openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
95df90fcba7df4e761b1d9ebeebbe957e649e2e7
openshift-docs/modules/pruning-images-options.adoc
Steven Smith 8254e925dc Update Image prune conditions docs
2025-08-21 18:03:40 +00:00

84 lines
4.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * applications/pruning-objects.adoc
:_mod-docs-content-type: REFERENCE
[id="pruning-images-options_{context}"]
= Image pruning CLI options
The following table describes the options you can use with the `oc adm prune images <image_prune_option>` command.
.Manual image pruning command options
[cols="4,8",options="header"]
|===
|Option |Description
.^|`--all`
|Include images that were not pushed to the registry, but have been mirrored by
pullthrough. This is on by default. To limit the pruning to images that were
pushed to the integrated registry, pass `--all=false`.
.^|`--certificate-authority`
|The path to a certificate authority file to use when communicating with the
{product-title}-managed registries. Defaults to the certificate authority data
from the current user's configuration file. If provided, a secure connection is
initiated.
.^|`--confirm`
|Indicate that pruning should occur, instead of performing a test-run. This
requires a valid route to the integrated container image registry. If this
command is run outside of the cluster network, the route must be provided
using `--registry-url`.
.^|`--force-insecure`
|Use caution with this option. Allow an insecure connection to the container
registry that is hosted via HTTP or has an invalid HTTPS certificate.
.^|`--keep-tag-revisions=<N>`
|For each imagestream, keep up to at most `N` image revisions per tag (default
`3`).
.^|`--keep-younger-than=<duration>`
|Do not prune any image that is younger than `<duration>` relative to the
current time. Alternately, do not prune any image that is referenced by any other object that
is younger than `<duration>` relative to the current time (default `60m`).
.^|`--prune-over-size-limit`
|Prune each image that exceeds the smallest limit defined in the same project.
This flag cannot be combined with `--keep-tag-revisions` nor
`--keep-younger-than`.
.^|`--registry-url`
|The address to use when contacting the registry. The command attempts to use a
cluster-internal URL determined from managed images and image streams. In case
it fails (the registry cannot be resolved or reached), an alternative route that
works needs to be provided using this flag. The registry hostname can be
prefixed by `https://` or `http://`, which enforces particular connection
protocol.
.^|`--prune-registry`
|In conjunction with the conditions stipulated by the other options, this option
controls whether the data in the registry corresponding to the {product-title}
image API object is pruned. By default, image pruning processes both the image
API objects and corresponding data in the registry.
This option is useful when you are only concerned with removing etcd content, to reduce the number of image objects but are not concerned with cleaning up registry storage, or if you intend to do that separately by hard pruning the registry during an appropriate maintenance window for the registry.
|===
[id="information-about-prune-registry-flag_{context}"]
== Additional information about the --prune-registry flag
You can separate the removal of {product-title} image API objects from the removal of image data in the registry by passing in the `--prune-registry=false` flag. For example, the following command prunes only the API objects, leaving the registry storage untouched:
[source,terminal]
----
$ oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm --prune-registry=false
----
Then, you can perform a hard prune of the registry to remove the associated image data. This approach can narrow the timing window for race conditions compared to pruning both in a single command.
However, timing windows are not completely eliminated. For example, a pod might still be created that references an image while that image is being identified for pruning. You should track any API objects created during pruning to ensure that they do not reference deleted content.
Re-running the pruning without the `--prune-registry` option, or with `--prune-registry=true`, does not remove the associated registry storage for images previously pruned with `--prune-registry=false`. Those images can only be removed from registry storage by performing a hard prune of the registry. For more information, see "Hard pruning the registry".
View Git Blame Copy Permalink