How to clean-up old unused Kubernetes images/tags?

时间:2016-04-04 18:11:25

标签: kubernetes docker-registry google-kubernetes-engine

To simplify deployment and short term roll-back, it's useful to use a new Docker image tag for each new version to deploy on Kubernetes. Without clean-up this means that old images:tags are kept forever.

How can I list all image:tag that are used by a Kubernetes container so that I can find all old image:tag that are old and not used to delete them automatically from the Docker Registry?

My goal is ideally for Google Container Engine (GKE) to delete unused images a Google Container Registry.

5 个答案:

答案 0 :(得分:6)

As an alternative approach, you might consider just letting Kubernetes handle reclamation of old images for you.

Presently, the ImageManager handles reclamation of candidate images. See: Garbage Collection

Garbage collection is a helpful function of kubelet that will clean up unreferenced images and unused containers. kubelet will perform garbage collection for containers every minute and garbage collection for images every five minutes.

Configuration is controlled via these two kublet cli parameters:

  --image-gc-high-threshold=90: The percent of disk usage after which image garbage collection is always run. Default: 90%
  --image-gc-low-threshold=80: The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80%

The high/low thresholds could be tuned to force collection at an interval that works for you.

答案 1 :(得分:2)

您可以使用在DaemonSet中运行的docker-cleanup容器。这样可以清理群集中每个节点上所有未使用的映像。

答案 2 :(得分:1)

对于最新版本的kubelet,请使用以下选项,因为不推荐使用-image-gc-high-threshold -image-gc-low-threshold

--eviction-hard
--eviction-soft

更多详细信息请点击此处

https://kubernetes.io/docs/concepts/cluster-administration/kubelet-garbage-collection/ https://kubernetes.io/docs/tasks/administer-cluster/out-of-resource/ https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

答案 3 :(得分:0)

要获取Kubernetes集群使用的所有映像的列表,可以运行shell脚本:

for image in $(kubectl get pods --all-namespaces --output=jsonpath='{..image}')
do
    echo $image
done

但似乎目前无法简单地从Google容器注册表中删除图片(请参阅How to remove a pushed image in Google Container Registry

答案 4 :(得分:0)

我不确定是否有文档化的方法来进行这种维护。然而,Openshift Origin确实试图通过修剪docker镜像并与注册表交互来删除旧blob来解决这个问题

我们已经在原产地的背景下实施了它。 github上的source code