shanhix1 · Jul 13, 2018
diff --git a/‎articles/container-registry/container-registry-delete.md
Lines changed: 48 additions & 49 deletions b/‎articles/container-registry/container-registry-delete.md
Lines changed: 48 additions & 49 deletions
diff --git a/‎articles/container-registry/media/container-registry-delete/01-manifest-digest.png
55.7 KB b/‎articles/container-registry/media/container-registry-delete/01-manifest-digest.png
55.7 KB
@@ -38,13 +38,13 @@ acr-helloworld/prod:v2
 
 ## Components of an image
 
-A container image includes several components, such as an image manifest, tags, and layers. Understanding how these components relate to each other can help you determine the best method for freeing space in your registry.
+A container image within a registry is associated with one or more tags, has one or more layers, and is identified by a manifest. Understanding how these components relate to each other can help you determine the best method for freeing space in your registry.
 
 ### Tag
 
-An image's *tag* typically specifies its version. A single image within a repository can be assigned one or many tags, and may also be "untagged." That is, you can delete all tags from an image, while the image's data (its layers) remain the registry.
+An image's *tag* specifies its version. A single image within a repository can be assigned one or many tags, and may also be "untagged." That is, you can delete all tags from an image, while the image's data (its layers) remain the registry.
 
-The repository (or repository and namespace) plus a tag defines an image's name. In the case of a private registry like Azure Container Registry, the image name also includes the fully qualified name of the registry host. The registry host for images in ACR is in the format *acrname.azurecr.io*. For example, the full name of the image in the 'test' namespace in the earlier section would be:
+The repository (or repository and namespace) plus a tag defines an image's name. In the case of a private registry like Azure Container Registry, the image name also includes the fully qualified name of the registry host. The registry host for images in ACR is in the format *acrname.azurecr.io*. For example, the full name of the image in the 'test' namespace in the previous section would be:
 
 ```
 myregistry.azurecr.io/acr-helloworld/test:v3
@@ -58,40 +58,49 @@ Images are made up of one or more *layers*, each corresponding to a line in the
 
 ### Manifest
 
-Each container image includes a *manifest* that provides the identification for the image, and specifies the layers that make up the image. This example manifest defines an image with three layers:
-
-```json
-{
-	"schemaVersion": 2,
-	"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
-	"config": {
-		"mediaType": "application/vnd.docker.container.image.v1+json",
-		"size": 6223,
-		"digest": "sha256:f5268c82970b670d0e5a86292f2a5200e6901bc7b0a7985db92adb3f4ec845d7"
-	},
-	"layers": [
-		{
-			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-			"size": 1990402,
-			"digest": "sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913"
-		},
-		{
-			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-			"size": 19186477,
-			"digest": "sha256:a1b9769c94cda6dcaa17805171e8f4e92a5a4eaa7f8a1f8c66a241aa2c5b9936"
-		},
-		{
-			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-			"size": 1240786,
-			"digest": "sha256:339284aa29477891009cfa16588ac229c80b1f0ef578c529727c9066aaa280cc"
-		}
-	]
-}
+Each container image pushed to a container registry is associated with a *manifest*. The manifest, generated by the registry when the image is pushed, uniquely identifies the image and specifies its layers. You can list the manifests for a repository with the Azure CLI command [az acr repository show-manifests][az-acr-repository-show-manifests]:
+
+```azurecli
+az acr repository show-manifests --name <acrName> --repository <repositoryName>
+```
+
+For example, listing the manifest digests for the "acr-helloworld" repository:
+
+```console
+$ az acr repository show-manifests --name myregistry --repository acr-helloworld
+[
+  {
+    "digest": "sha256:0a2e01852872580b2c2fea9380ff8d7b637d3928783c55beb3f21a6e58d5d108",
+    "tags": [
+      "latest",
+      "v3"
+    ],
+    "timestamp": "2018-07-12T15:52:00.2075864Z"
+  },
+  {
+    "digest": "sha256:3168a21b98836dda7eb7a846b3d735286e09a32b0aa2401773da518e7eba3b57",
+    "tags": [
+      "v2"
+    ],
+    "timestamp": "2018-07-12T15:50:53.5372468Z"
+  },
+  {
+    "digest": "sha256:7ca0e0ae50c95155dbb0e380f37d7471e98d2232ed9e31eece9f9fb9078f2728",
+    "tags": [
+      "v1"
+    ],
+    "timestamp": "2018-07-11T21:38:35.9170967Z"
+  }
+]
 ```
 
+The manifest discussed here is different from the image manifest you can view in the Azure portal or with [docker manifest inspect][docker-manifest-inspect]. In the following section, "manifest digest" refers to the digest generated by the push operation, not the *config.digest* in the image manifest. You can pull and delete images by **manifest digest**, not config.digest. The following image illustrates the two types of digests.
+
+![Manifest digest and config.digest in the Azure portal][manifest-digest]
+
 ### Manifest digest
 
-Manifests are identified by a unique SHA-256 hash, or *digest* (the `"digest"` value in the `"config"` section of the preceding example manifest). A unique digest is included in each container image you build. The digest value is unique even if the image's layer data is identical to that of another image. This mechanism is what allows you to repeatedly push identically tagged images to a registry. For example, you can repeatedly push `myimage:latest` to your registry without error (though not recommended) because each image is identified by its unique digest.
+Manifests are identified by a unique SHA-256 hash, or *manifest digest*. Each image--whether tagged or not--is identified by its digest. The digest value is unique even if the image's layer data is identical to that of another image. This mechanism is what allows you to repeatedly push identically tagged images to a registry. For example, you can repeatedly push `myimage:latest` to your registry without error because each image is identified by its unique digest.
 
 You can pull an image from a registry by specifying its digest in the pull operation. Some systems may be configured to pull by digest because it guarantees the image version being pulled, even if an identically tagged image is subsequently pushed to the registry.
 
@@ -102,7 +111,7 @@ $ docker pull myregistry.azurecr.io/acr-helloworld@sha256:0a2e01852872580b2c2fea
 ```
 
 > [!IMPORTANT]
-> If you repeatedly push modified images with identical tags, you create orphaned images--images that are untagged, but still consume space in your registry. Untagged images are not shown in the Azure CLI or in the Azure portal when you list or view images by tag. However, their layers still exist and consume space in your registry. The [Delete untagged images](#delete-untagged-images) section of this article discusses freeing space used by untagged images.
+> If you repeatedly push modified images with identical tags, you might create orphaned images--images that are untagged, but still consume space in your registry. Untagged images are not shown in the Azure CLI or in the Azure portal when you list or view images by tag. However, their layers still exist and consume space in your registry. The [Delete untagged images](#delete-untagged-images) section of this article discusses freeing space used by untagged images.
 
 ## Delete image data
 
@@ -139,13 +148,7 @@ Are you sure you want to continue? (y/n): y
 
 A [manifest digest](#manifest-digest) can be associated with one, none, or multiple tags. When you delete by digest, all tags referenced by the manifest are deleted, as is layer data for any layers unique to the image. Shared layer data is not deleted.
 
-To delete by digest, first list the manifest digests for the repository containing the images you wish to delete:
-
-```azurecli
-az acr repository show-manifests --name myregistry --repository myrepository
-```
-
-For example, listing the manifest digests for the "acr-helloworld" repository:
+To delete by digest, first list the manifest digests for the repository containing the images you wish to delete. For example:
 
 ```console
 $ az acr repository show-manifests --name myregistry --repository acr-helloworld
@@ -164,13 +167,6 @@ $ az acr repository show-manifests --name myregistry --repository acr-helloworld
       "v2"
     ],
     "timestamp": "2018-07-12T15:50:53.5372468Z"
-  },
-  {
-    "digest": "sha256:7ca0e0ae50c95155dbb0e380f37d7471e98d2232ed9e31eece9f9fb9078f2728",
-    "tags": [
-      "v1"
-    ],
-    "timestamp": "2018-07-11T21:38:35.9170967Z"
   }
 ]
 ```
@@ -309,10 +305,13 @@ Foreach($x in (az acr repository show-manifests -n $registry --repository $repos
 For more information about image storage in Azure Container Registry see [Container image storage in Azure Container Registry](container-registry-storage.md).
 
 <!-- IMAGES -->
+[manifest-digest]: ./media/container-registry-delete/01-manifest-digest.png
 
 <!-- LINKS - External -->
+[docker-manifest-inspect]: https://docs.docker.com/edge/engine/reference/commandline/manifest/#manifest-inspect
 [portal]: https://portal.azure.com
 
 <!-- LINKS - Internal -->
+[az-acr-repository-delete]: /cli/azure/acr/repository#az-acr-repository-delete
+[az-acr-repository-show-manifests]: /cli/azure/acr/repository#az-acr-repository-show-manifests
 [az-acr-repository-untag]: /cli/azure/acr/repository#az-acr-repository-untag
-[az-acr-repository-delete]: /cli/azure/acr/repository#az-acr-repository-delete