Ensure Image Persistence in Oracle Cloud Infrastructure Registry (OCIR)

Preventing Deletion of Container Images in OCIR

Prev Question Next Question

Question

You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR)

You need to make sure that these images never get deleted from the repository.

Which action should you take? (Choose the best answer.)

Answers

A. Create a group and assign a policy to perform lifecycle operations on images.

B. Set global policy of image retention to "Retain All Images".

C. In your compartment, write a policy to limit access to the specific repository.

D. Edit the tenancy global retention policy.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

To make sure that the container images never get deleted from the Oracle Cloud Infrastructure Registry (OCIR), you should choose option B - Set global policy of image retention to "Retain All Images."

Option A, creating a group and assigning a policy to perform lifecycle operations on images, will not ensure that the images are never deleted. Instead, this option provides permissions to perform actions such as delete, update, and restore on the images, which could result in accidental or intentional deletions.

Option C, writing a policy to limit access to the specific repository in your compartment, will only restrict access to the repository, but it does not guarantee that the images will never be deleted.

Option D, editing the tenancy global retention policy, will affect all repositories in the tenancy, not just the specific repository you are concerned about. Also, this option does not provide granular control over the retention of individual images.

Setting the global policy of image retention to "Retain All Images" ensures that all images pushed to the repository will be retained indefinitely. This means that even if an administrator tries to delete the image, it will not be removed from the repository. To set this policy, you can follow these steps:

Log in to your Oracle Cloud Infrastructure account.
Navigate to the OCI Registry service.
Click on the "Policies" tab.
Click on "Create Policy."
Provide a name and description for the policy.
Under "Policy Rules," add the following rule:

python
Allow group <group-name> to manage repos in tenancy where all {request.principal.type='Group',  request.permission='ARTIFACTS_MANAGE_REPOSITORIES', request.resource.compartment.id='<compartment-ocid>',  request.operation='images:delete', request.resource.type='repository', request.resource.id='<repo-ocid>',  request.resource.lifecycle_state='ACTIVE', imageLifecyclePolicy.details.retentionRule.count='all'}

Replace <group-name> with the name of the group you want to give permissions to, and <compartment-ocid> and <repo-ocid> with the compartment OCID and repository OCID, respectively.

Click on "Create."

By setting the global policy of image retention to "Retain All Images," you can ensure that your container images are never deleted from the OCI Registry.

Prev Question Next Question