Container Image Management and Cleanup Strategy with Docker, Harbor, and Jenkins
This guide explains branch development strategies, naming conventions, Dockerfile creation, image building and publishing, as well as automated Harbor image cleanup using Jenkins pipelines, providing a comprehensive workflow for managing container images in a cloud‑native environment.
The article introduces a branch development strategy consisting of a main master branch, feature branches ( f1 , f2 ), and release branches, describing how code flows from feature development to release and back to master.
It then outlines a container image management standard, covering repository types ( snapshot for development and release for production), repository naming rules, image naming patterns for development and production, and tag naming conventions based on branch name and commit ID.
A section on image cleanup strategies explains how snapshot repositories should be periodically cleaned of old images, while release repositories should retain only the final release image after deployment.
The guide provides a simple Dockerfile example for building a static web application:
FROM nginx:latest
COPY dist /usr/share/nginx/htmlIt shows how to build and push the image using Docker commands:
docker build -t demo-web-app:1.1.1 .
docker push demo-web-app:1.1.1A complete Jenkinsfile is presented to automate the build, test, and image creation steps, including npm installation, project build, and Docker image construction:
pipeline {
agent {node {label "master"}}
stages {
stage('WebBuild') {
steps {
script {
docker.image('node:10.19.0-alpine').inside('-u 0:0 -v /var/jenkins_home/.npm:/root/.npm') {
sh """
id
npm config set unsafe-perm=true
npm config set cache /root/.npm
cd demo && npm install --unsafe-perm=true && npm run build && ls -l dist/ && sleep 15
"""
}
}
}
}
stage("BuildImage"){
steps {
script{
sh """
# Build image
cd demo
docker build -t demo/demo-web-app:1.1.1_xxxxxxxx1 .
"""
}
}
}
}
}After building, the image can be run for testing:
docker run -itd -p 8080:80 --name nginx-server demo/demo-web-app:1.1.1_xxxxxxxx1The article concludes with an automated Harbor cleanup script written in Groovy for Jenkins, which retrieves image tags via Harbor API, iterates over them, and deletes unnecessary tags, ensuring the registry does not become overloaded.
#!groovy
@Library('jenkinslibrary@master') _
def tools = new org.devops.tools()
String registryName = "${env.registryName}"
String serviceName = "${env.serviceName}"
String tagName = "${env.tagName}"
def harborProjects = []
currentBuild.description = "Trigger by ${serviceName} ${tagName}"
pipeline {
agent { node { label "build" } }
stages {
stage("GetHarborTags") {
steps {
timeout(time:5, unit:"MINUTES") {
script {
tools.PrintMes("获取Harbor仓库中的项目信息","green")
try {
response = httpRequest authentication: 'harbor-admin',
url: "https://registry.demo.com/api/repositories/${registryName}/${serviceName}/tags",
ignoreSslErrors: true
response = readJSON text: "${response.content}"
} catch(e) {
response = ['name':'']
println("Harbor镜像不存在此标签!")
}
}
}
}
}
stage("DeleteHarborTags") {
steps {
timeout(time:20, unit:"MINUTES") {
script {
tools.PrintMes("总共找到 ${harborProjects.size()} 个标签","green")
sumImageNum = harborProjects.size()
for (tag in harborProjects) {
sumImageNum -= 1
tools.PrintMes(" ${sumImageNum} Delete Tags --> ${registryName} --> ${serviceName} --> ${tag} ","green")
httpRequest httpMode: 'DELETE',
authentication: 'c016027e-0573-4246-93cf-f4a55b08a86a',
url: "https://registry.demo.com/api/repositories/${registryName}/${serviceName}/tags/${tag}",
ignoreSslErrors: true
sleep 1
}
}
}
}
}
}
post {
always {
script { cleanWs notFailBuild: true }
}
}
}DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.