Define image retention policies to ensure important images are never deleted
Problem to solve
Currently, in the container expiration policies, there is no way to express something such as "no matter what, don't delete this tag". This introduces risk into the deletion process, as it's possible to delete
- Add the
name_regex_keepas an option to the container expiration policies.
- Rename the existing column
name_regex_deleteto match the updates made in the bulk delete api
- The default value for
name_regex_keepfor a policy will be NULL or blank, this will go into effect for existing policies.
name_regex_keepwill be optional
- Update the documentation to demonstrate how to use the feature.
Permissions and Security
There are no changes to permissions and no immediate security impact.
The container expiration policy docs will be updated showing the new option with details on how it works.
What does success look like, and how can we measure that?
- We can set a retention regex on an expiration policy specifying a pattern of tags that must not be deleted for that policy.
Links / references
Bulk Delete API issue that added the new param to the cleanup service. #27072 (closed)