Running the registry:2 image via docker-compose 1.27.4, docker itself is at 19.03.13.
The registry is configured as a "pull through cache", also referred to as "proxy" or "mirror" by some. The setup is very basic and follows the official documentation:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
When using the standard procedures to delete an image on this registry via the API...
find tag name
export HEADER="Accept: application/vnd.docker.distribution.manifest.v2+json"
curl -s -H $HEADER https://<HOST>/v2/<CATALOG>/tags/list
find corresponding SHA
curl -sI -k -H $HEADER https://<HOST>/v2/<CATALOG>/manifests/<TAG>
delete via SHA
curl -H $HEADER -X DELETE https://<HOST>/v2/<CATALOG>/manifests/<SHA>
...I get a 404 for the last command:
404 page not found
When I do the same with the proxy bit commented out in the registry configuration, it works.
This feels eerily familiar to not being able to push against such a "pull through cache" registry, which, to be fair, is documented. This use case isn't - or is it?
The pull through cache functionality of the registry:2 image is designed for exactly that, pulling. Any other actions, like push or delete, aren't supported and are expected to give errors. To delete the manifest at the source, you'll want to run the delete command against that registry. I don't believe there's any API to prematurely remove a manifest from only the cache, it's a fixed 7 day expiration time.