c8d/delete: Add support for deleting specific platforms #49982
Conversation
fbfefe1 to
0b37530
Compare
daemon/containerd/image_delete.go
Outdated
| if pm.Match(c.ImagePlatform) { | ||
| return true | ||
| } | ||
| } |
There was a problem hiding this comment.
Perhaps this path could use a comment to outline we're intentionally not returning false after this, something like;
// No match for the image reference, but continue to check if used as mounted image(better suggestions welcome!)
(because I was wondering if we forgot a return false here; the comment may help future visitors 😄
There was a problem hiding this comment.
☝️ really wondering if this function needs splitting up, because there's a ton of conditions (not for this PR!)
There was a problem hiding this comment.
Yes actually I started by refactoring it to make the flow more linear, but turned out that I broke some edge cases in the process and didn't want to spend more time on that 🙈
2def89b to
a2bc5f1
Compare
| if len(platformJSONs) == 0 { | ||
| return nil, nil | ||
| } |
There was a problem hiding this comment.
No need to change; I guess this is a bit redundant (it won't loop if there's nothing to loop, so return output with its nil value)
| // The same manifest can be referenced by different image indexes. | ||
| var response []imagetypes.DeleteResponse | ||
| for _, d := range toDelete { | ||
| if err := i.content.Delete(ctx, d.Digest); err != nil { |
There was a problem hiding this comment.
We should avoid doing any direct deletion like this, removing root objects and updating reference labels is the preferred solution. There is no other transactional way to ensure nothing is using the content
There was a problem hiding this comment.
Right, it's not really ideal, but overall we assume that moby containerd namespace is exclusively accesses by dockerd.
There's a check that at least makes sure that it's not used by any container and that requires an explicit force.
Perhaps we should make it ONLY work with force now? That would make it clear that the operation is potentially dangerous, while still giving an escape hatch for users that want to get rid of platforms they don't need.
There was a problem hiding this comment.
Added 23bfbdf - WDYT?
23bfbdf to
4321767
Compare
|
@dmcgowan PTAL |
Move to an internal testutils package Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Pass whole `RemoveOptions` struct instead of individual `force` and `prune` parameters. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This change adds the ability to delete a specific platform from a multi-platform image. Previously, image deletion was an all-or-nothing operation - when deleting a multi-platform image, all platforms would be removed together. This change allows users to selectively remove individual platforms from a multi-architecture image while keeping other platforms intact. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
When deleting specific platforms from a multi-platform image, there's potential risk as platform-specific content might be shared across images/containers. For now, require `force` parameter to make the user aware. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
4321767 to
072483f
Compare
daemon/containerd/image_delete.go
Outdated
| start := time.Now() | ||
| defer func() { | ||
| if retErr == nil { | ||
| metrics.ImageActions.WithValues("delete").UpdateSince(start) | ||
| } | ||
| }() | ||
|
|
||
| if len(options.Platforms) > 0 && !options.Force { | ||
| return nil, cerrdefs.ErrInvalidArgument.WithMessage("Deleting specific platforms is currently considered potentially unsafe because platform-specific content might be shared across images/containers. Use --force to override.") |
There was a problem hiding this comment.
Adjusted the error message
|
Let me bring this one in; an error was added if this option is used without |
- What I did
- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)