Back to Cookbook

Registry Sweeper

Reclaim the 40 TB of unused container images nobody noticed

Scans your container registry, cross-references running workloads to find images that are actually in use, and generates safe cleanup policies for everything else. Recovers storage costs without breaking rollbacks.

House RecipeWork3 min

INGREDIENTS

🐙GitHub💬Slack

PROMPT

Create a skill called "Registry Sweeper". Clean up container registries safely: 1. Inventory the registry: - List all repositories and image counts (`aws ecr describe-repositories`, `aws ecr list-images`) - Calculate total size and per-repository size - Identify growth rate (images pushed per week) 2. Cross-reference with workloads: - `kubectl get pods -A -o jsonpath` to get all running image references - Check ECS tasks, Lambda functions, or other container runtimes - If manifests are available, also check deployment specs, cron jobs, and scale-to-zero workloads 3. Generate a cleanup plan: - Images not referenced by active workloads or declared deployments = candidate for deletion - Keep the N most recent tags per repo (configurable, default 10) for rollback - Keep any tag matching a release pattern (v*, release-*, etc.) - Calculate storage savings from cleanup 4. Generate lifecycle policies: - ECR Lifecycle Policy JSON for automated future cleanup - GCR/GHCR equivalent if applicable Always show the full list before deleting anything. Include a dry-run mode.

How It Works

Container registries grow silently until the bill is shocking. Every CI

run pushes a new image, and nothing ever deletes the old ones. This skill

finds what's actually running and what can be cleaned up.

What You Get

  • Registry inventory: total images, total size, growth rate
  • In-use identification: cross-reference with running K8s pods, ECS tasks, and deployment specs when available
  • Safe-to-delete list: images not referenced by active workloads or declared deployments, with age
  • Rollback preservation: keeps N most recent tags per repository
  • Lifecycle policy generation for automated future cleanup
  • Estimated cost savings from cleanup

Setup Steps

  1. Ensure your Claw has access to your container registry CLI (aws ecr, docker, etc.)
  2. Ensure kubectl access to identify running images
  3. Run the scan to get the inventory and cleanup plan
  4. Review the safe-to-delete list and apply

Tips

  • Always keep recent tags for rollback capability (default: last 10 per repo)
  • Check ALL clusters before deleting — an image might be unused in prod but running in staging
  • Generate ECR Lifecycle Policies to automate cleanup going forward
  • Watch for images referenced in deployment YAML that aren't currently running (scale-to-zero, cron jobs)
  • Start with the biggest repos — that's where the savings are
Tags:#containers#cost-optimization#cleanup#devops