How to prune disconnected image registry using oc mirror.

Solution Verified - Updated 9 Oct 2025

Environment

Red Hat OpenShift Container Platform (RHOCP)
- ≥ 4.11

Issue

How to prune disconnected image registry using oc mirror.
Does oc mirror prune old images while mirroring ?
How to mirror images in fully disconnected environment.

Resolution

First install the oc-mirror OpenShift CLI plugin and configure credentials that allow images to be mirrored by following by following official documentation
Here ubi7 will be mirrored then ubi8 which will prune the ubi7 images. Create ImageSetConfiguration like below to mirror from Red Hat registry to disk. Here first ubi7 will be mirrored on disk then to disconnected registry.

$ vi ubi-imageset-config.yaml
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
storageConfig:
  local:
    path: /tmp/ubi-image/
mirror:
  additionalimages:
    - name: registry.redhat.io/ubi7/ubi:latest

$ oc-mirror --config=ubi-imageset-config.yaml file:///tmp/ubi-image 

....
info: Planning completed in 2.11s
uploading: file://ubi7/ubi sha256:01e975f70dcbda342b386429acd2025cf7070adf829a60b038091f89eea7bc67 76.58MiB
uploading: file://ubi7/ubi sha256:9b932e985b83308b4a5beab7f9ef448758e8013cc1ad5121167f5ac9e8f8cb10 80.11MiB
uploading: file://ubi7/ubi sha256:ec121c671d0c70cf8d56aef452dbee1508bc2b40c4515051987805796698fc21 76.18MiB
sha256:61f8ef9967c9ce03cbdd1460bc1b6928ff4bc94b1f2cada4a1c7faf3f29703ab file://ubi7/ubi
sha256:c636799b65f32e1bd0ef17bdbdc5c8d98a53aa13bfb28fda9c3fc1970c393391 file://ubi7/ubi
sha256:5a4c70b0cc88c957081999fe6c82df78dd94710dc64680f16570fc050e4f172c file://ubi7/ubi
sha256:55be7b39a2600a43de8d72c826b8b0f08f74e6d511031ca52e53cfffece659b9 file://ubi7/ubi:latest
info: Mirroring completed in 19.42s (12.57MB/s)
Creating archive /tmp/ubi-image/mirror_seq1_000000.tar
...

Images have been mirrored on disk path /tmp/ubi-image/mirror_seq1_000000.tar as per above output. Now start mirroring from disk to disconnected mirror registry.

$ oc mirror --from=/tmp/ubi-image/mirror_seq1_000000.tar docker://quay.io/test/ubi-repo

...
info: Planning completed in 2.08s
uploading: quay.io/test/ubi-repo/ubi7/ubi sha256:01e975f70dcbda342b386429acd2025cf7070adf829a60b038091f89eea7bc67 76.58MiB
uploading: quay.io/test/ubi-repo/ubi7/ubi sha256:9b932e985b83308b4a5beab7f9ef448758e8013cc1ad5121167f5ac9e8f8cb10 80.11MiB
uploading: quay.io/test/ubi-repo/ubi7/ubi sha256:ec121c671d0c70cf8d56aef452dbee1508bc2b40c4515051987805796698fc21 76.18MiB
sha256:61f8ef9967c9ce03cbdd1460bc1b6928ff4bc94b1f2cada4a1c7faf3f29703ab quay.io/test/ubi-repo/ubi7/ubi
sha256:c636799b65f32e1bd0ef17bdbdc5c8d98a53aa13bfb28fda9c3fc1970c393391 quay.io/test/ubi-repo/ubi7/ubi
sha256:5a4c70b0cc88c957081999fe6c82df78dd94710dc64680f16570fc050e4f172c quay.io/test/ubi-repo/ubi7/ubi
sha256:55be7b39a2600a43de8d72c826b8b0f08f74e6d511031ca52e53cfffece659b9 quay.io/test/ubi-repo/ubi7/ubi:latest
info: Mirroring completed in 6m35.01s (618.2kB/s)
Wrote release signatures to oc-mirror-workspace/results-1683181156
Writing image mapping to oc-mirror-workspace/results-1683181156/mapping.txt
Writing ICSP manifests to oc-mirror-workspace/results-1683181156
...

Now Change same ImageSetConfiguration to mirror ubi8 as next image to test pruning.

$ vi ubi-imageset-config.yaml

apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
storageConfig:
  local:
    path: /tmp/ubi-image/
mirror:
  additionalimages:
    - name: registry.redhat.io/ubi8/ubi:latest

$ oc-mirror --config=ubi-imageset-config.yaml file:///tmp/ubi-image
...
info: Planning completed in 2.3s
uploading: file://ubi8/ubi sha256:0abb68531ec6cd91f887b3384722ee0c64e3412cddfaa0e16f33bd4ec53cbd0f 73.21MiB
uploading: file://ubi8/ubi sha256:05749dd975fec2187ae8b3b4e0943d6a90a405f75003109a1df9d51b303e5091 81.83MiB
uploading: file://ubi8/ubi sha256:bd6dce3b27eb3ac78249fc096ef8c3ddbc448a6905222f5645a2017ae6272f47 72.66MiB
uploading: file://ubi8/ubi sha256:6208c5a2e205726f3a2cd42a392c5e4f05256850d13197a711000c4021ede87b 75.41MiB
sha256:4a6dbfbb845810dce5902ab80cb93ecb24c367460fff9d15438e0b3080e244b3 file://ubi8/ubi
sha256:abc584e8d4514deea9e2db840661a9c1c575505686a863ceeafcbb7d15500fc8 file://ubi8/ubi
sha256:24ed38ab2160f78db4f9d0449a5ac2b7932efa3f1c7c575cdd8c0c7c7b516ad5 file://ubi8/ubi
sha256:f1370ea0207c8afca15e75fc6f004fcecc1eaf5baeb3034d2ee321ce008d8b4f file://ubi8/ubi
sha256:e3311058176628ad7f0f288f894ed2afef61be77ad01d53d5b69bca0f6b6cec1 file://ubi8/ubi:latest
info: Mirroring completed in 25.76s (12.34MB/s)
Creating archive /tmp/ubi-image/mirror_seq2_000000.tar
...

Images have been mirrored on disk path /tmp/ubi-image/mirror_seq2_000000.tar as per above output. Now start mirroring from disk to disconnected mirror registry ubi8 which should also prune the images as expected.

$ oc-mirror --from=/tmp/ubi-image/mirror_seq2_000000.tar docker://quay.io/test/ubi-repo
...
sha256:e3311058176628ad7f0f288f894ed2afef61be77ad01d53d5b69bca0f6b6cec1 quay.io/test/ubi-repo/ubi8/ubi:latest
info: Mirroring completed in 7m7.04s (744.4kB/s)
Pruning 4 manifest(s) from repository test/ubi-repo/ubi7/ubi  # <<< here pruning message appear. 
Deleting manifest sha256:55be7b39a2600a43de8d72c826b8b0f08f74e6d511031ca52e53cfffece659b9 from repo test/ubi-repo/ubi7/ubi
Deleting manifest sha256:5a4c70b0cc88c957081999fe6c82df78dd94710dc64680f16570fc050e4f172c from repo test/ubi-repo/ubi7/ubi
Deleting manifest sha256:61f8ef9967c9ce03cbdd1460bc1b6928ff4bc94b1f2cada4a1c7faf3f29703ab from repo test/ubi-repo/ubi7/ubi
...

Note: important thing to note here is on disk path while mirroring image from Red Hat registry to local disk. In this example path file:///tmp/ubi-image has been used while mirroring ubi7 and same path has been used while mirroring ubi8 image.

Imagesets have sequence numbers and this need to be published to a registry in the same order those were generated in.

ubi7 > /tmp/ubi-image/mirror_seq1_000000.tar
uni8 > /tmp/ubi-image/mirror_seq2_000000.tar

Important : If you used the Technology Preview version of the oc-mirror plugin for OpenShift Container Platform 4.10, it is not possible to migrate your mirror registry to OpenShift Container Platform 4.11. You must download the new oc-mirror plugin, use a new storage back end, and use a new top-level namespace on the target mirror registry.

SBR

Shift

Product(s)

Red Hat OpenShift Container Platform

Components

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.