从 Amazon ECR 私有存储库中删除签名和其他构件 - Amazon ECR

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

从 Amazon ECR 私有存储库中删除签名和其他构件

您可以使用 ORAS 客户端列出和删除 Amazon ECR 私有存储库中的签名和其他引用类型构件。删除签名和其他引用构件与删除映像的方式类似(请参阅 删除 Amazon ECR 中的映像)。以下是列出构件和删除签名的方法:

要使用 ORAS CLI 管理映像构件

  1. 安装和配置 ORAS 客户端。

    有关安装和配置 ORAS 客户端的信息,请参阅 ORAS 文档中的 Installation

  2. 要列出 Amazon ECR 映像的可用构件,请使用 oras discover,后面加上映像名称:

    oras discover 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci:helloworld

    输出应如下所示:

    111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:88c0c54329bfdc1d94d6f58cd3fcb1226d46f58670f44a8c689cb3c9b37b6925
└── application/vnd.cncf.notary.signature
    ├── sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42
    └── sha256:6527bcec87adf1d55460666183b9d0968b3cd4e4bc34602d485206a219851171

  3. 要使用 ORAS CLI 删除签名,如上例所示,请执行以下命令:

    oras manifest delete 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42

    输出应如下所示:

    Are you sure you want to delete the manifest "111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42" and all tags associated with it? [y/N] y

  4. y。应删除构件。

要排查构件删除问题

如果签名删除(例如刚才显示的签名)失败,则会出现类似以下内容的输出。

Error response from registry: failed to delete 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42:
unsupported: Requested image referenced by manifest list: [sha256:005e2c97a6373e483799fa4ff29ac64a42dd10f08efcc166d6775f9b74943b5b]

删除在 OCI 1.1 发布之前推送的映像时,可能会发生此故障。如错误中所述,您必须先删除引用该映像的清单,然后才能删除该映像,如下所示:

  1. 要删除与要删除的签名关联的清单,请键入:

     oras manifest delete 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:005e2c97a6373e483799fa4ff29ac64a42dd10f08efcc166d6775f9b74943b5b

    输出应如下所示:

    Are you sure you want to delete the manifest "sha256:005e2c97a6373e483799fa4ff29ac64a42dd10f08efcc166d6775f9b74943b5b" and all tags associated with it? [y/N] y

  2. y。应删除清单。

  3. 清单消失后,您可以删除签名:

     oras manifest delete 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42

    输出应如下所示:按 y

    Are you sure you want to delete the manifest "sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42" and all tags associated with it? [y/N] y
Deleted [registry] 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:387c10c1598ee18aae81dcfc86d0d06d116e46461d1c3cda8927e69c48108c42

  4. 要查看签名是否已删除,请键入:

    oras discover 111222333444.dkr.ecr.us-east-1.amazonaws.com/oci:helloworld

    输出应如下所示:

    111222333444.dkr.ecr.us-east-1.amazonaws.com/oci@sha256:88c0c54329bfdc1d94d6f58cd3fcb1226d46f58670f44a8c689cb3c9b37b6925
└── application/vnd.cncf.notary.signature
    └── sha256:6527bcec87adf1d55460666183b9d0968b3cd4e4bc34602d485206a219851171