docker 常用命令.
动机
日常运维工作中,经常要跟 docker 打交道,特别是 k8s ,有时候想查询 pod 或 docker 容器相关的状态或字段,经常要用到的几个比较常见的命令。
docker
docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}, {{.Mounts}}' | grep "912e60a98a5fcd2d4349ca06023678b86ff2faa41c30bd00fd700b9bd5735ec8"
docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}, {{.GraphDriver.Data.WorkDir}}' | grep "3340fa31487f573c1914ece00b0a3f4b4e39ce91dd2c1810283d8325a1e56dbb"
docker image prune -a -f --filter 'until=336h'
docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}' | grep "3735110"
docker inspect -f {{.State.Pid}} e57f06fc2578
先 dmesg -T 查找 oom 的 pod uid , podc80186b0-a128-4ff2-b96b-22d881d9d1e6 ,其中 uid 就是 c80186b0-a128-4ff2-b96b-22d881d9d1e6 。
1
|
Memory cgroup stats for /kubepods/burstable/podc80186b0-a128-4ff2-b96b-22d881d9d1e6/501eeb4de2846d7d0f8115b3885075a968afd933c1e0d380aa112e0cacdf6e2a: cache:0KB rss:8287552KB rss_huge:493568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB inactive_anon:0KB active_anon:8291020KB inactive_file:40KB active_file:4KB unevictable:0KB
|
kubectl get pods -A -o custom-columns=NS:metadata.namespace,PodName:.metadata.name,PodUID:.metadata.uid |grep pod uid
crictl
根据 pod uid 查找 pod
方法一:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
crictl ps -o json|jq '.[][] |select(.["labels"]["io.kubernetes.pod.uid"] == "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2")'
{
"id": "5e883886773eb52858a251f8edf8056846cea771303af908937960a0de5fb89c",
"podSandboxId": "b0873fd6e7b2aa9dd6950b8d5e7959a151c9ad60df19bcf1e530e43bc4286d9c",
"metadata": {
"name": "liveness-probe",
"attempt": 0
},
"image": {
"image": "sha256:db5a54343f0a0c8323010a58e555a09abf714d42768f85a6728a0cf702ad71ac",
"annotations": {}
},
"imageRef": "sha256:db5a54343f0a0c8323010a58e555a09abf714d42768f85a6728a0cf702ad71ac",
"state": "CONTAINER_RUNNING",
"createdAt": "1704704221540033498",
"labels": {
"io.kubernetes.container.name": "liveness-probe",
"io.kubernetes.pod.name": "csi-tos-node-cj8tv",
"io.kubernetes.pod.namespace": "kube-system",
"io.kubernetes.pod.uid": "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2"
},
"annotations": {
"io.kubernetes.container.hash": "405dbc29",
"io.kubernetes.container.restartCount": "0",
"io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
"io.kubernetes.container.terminationMessagePolicy": "File",
"io.kubernetes.pod.terminationGracePeriod": "30"
}
}
|
方法二:
1
2
3
4
5
6
7
8
|
crictl inspect $(crictl ps -qa) |jq '.[]["labels"] |select(.["io.kubernetes.pod.uid"] == "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2")'
{
"io.kubernetes.container.name": "csi-tos-driver",
"io.kubernetes.pod.name": "csi-tos-node-cj8tv",
"io.kubernetes.pod.namespace": "kube-system",
"io.kubernetes.pod.uid": "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2"
}
|
查找 pod pid
1
2
|
crictl ps #查找对应的 pod ,拿到 pod 的容器 id
crictl inspect da0645bde324a|jq .info.pid
|
清理镜像
清理所有没有引用到的镜像,一刀切。
crictl rmi --prune
过滤出需要清理的镜像,优雅一点。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#!/bin/sh
CONTAINER_RUNTIME_ENDPOINT=/run/containerd/containerd.sock
cd /tmp
# clean up docker resources if have
crictl ps > /dev/null
if [ $? -eq 0 ]
then
# Implement your customized script here, such as
# get the images that is used, these images cannot be deleted
crictl ps | awk '{if(NR>1){print $2}}' > used-images.txt
# @@ You can choose the images you want to clean according to your requirement @@
# ** Here, we will clean all images from my yixiu repo! **
crictl images | grep -i "yixiu"| awk '{print $3}' > target-images.txt
# filter out the used images and delete these unused images
sort target-images.txt used-images.txt used-images.txt| uniq -u | xargs -r crictl rmi
else
echo "crictl does not exist"
fi
exit 0
|