Issue with Deleting Images from Registry via GitLab Using Tag Instead of Digest

I’m currently facing an issue with GitLab’s Docker Registry integration where the deletion of Docker images is attempted using tags instead of the digest, leading to failures. Specifically, when GitLab attempts to delete an image from the registry, it uses the image tag in the request, which results in an error. My setup involves a separate host for the Docker Registry, which is integrated with GitLab for managing Docker images. The registry is configured to allow deletions, and everything works flawlessly except for the image deletion part.

Here’s a sanitized version of my configurations:

GitLab (gitlab.rb) is set up to enable and point to the Docker Registry:

gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.example.com"
gitlab_rails['registry_api_url'] = "https://registry.example.com"

Docker Registry is deployed using the following docker-compose.yml on a separate machine:

version: '3.8'
services:
  registry:
    image: registry:latest
    ports:
      - "5000:5000"
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
      REGISTRY_STORAGE_DELETE_ENABLED: "true"
    volumes:
      - /var/docker/gitlab-registry:/var/lib/registry

When GitLab tries to delete an image, the registry logs this request:

[28/Mar/2024:14:01:49 +0000] "DELETE /v2/some-awesome-repo/manifests/437 HTTP/1.0" 400 98 "" "GitLab/16.10.1-ee"

And reports an error:

level=error msg="response completed with error" err.code="digest invalid" err.message="provided digest did not match uploaded content" go.version=go1.20.8 http.request.host=registry.example.com http.request.id=1699e4fc-9aca-4f4f-a48e-32ebad839997 http.request.method=DELETE http.request.remoteaddr=192.168.0.105 http.request.uri="/v2/some-awesome-repo/manifests/437"

The error indicates a mismatch because the deletion request was made with a tag (437) instead of the expected digest.

Interestingly, I was able to delete the image manually using Postman with the correct digest:

DELETE https://registry.example.com/v2/some-awesome-repo/manifests/sha256:081d853456cd9a32a8fs2324asa7899a35f282bc9d9d3fabc4cfb4cce5e2624a

This issue seems to be specific to how GitLab constructs the deletion request, as manual deletion with the correct digest works as expected. I’m looking for guidance on how to resolve this, ensuring GitLab correctly uses digests instead of tags for image deletion requests. Any insights or workarounds from the community would be greatly appreciated.

Same problem.
sameersbn/gitlab:16.10.0
registry:2.8.3

Same here, sameersbn/gitlab:16.10.2

I was experiencing the issue myself - a bit more digging revealed that in my setup, I was still using the upstream (docker) registry:2.8 image.

With gitlab 16.x the support for external registries was deprecated by gitlab Deprecations and removals by version | GitLab

See also the notice at: GitLab container registry administration | GitLab

Following some discussion around the internet, the suggested way forward is to move/migrate to the official registry

For reference the official migration guide: GitLab container registry administration | GitLab

People have had success switching their external docker registry to the gitlab build registry at registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry

See: problem deleting image or tag 16.6.1 · Issue #2867 · sameersbn/docker-gitlab · GitHub