Schedule powershell script to delete old ACR image

Question

Hi Guys,

I have the below script which is working fine from local PowerShell to delete older ACR images. Now I want to schedule it so that it can run periodically maybe through run book, pipeline, or any other suitable way if you guys can suggest?

I am a little confused here because this is not only a PowerShell script but also it contains a few AZ acr repository commands which require I think azure CLI and docker to be available to run on the platform where I will schedule it.

Can anybody suggest what is the best way like a runbook or somewhere else to schedule and any instructions on how I can do that?

$registryName = 'myregistry'
$donotdeletetags = ''
$donotdeleterepos= ''

$repoArray = (az acr repository list --name $registryName --output json | ConvertFrom-Json)

foreach ($repo in $repoArray)
{
if (-Not ($donotdeleterepos -contains $repo))
{

    $tagsArray = (az acr repository show-tags --name $registryName --repository $repo --orderby time_asc --output json | ConvertFrom-Json ) | Select-Object -SkipLast 3

    foreach($tag in $tagsArray)
    {

        if ($donotdeletetags -contains $tag)
        {
            Write-Output ("This tag will NOT be deleted -- $repo : $tag")
        }
        else
        {
           az acr repository delete --name $registryName --image $repo":"$tag --yes

        }
    }
}   

}

I really appreciate if you can suggest instruction if any specific modules or something require to install in order to run on scheduled platform.

Thanks
Rajiv

Answer 1

Hello @Mishra, Rajiv ,
There should be some criteria based upon which you are deciding the latest 3 images , right ?
What is your criteria ? Like how are you identifying that 3 images are latest ? Is it by tagging ? Is it by version number ? Is it by last access date ?

So try to stick with one of the pattern , then you should be able to tweak that filter options for sure in acr purge. There are multiple options in the filter and also you can specify regular expressions

Couple of additional docs:
https://pixelrobots.co.uk/2020/02/purge-container-images-from-azure-container-registry-acr-on-demand-or-on-a-schedule/

One of the custom option is to write a script (which you already have it) and schedule the JOB on the Azure VM. There are multiple .ps1 scripts in the below github. [ You can use SP for authentication]
(If you don't want the Azure VM to run 24x7 to save costs, you can use the RunBooks , Auto Start/Shutdown options - You can schedule the VM to Start-Up once a day , let the schedule script run once - once the script executes - automatically shutdown the VM)

https://github.com/goyalmohit/acr-cleanup

If either of those answers are helpful to you , Kindly make sure to "Accept Answer" so that It will be a value addition for the whole community out there.

Answer 2

Hello @Mishra, Rajiv ,
Thanks for posting this query.
Did you try az acr purge with scheduled ACR task.
You can run an ACR Task per schedule
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tasks-scheduled

To automatically purge the images using scheduled ACR task
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-auto-purge

While creating the acr purge command you can apply the required filter only to delete those images.

Basically like you said , your requirement needs multiple packages installation like Powershell , Az CLI , kubectl , acr etc followed by authorized subscription access to the user who ever is running.

I was trying out script it using nodeJS package which does above steps and deploying as a container image POD in AKS. Those seems to be little bit complicated but worth trying - if you really want to run the custom script.

I would say , explore the options provided above with az acr purge and az acr task. Let me know how it goes.

Hope that helps!