -q -f dangling=true)
Basically what we need is something similar to scheduled task named "Remove Snapshots From Repository" for removing old SNAPSHOTs deployed by maven.
For example Docker registry V2, provides maintenance function called "upload purging" for this purpose. See https://docs.docker.com/registry/configuration/
- A user with sufficient privileges will be able to schedule a task to delete orphaned Docker layers
- This should be able to run on Hosted and Proxy
- To figure out which layers are orphaned, you need to look at existing manifests to see essentially which layers are not referenced
- More info on how Docker is handling deletes: https://github.com/docker/distribution/blob/master/ROADMAP.md#deletes
- Do not purge any layer newer than when the task started running