docker基础-常用命令

2023-11-12 约 553 字预计阅读 2 分钟

docker 常用命令.

动机

日常运维工作中，经常要跟 docker 打交道，特别是 k8s ，有时候想查询 pod 或 docker 容器相关的状态或字段，经常要用到的几个比较常见的命令。

docker

根据 volume 查找

docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}, {{.Mounts}}' | grep "912e60a98a5fcd2d4349ca06023678b86ff2faa41c30bd00fd700b9bd5735ec8"

根据 overlay 查找

docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}, {{.GraphDriver.Data.WorkDir}}' | grep "3340fa31487f573c1914ece00b0a3f4b4e39ce91dd2c1810283d8325a1e56dbb"

清理容器过期镜像

docker image prune -a -f --filter 'until=336h'

根据进程 ID 查找

docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Name}}' | grep "3735110"

根据容器 ID 查找 Pid

docker inspect -f {{.State.Pid}} e57f06fc2578

宿主机上查找 omm 的 pod

先 dmesg -T 查找 oom 的 pod uid ， podc80186b0-a128-4ff2-b96b-22d881d9d1e6 ，其中 uid 就是 c80186b0-a128-4ff2-b96b-22d881d9d1e6 。

1

Memory cgroup stats for /kubepods/burstable/podc80186b0-a128-4ff2-b96b-22d881d9d1e6/501eeb4de2846d7d0f8115b3885075a968afd933c1e0d380aa112e0cacdf6e2a: cache:0KB rss:8287552KB rss_huge:493568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB inactive_anon:0KB active_anon:8291020KB inactive_file:40KB active_file:4KB unevictable:0KB

kubectl get pods -A -o custom-columns=NS:metadata.namespace,PodName:.metadata.name,PodUID:.metadata.uid |grep pod uid

crictl

根据 pod uid 查找 pod

方法一：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30


crictl ps -o json|jq '.[][] |select(.["labels"]["io.kubernetes.pod.uid"] == "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2")'

{
  "id": "5e883886773eb52858a251f8edf8056846cea771303af908937960a0de5fb89c",
  "podSandboxId": "b0873fd6e7b2aa9dd6950b8d5e7959a151c9ad60df19bcf1e530e43bc4286d9c",
  "metadata": {
    "name": "liveness-probe",
    "attempt": 0
  },
  "image": {
    "image": "sha256:db5a54343f0a0c8323010a58e555a09abf714d42768f85a6728a0cf702ad71ac",
    "annotations": {}
  },
  "imageRef": "sha256:db5a54343f0a0c8323010a58e555a09abf714d42768f85a6728a0cf702ad71ac",
  "state": "CONTAINER_RUNNING",
  "createdAt": "1704704221540033498",
  "labels": {
    "io.kubernetes.container.name": "liveness-probe",
    "io.kubernetes.pod.name": "csi-tos-node-cj8tv",
    "io.kubernetes.pod.namespace": "kube-system",
    "io.kubernetes.pod.uid": "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2"
  },
  "annotations": {
    "io.kubernetes.container.hash": "405dbc29",
    "io.kubernetes.container.restartCount": "0",
    "io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
    "io.kubernetes.container.terminationMessagePolicy": "File",
    "io.kubernetes.pod.terminationGracePeriod": "30"
  }
}

方法二：

1
2
3
4
5
6
7
8


crictl inspect $(crictl ps -qa) |jq '.[]["labels"] |select(.["io.kubernetes.pod.uid"] == "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2")'

{
  "io.kubernetes.container.name": "csi-tos-driver",
  "io.kubernetes.pod.name": "csi-tos-node-cj8tv",
  "io.kubernetes.pod.namespace": "kube-system",
  "io.kubernetes.pod.uid": "2f2f582c-e9d7-4689-85f1-cc1b3d1466d2"
}

查找 pod pid

1
2


crictl ps #查找对应的 pod ，拿到 pod 的容器 id
crictl inspect da0645bde324a|jq .info.pid

清理镜像

清理所有没有引用到的镜像，一刀切。

crictl rmi --prune

过滤出需要清理的镜像，优雅一点。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


#!/bin/sh

CONTAINER_RUNTIME_ENDPOINT=/run/containerd/containerd.sock

cd /tmp

# clean up docker resources if have
crictl ps > /dev/null
if [ $? -eq 0 ]
then
    # Implement your customized script here, such as
    # get the images that is used, these images cannot be deleted
    crictl ps | awk '{if(NR>1){print $2}}' > used-images.txt

    # @@ You can choose the images you want to clean according to your requirement @@
    # **      Here, we will clean all images from my yixiu repo!       **
    crictl images | grep -i "yixiu"| awk '{print $3}' > target-images.txt

    # filter out the used images and delete these unused images
    sort target-images.txt used-images.txt used-images.txt| uniq -u | xargs -r crictl rmi 
else
    echo "crictl does not exist"
fi

exit 0

目录

docker基础-常用命令

动机

docker

crictl