티스토리 뷰
도커 이미지를 사용하여 빌드/배포를 수행하면, 버전 관리, 동일한 환경 항상 유지, 이관 편의성 등 다양한 장점을 갖고 있다. 이러한 이유로 도커 이미지는 도커 컨테이너로 기동되고 빌드/배포 자동화를 통해 손쉬운 개발 환경으로 사용되고 있다.
다만, 도커 이미지의 관리를 위해, 퍼블릭 공간의 DockerHub, 프라이빗 공간의 Docker Registry (Nexus3, Docker Image 등)는 무한으로 확장 가능한 공간을 제공하지는 않는다.
이로 인해 불필요한 이미지를 삭제하고 리소스 공간을 확보하는 것이 중요하다.
이미지의 경량화는 사실상 클라우드 환경에서 확장성과 민첩성을 높이기 위해 매우 중요한 요소이지만, 작은 이미지라도 500MB, 1GB 수준의 파일들이 매 빌드, 매 배포 마다 누적 된다면 이는 언젠가 디스크에 압력을 가할 수 있을 것이다.
이로 인해 이번 포스팅에서는 도커 이미지가 저장되는 두 공간에 대해 정리 방안으로 모색해 보도록 한다.
크게 Docker Image가 저장되는 공간은 두군데 이다. 바로 Nexus3 Docker Repository와 Local Docker Repositroy이다.
도커 리포지토리
먼저 도커 리포지토리에 대한 정리방안이다.
Docker image는 registry 에 저장될 때 image의 레이어 단위로 저장이 되며, 이렇게 저장된 레이어는 registry 의 내부에서 manifest 파일에 의해서 참조 된다. 또한 사용되지 않는 registry 의 물리적 이미지 삭제는 Registry Garbage Collection (이하 Registry GC) 에 의해서 수행된다. Registry GC가 수행될 때 사용되지 않는(어떤 manifest파일에서도 참조하지 않는) blob 파일들이 삭제 되면서 용량이 확보된다.
- mark phase : registry 내부의 manifest 를 검색하여 manifest 가 참조하고 있는 image layer 에 대하여 마킹
- sweep phase : 마킹이 되어 있지 않는 image layer에 대하여 레이어 삭제 수행
하지만, 이러한 Registry GC는 자동으로 수행되지 않으며, 명시적으로 수행하여 파일을 삭제하기 위해서 다음과 같은 작업을 진행한다.
docker image layer는 registry 내부의 모든 manifests 파일이 참조하지 않는 레이어에 대하여만 GC 시, 삭제를 수행한다. 이와 같이 여러개의 manifests 파일이 동일한 이미지 레이어를 참조하는 구조로 인하여, 특정 이미지를 삭제 하는 것이 disk 확보와 직결되지 않을 수 있다.
다음은 Registry GC를 수행하는 과정에 대해 가이드한다.
먼저 간단히 사용할 수 있는 Registry를 구성한다. (물론 Nexus3 등의 모든 Registry 사용이 가능하다.) config.yml 파일을 관리하기 위해 Volume을 아래와 같이 마운트하여 사용한다.
[root@kubemaster kubespray]# docker run -d -p 5000:5000 –v /root/registry:/etc/docker/registry registry:2.6
Unable to find image 'registry:2.6' locally
2.6: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
470e22cd431a: Pull complete
1048a0cdabb0: Pull complete
ca5aa9d06321: Pull complete
Digest: sha256:c4bdca23bab136d5b9ce7c06895ba54892ae6db0ebfc3a2f1ac413a470b17e47
Status: Downloaded newer image for registry:2.6
c02f83ffc2cdf543f5fd46c3eacbd9cf618db5c50b5615418e08c5c1223051f6
[root@kubemaster registry]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
12ddb5c38470 registry:2.6 "/entrypoint.sh /etc 3 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp objective_archimedes
[root@kubemaster registry]#
다음으로 Storage를 삭제할 수 있도록 delete flag를 활성화한다.
delete.enabled: true
[root@kubemaster registry]# docker exec 12ddb5c38470 cat /etc/docker/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
[root@kubemaster registry]#
활성화 후 Container를 재시작한다. 앞서 volume을 마운트하였기 때문에 수정된 파일을 기동시에 참고하도록 구성한다.
[root@kubemaster registry]# docker run -d --name=registry -p 5000:5000 -v /root/registry:/etc/docker/registry registry:2.6
177bd6d53719ad961d9cd8eb4c94a4771f501428ad2d7ca128d4b6ba69c49a1f
[root@kubemaster registry]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
177bd6d53719 registry:2.6 "/entrypoint.sh /etc 8 seconds ago Up 7 seconds 0.0.0.0:5000->5000/tcp registry
[root@kubemaster registry]#
위와 같이 재기동이 완료되면, 다음 두 스탭을 거쳐 Docker Image를 정리한다.
1) docker images 에 대한 manifest 삭제
먼저 위 테스트를 위해 아래와 같은 이미지 두개를 레지스트리에 push한다.
[root@kubemaster ~]# vi Dockerfile
FROM ubuntu:16.04
MAINTAINER Nara Son <nara0617@gmail.com>
CMD echo 'Hello My Friend!'
[root@kubemaster ~]# docker build -t 192.168.56.102:5000/nrson/myimage:v1.0 .
Sending build context to Docker daemon 1.843GB
Step 1/3 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
fe703b657a32: Pull complete
f9df1fafd224: Pull complete
a645a4b887f9: Pull complete
57db7fe0b522: Pull complete
Digest: sha256:e9938f45e51d9ff46e2b05a62e0546d0f07489b7f22fbc5288defe760599e38a
Status: Downloaded newer image for ubuntu:16.04
---> 77be327e4b63
Step 2/3 : MAINTAINER Nara Son <nara0617@gmail.com>
---> Running in 9f9d5af5a303
Removing intermediate container 9f9d5af5a303
---> 1587819b0ded
Step 3/3 : CMD echo 'Hello My Friend!'
---> Running in 0202b4207415
Removing intermediate container 0202b4207415
---> 704ac0dcc4e6
Successfully built 704ac0dcc4e6
Successfully tagged 192.168.56.102:5000/nrson/myimage:v1.0
[root@kubemaster ~]# vi Dockerfile
FROM ubuntu:16.04
MAINTAINER Nara Son <nara0617@gmail.com>
CMD echo 'Hello My Friend2'
[root@kubemaster ~]# docker build -t 192.168.56.102:5000/nrson/myimage:v2.0 .
Sending build context to Docker daemon 1.843GB
Step 1/3 : FROM ubuntu:16.04
---> 77be327e4b63
Step 2/3 : MAINTAINER Nara Son <nara0617@gmail.com>
---> Using cache
---> 1587819b0ded
Step 3/3 : CMD echo 'Hello My Friend2'
---> Running in b4fca7e19e5d
Removing intermediate container b4fca7e19e5d
---> 1a2c812aea7c
Successfully built 1a2c812aea7c
Successfully tagged 192.168.56.102:5000/nrson/myimage:v2.0
[root@kubemaster registry]# docker images | grep nrson
192.168.56.102:5000/nrson/myimage v2.0 1a2c812aea7c 27 minutes ago 124MB
192.168.56.102:5000/nrson/myimage v1.0 704ac0dcc4e6 31 minutes ago 124MB
[root@kubemaster registry]#
자 위와 같이 두개의 nrson images가 생성되었다. 앞서 기동한 registry에 Push 하기위해 Docker dadmon.json을 아래와 같이 적용 후 재기동한다.
[root@kubemaster ~]# vi /etc/docker/daemon.json
{
"insecure-registries": ["192.168.56.102:5000"]
}
[root@kubemaster ~]# systemctl daemon-reload
[root@kubemaster ~]# systemctl restart docker
[root@kubemaster ~]# docker run -d --name=registry -p 5000:5000 -v /root/registry:/etc/docker/registry registry:2.6
804e3b55eade6b5f818ab046bbdf7c7b348b47288083c3fb9792ce1b7c6942e8
[root@kubemaster ~]#
다음으로 Docker Registry에 각각 push한다.
[root@kubemaster registry]# docker push 192.168.56.102:5000/nrson/myimage:v1.0
The push refers to repository [192.168.56.102:5000/nrson/myimage]
4ae3adcb66cb: Pushed
aa6685385151: Pushed
0040d8f00d7e: Pushed
9e6f810a2aab: Pushed
v1.0: digest: sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c5872469a879dee3b2 size: 1150
[root@kubemaster registry]# docker push 192.168.56.102:5000/nrson/myimage:v2.0
The push refers to repository [192.168.56.102:5000/nrson/myimage]
4ae3adcb66cb: Layer already exists
aa6685385151: Layer already exists
0040d8f00d7e: Layer already exists
9e6f810a2aab: Layer already exists
v2.0: digest: sha256:53f69fcc2fed46663a81e59bf68611e405f1e9e66225cee44985a23d4fc3b9a2 size: 1150
[root@kubemaster registry]#
이를 기반으로 현재 docker layer 정보를 확인해 보자.
(docker exec –it [dockerContainerID] registry garbage-collect /etc/docker/registry/config.yml)
[root@kubemaster registry]# docker exec -it registry registry garbage-collect /etc/docker/registry/config.yml
nrson/myimage
nrson/myimage: marking manifest sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c5872469a879dee3b2
nrson/myimage: marking blob sha256:704ac0dcc4e610f8c791e863102f4266a698f7c78a048ab0ff4cf6a45535759e
nrson/myimage: marking blob sha256:fe703b657a32e0046dce0ad2cb17172cbec8ba302edf370f5f28962bdb6216a9
nrson/myimage: marking blob sha256:f9df1fafd224fae3ba34a68dfc401f75bf6bc0c016fe36c61661ca5c7ad729ee
nrson/myimage: marking blob sha256:a645a4b887f9613f80fae43432e46423f196a9952d11bb620bef2add7c4ed4ee
nrson/myimage: marking blob sha256:57db7fe0b522b7a6069e769606e5ed0913a64e1e0d0030382a922ccf9449211e
nrson/myimage: marking manifest sha256:53f69fcc2fed46663a81e59bf68611e405f1e9e66225cee44985a23d4fc3b9a2
nrson/myimage: marking blob sha256:1a2c812aea7c4b2aee63ec407f8d3f37d9a8a2bc892a5776891ace0fab5fe779
nrson/myimage: marking blob sha256:fe703b657a32e0046dce0ad2cb17172cbec8ba302edf370f5f28962bdb6216a9
nrson/myimage: marking blob sha256:f9df1fafd224fae3ba34a68dfc401f75bf6bc0c016fe36c61661ca5c7ad729ee
nrson/myimage: marking blob sha256:a645a4b887f9613f80fae43432e46423f196a9952d11bb620bef2add7c4ed4ee
nrson/myimage: marking blob sha256:57db7fe0b522b7a6069e769606e5ed0913a64e1e0d0030382a922ccf9449211e
8 blobs marked, 0 blobs eligible for deletion
[root@kubemaster registry]#
현재 위와 같이 총 8개의 blob으로 나뉘어 저장되어 있는 것을 확인할 수 있다.
다음으로 docker image에 대한 manifest 정보를 찾아 삭제한다.
현재 v1.0, v2.0 두버전이 업로드 되어 있으니, v1.0을 삭제해 보도록 한다.
[현재 Registry에 업로드 된 이미지 조회]
[root@kubemaster registry]# curl -X GET 192.168.56.102:5000/v2/_catalog
{"repositories":["nrson/myimage"]}
[root@kubemaster registry]#
[이미지 태그 조회]
[root@kubemaster registry]# curl -X GET 192.168.56.102:5000/v2/nrson/myimage/tags/list
{"name":"nrson/myimage","tags":["v1.0","v2.0"]}
[root@kubemaster registry]#
[이미지:태그의 디제스트 정보 확인하기]
[root@kubemaster registry]# curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET 192.168.56.102:5000/v2/nrson/myimage/manifests/v1.0
* About to connect() to 192.168.56.102 port 5000 (#0)
* Trying 192.168.56.102...
* Connected to 192.168.56.102 (192.168.56.102) port 5000 (#0)
> GET /v2/nrson/myimage/manifests/v1.0 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.56.102:5000
> Accept: application/vnd.docker.distribution.manifest.v2+json
>
< HTTP/1.1 200 OK
< Content-Length: 1150
< Content-Type: application/vnd.docker.distribution.manifest.v2+json
< Docker-Content-Digest: sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c5872469a879dee3b2
< Docker-Distribution-Api-Version: registry/2.0
< Etag: "sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c5872469a879dee3b2"
< X-Content-Type-Options: nosniff
< Date: Wed, 11 Mar 2020 08:29:02 GMT
<
{ [data not shown]
* Connection #0 to host 192.168.56.102 left intact
[root@kubemaster registry]#
[이미지 삭제하기]
[root@kubemaster registry]#
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE 192.168.56.102:5000/v2/nrson/myimage/manifests/sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c5872469a879dee3b2
* About to connect() to 192.168.56.102 port 5000 (#0)
* Trying 192.168.56.102...
* Connected to 192.168.56.102 (192.168.56.102) port 5000 (#0)
> DELETE /v2/nrson/myimage/manifests/sha256:1892b4f43a32c2abe6568f41ed7463653f
de21ff8c7dd1c5872469a879dee3b2 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.56.102:5000
> Accept: application/vnd.docker.distribution.manifest.v2+json
>
< HTTP/1.1 202 Accepted
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Wed, 11 Mar 2020 08:29:43 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 192.168.56.102 left intact
[root@kubemaster registry]#
[삭제 확인하기]
[root@kubemaster registry]# curl -X GET 192.168.56.102:5000/v2/nrson/myimage/tags/list
{"name":"nrson/myimage","tags":["v2.0"]}
[root@kubemaster registry]#
위와 같이 기존 v1.0 태그 이미지가 제거 된 것을 확인할 수 있다.
2) Docker GC 수행하기
Manifest를 삭제하는 것만으로는 물리 서버의 저장공간이 비워지는 것은 아니다.
상단에서 확인했던 Docker Garbage Collection을 통해 다시한번 도커 gc를 수행한다.
[root@kubemaster registry]# docker exec -it registry registry garbage-collect /etc/docker/registry/config.yml
nrson/myimage
nrson/myimage: marking manifest
sha256:53f69fcc2fed46663a81e59bf68611e405f1e9e66225cee44985a23d4fc3b9a2
nrson/myimage: marking blob sha256:1a2c812aea7c4b2aee63ec407f8d3f37d9a8a2bc892a
5776891ace0fab5fe779
nrson/myimage: marking blob sha256:fe703b657a32e0046dce0ad2cb17172cbec8ba302edf
370f5f28962bdb6216a9
nrson/myimage: marking blob sha256:f9df1fafd224fae3ba34a68dfc401f75bf6bc0c016fe36c
61661ca5c7ad729ee
nrson/myimage: marking blob sha256:a645a4b887f9613f80fae43432e46423f196a9952d1
1bb620bef2add7c4ed4ee
nrson/myimage: marking blob sha256:57db7fe0b522b7a6069e769606e5ed0913a64e1e0d0
030382a922ccf9449211e
6 blobs marked, 2 blobs eligible for deletion
blob eligible for deletion: sha256:1892b4f43a32c2abe6568f41ed7463653fde21ff8c7dd1c
5872469a879dee3b2
INFO[0000] Deleting blob:
/docker/registry/v2/blobs/sha256/18/1892b4f43a32c2abe6568f41ed7463653fde21ff8c7
dd1c5872469a879dee3b2 go.version=go1.7.6 instance.id=d7a46203-b71f-4313-9747-6
3bed6a76a94
blob eligible for deletion: sha256:704ac0dcc4e610f8c791e863102f4266a698f7c78a048ab
0ff4cf6a45535759e
INFO[0000] Deleting blob:
/docker/registry/v2/blobs/sha256/70/704ac0dcc4e610f8c791e863102f4266a698f7c78a0
48ab0ff4cf6a45535759e go.version=go1.7.6 instance.id=d7a46203-b71f-4313-9747-63bed6a76a94
[root@kubemaster registry]#
총 8개의 Blob data 중 2개의 Blob이 삭제된 것을 확인할 수 있다.
이와 같이 불필요한 Docker Image를 주기적으로 삭제해 주는 것이 리소스 관리 및 유지 관리 측면에서 중요하다.
Local Repository GC
다음으로 Local Repository 관리 방안이다.
Local repository는 도커 명령어를 실행하는 호스트 OS의 리토지토리를 의미한다.
현재 로컬 리포지토리에는 다음과 같은 이미지가 구성되어 있다.
[root@kubemaster registry]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.56.102:5000/nrson/myimage v2.0 1a2c812aea7c About an hour ago 124MB
192.168.56.102:5000/nrson/myimage v1.0 704ac0dcc4e6 About an hour ago 124MB
ubuntu 16.04 77be327e4b63 2 weeks ago 124MB
registry 2.6 10b45af23ff3 6 weeks ago 28.5MB
kubernetesui/dashboard v2.0.0-beta6 84cd817d07fb 3 months ago 91.7MB
lachlanevenson/k8s-helm v2.15.2 702b8b51007d 4 months ago 84.7MB
gcr.io/google-containers/kube-proxy v1.16.2 8454cbe08dc9 4 months ago 86.1MB
gcr.io/google-containers/kube-apiserver v1.16.2 c2c9a0406787 4 months ago 217MB
gcr.io/google-containers/kube-scheduler v1.16.2 ebac1ae204a2 4 months ago 87.3MB
gcr.io/google-containers/kube-controller-manager v1.16.2 6e4bffa46d70 4 months ago 163MB
gcr.io/google-containers/k8s-dns-node-cache 1.15.5 b477eb2ed326 6 months ago 62.5MB
coredns/coredns 1.6.0 680bc53e5985 7 months ago 42.2MB
calico/node v3.7.3 bf4ff15c9db0 9 months ago 156MB
calico/cni v3.7.3 1a6ade52d471 9 months ago 135MB
calico/kube-controllers v3.7.3 283860d96794 9 months ago 46.8MB
gcr.io/google_containers/metrics-server-amd64 v0.3.3 c6b5d3e48b43 10 months ago 39.9MB
gcr.io/google-containers/cluster-proportional-autoscaler-amd64 1.6.0 dfe4432cd2e2 10 months ago 47.7MB
quay.io/coreos/etcd v3.3.10 643c21638c1c 17 months ago 39.5MB
gcr.io/google-containers/addon-resizer 1.8.3 b57c00a12f6c 20 months ago 33.1MB
gcr.io/google-containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
gcr.io/google_containers/pause-amd64 3.1 da86e6ba6ca1 2 years ago 742kB
[root@kubemaster registry]#
이와 같은 이미지는 실제 물리적인 공간을 차지하기 때문에 불필요한 도커이미지는 항상 삭제를 해야한다.
1) clean images (docker rmi [docker images name])
도커 이미지를 삭제하는 방법은 간단하다.
[root@kubemaster registry]# docker rmi 192.168.56.102:5000/nrson/myimage:v1.0 192.168.56.102:5000/nrson/myimage:v2.0
Untagged: 192.168.56.102:5000/nrson/myimage:v1.0
Untagged: 192.168.56.102:5000/nrson/myimage@sha256:1892b4f43a32c2abe6568f41ed7463653
fde21ff8c7dd1c5872469a879dee3b2
Deleted: sha256:704ac0dcc4e610f8c791e863102f4266a698f7c78a048ab0ff4cf6a45535759e
Untagged: 192.168.56.102:5000/nrson/myimage:v2.0
Untagged: 192.168.56.102:5000/nrson/myimage@sha256:53f69fcc2fed46663a81e59bf68611e405f1
e9e66225cee44985a23d4fc3b9a2
Deleted: sha256:1a2c812aea7c4b2aee63ec407f8d3f37d9a8a2bc892a5776891ace0fab5fe779
Deleted: sha256:1587819b0ded3f27007ed9b9f81b907d2835b729e83c1e0465f63e5d3064defc
[root@kubemaster registry]#
위와 같이 중복되는 Layer의 경우 Untagged가 되며 중복되지 않은 고유한 Layer는 Delete된다.
2) clean containers (docker rm $(docker ps -qa --no-trunc --filter "status=exited"))
노드가 리스타트 되거나 했을 경우 수많은 Exited 상태의 Kubernetes 이미지가 남아있는 경우를 볼 수 있다. 다음은 특정 status 인 컨테이너를 일괄 삭제하는 방법이다.
[root@kubemaster registry]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
177bd6d53719 registry:2.6 "/entrypoint.sh /etc 49 minutes ago Up About an hour 0.0.0.0:5000->5000/tcp registry
3fc6b7954629 bf4ff15c9db0 "start_runit" About an hour ago Up About an hour k8s_calico-node_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_3
c82447eb6060 quay.io/coreos/etcd:v3.3.10 "/usr/local/bin/etcd" About an hour ago Up About an hour etcd1
9b39e47e2d31 bf4ff15c9db0 "start_runit" About an hour ago Exited (1) About an hour ago k8s_calico-node_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_2
42cbc291199a ebac1ae204a2 "kube-scheduler --au About an hour ago Up About an hour k8s_kube-scheduler_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_1
c92592d5c34b c2c9a0406787 "kube-apiserver --ad About an hour ago Up About an hour k8s_kube-apiserver_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_1
d35fb2c05339 1a6ade52d471 "/install-cni.sh" About an hour ago Exited (0) About an hour ago k8s_install-cni_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_2
82651c6bdb45 6e4bffa46d70 "kube-controller-man About an hour ago Up About an hour k8s_kube-controller-manager_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_1
06a4e39687c8 b477eb2ed326 "/node-cache -locali About an hour ago Up About an hour k8s_node-cache_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_1
e364bf094fee 8454cbe08dc9 "/usr/local/bin/kube About an hour ago Up About an hour k8s_kube-proxy_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_1
811be98863da gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_1
b67845d2052a gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_2
68ef4371aded gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_1
bd013808ce0a gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_1
784e05e18b80 gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_2
ec7a7b19c7c0 gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_1
7b2d69865afc 6e4bffa46d70 "kube-controller-man 4 hours ago Exited (2) About an hour ago k8s_kube-controller-manager_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_0
66ce10620b1e ebac1ae204a2 "kube-scheduler --au 4 hours ago Exited (2) About an hour ago k8s_kube-scheduler_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_0
6d1d1b14b15d b477eb2ed326 "/node-cache -locali 20 hours ago Exited (0) About an hour ago k8s_node-cache_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_0
6301c88a6bc9 gcr.io/google_containers/pause-amd64:3.1 "/pause" 20 hours ago Exited (0) About an hour ago k8s_POD_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_0
83007723b2d9 8454cbe08dc9 "/usr/local/bin/kube 20 hours ago Exited (2) About an hour ago k8s_kube-proxy_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_0
9201394bbbe3 gcr.io/google_containers/pause-amd64:3.1 "/pause" 20 hours ago Exited (0) About an hour ago k8s_POD_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_0
9126147bfe1a c2c9a0406787 "kube-apiserver --ad 20 hours ago Exited (0) About an hour ago k8s_kube-apiserver_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_0
cbc43965c53b gcr.io/google_containers/pause-amd64:3.1 "/pause" 20 hours ago Exited (0) About an hour ago k8s_POD_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_0
d55f455e75ea gcr.io/google_containers/pause-amd64:3.1 "/pause" 20 hours ago Exited (0) About an hour ago k8s_POD_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_0
967fd50cf895 gcr.io/google_containers/pause-amd64:3.1 "/pause" 20 hours ago Exited (0) About an hour ago k8s_POD_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_0
[root@kubemaster registry]# docker rm $(docker ps -qa --no-trunc --filter "status=exited")
9b39e47e2d31302711f5b7c415c5ab9f51b9af7bdb6ca08d70e804d0a1a72848
d35fb2c05339d7b6ca492c6f8bf53a18603360c4520d7381a0b0408ac5e167a0
7b2d69865afc1acce0ab89d91389c8e8d98fbce040ae278998a66a1431d1dfc2
66ce10620b1e6ab941f35c78ae9d67326aacb59bcdc7df7b5a08c1e8ed9f0ef2
6d1d1b14b15de11845be788c0205fd8e778c17ea9aba7c0169c6656d342bf876
6301c88a6bc9ce66fe6d254c717358975d511e7f64a350d1967dbfd403b65f5b
83007723b2d981ac971d46663b193d1c07a697b14996e9f2f1931689bd10b2f1
9201394bbbe39a34a030a805128927f9b1f5a89b39d49de9c56f7dcb215c12eb
9126147bfe1a406b670f233923f3607be3b823047db046700a80f2f4dce407c3
cbc43965c53b1216eb3fe9cd285b84ddef79f451aa1862050d53036c332b4803
d55f455e75ea56bf142f36ff488737c32e8fb33c628c35b833906d602b46354b
967fd50cf89575269a51b50f63d7525d6f96f5e93cb2965926334152f888f766
[root@kubemaster registry]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
177bd6d53719 registry:2.6 "/entrypoint.sh /etc 49 minutes ago Up About an hour 0.0.0.0:5000->5000/tcp registry
3fc6b7954629 bf4ff15c9db0 "start_runit" About an hour ago Up About an hour k8s_calico-node_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_3
c82447eb6060 quay.io/coreos/etcd:v3.3.10 "/usr/local/bin/etcd" About an hour ago Up About an hour etcd1
42cbc291199a ebac1ae204a2 "kube-scheduler --au About an hour ago Up About an hour k8s_kube-scheduler_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_1
c92592d5c34b c2c9a0406787 "kube-apiserver --ad About an hour ago Up About an hour k8s_kube-apiserver_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_1
82651c6bdb45 6e4bffa46d70 "kube-controller-man About an hour ago Up About an hour k8s_kube-controller-manager_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_1
06a4e39687c8 b477eb2ed326 "/node-cache -locali About an hour ago Up About an hour k8s_node-cache_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_1
e364bf094fee 8454cbe08dc9 "/usr/local/bin/kube About an hour ago Up About an hour k8s_kube-proxy_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_1
811be98863da gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_calico-node-pfc5l_kube-system_4afc8d08-f033-4a73-b890-65babbd342cf_1
b67845d2052a gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nodelocaldns-j477t_kube-system_3ec7d206-cbbb-469a-91b6-3b42d6ac4a25_2
68ef4371aded gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-apiserver-kubemaster_kube-system_cb4b3813912b13b71e7dc71d30763ebf_1
bd013808ce0a gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-controller-manager-kubemaster_kube-system_cf2751c55d75548caf97107a71186caa_1
784e05e18b80 gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-scheduler-kubemaster_kube-system_f52457cef33271c677ceac95883d8067_2
ec7a7b19c7c0 gcr.io/google_containers/pause-amd64:3.1 "/pause" About an hour ago Up About an hour k8s_POD_kube-proxy-4w2tq_kube-system_3d08297a-5658-410e-8c7f-87f34c0668a6_1
[root@kubemaster registry]#
그밖에 사용 가능한 주요 Docker Image 관리 명령어로는
- None tag image 일괄 삭제 : docker rmi $(docker images | grep "none" | awk '/ / { print $3 }')
- None Image:Node Tag 일괄 삭제 : docker rmi $(docker images -f "dangling=true" -q)
- 사용하지 않는 명령어 일괄삭제 : docker image prune
Prune 명령어의 경우
[root@kubemaster ~]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
[root@kubemaster ~]# docker image prune -a
WARNING! This will remove all images without at least one container associated to them.
Are you sure you want to continue? [y/N] y
Deleted Images:
untagged: coredns/coredns:1.6.0
untagged: coredns/coredns@sha256:263d03f2b889a75a0b91e035c2a14d45d7c1
559c53444c5f7abf3a76014b779d
deleted: sha256:680bc53e5985fbc1d81eaa22937e9307997d998b7244
e74f7026a668d91e0136
deleted: sha256:945db7a0af977a5a640efcdbbc583936e9f555d322a137
322004b12651f8b07d
deleted: sha256:225df95e717ceb672de0e45aa49f352eace2151224020
5972aca0fccc9612722
untagged: lachlanevenson/k8s-helm:v2.15.2
untagged: lachlanevenson/k8s-helm
@sha256:bb60d20dc0da8aa06f0a69e8195f40e9b1c76b5caf1da5b
1036f4d3a0373ae7e
deleted: sha256:702b8b51007d4b7762cc692f153f17ce8ba6f89b4c6a5b
fa22413b5233f53873
deleted: sha256:804545b9ff333af9332d1e1a5e9f4bb125ccecae8aeb2e221b
31413ea0be2695
deleted: sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b249
64d2f729dd8c076a0
untagged: ubuntu:16.04
untagged: ubuntu@sha256:e9938f45e51d9ff46e2b05a62e0546d0f07489b7
f22fbc5288defe760599e38a
deleted: sha256:77be327e4b63498e0faaa065d30d7c0e5499e42a09275ee1
9e27fd9a93cde7d7
deleted: sha256:b4d3af941054c99b15c27b809f4115ddc94c307aa97705c5
3c52b1b687298ba5
deleted: sha256:36fb0d2dd04845e4d517cdb206bc16303172273150b8a74
387ebc24157fc5bc6
deleted: sha256:7c66d02ec02b23556302d9826e1966a6c94b775ec87bc57
79acf26b0365ed2fb
deleted: sha256:9e6f810a2aabaa90d8e79f52847c74617a94e78fe223f4f06
7d84a6bd63b9393
untagged: gcr.io/google-containers/addon-resizer:1.8.3
untagged: gcr.io/google-containers/addon-
resizer@sha256:07353f7b26327f0d933515a22b1de587b040d3d85c464ea
299c1b9f242529326
deleted: sha256:b57c00a12f6cf8acf10de9c5e2c5adacbf355b181dd76f4d65b
cfd3a936ea289
deleted: sha256:26be42b57110ecd692ad4906a518264dfd8a17a2fcedcfd02b
ce41f7c9148dd7
deleted: sha256:8e9a7d50b12c4249f7473606c9685f4f4be919a3c00e49a7c
3a314ae9de52ed5
untagged: gcr.io/google-containers/cluster-proportional-autoscaler-amd64:1.6.0
untagged: gcr.io/google-containers/cluster-proportional-autoscaler-amd64@
sha256:0abeb6a79ad5aec10e920110446a97fb75180da8680094acb6715d
e62507f4b0
deleted: sha256:dfe4432cd2e2bc71257448586b3e81e424af1db38bb47b9a
de9dcffb31aa1a4a
deleted: sha256:9ef96d487aeb2191ed3888d6a619f61f1370308daae2aa7c0
1c0f5e9e6d7a979
untagged: gcr.io/google-containers/pause:3.1
untagged: gcr.io/google-containers/pause@
sha256:f78411e19d84a252e53bff71a4407a5686c46983a2c2eeed83929b8
88179acea
untagged: gcr.io/google_containers/metrics-server-amd64:v0.3.3
untagged: gcr.io/google_containers/metrics-server-amd64@
sha256:4ca116565ff6a46e582bada50ba3550f95b368db1d2415829241a56
5a6c38e2a
deleted: sha256:c6b5d3e48b43d0a8e0025a856c42c1c8185b4063916dbefd5
df72ef3e5b64419
deleted: sha256:5154e42f2b0fa5233e9750dd0c954a1e3ea3a92a61b9a9515
6ac8d68366cc423
deleted: sha256:8ca8d7b262a346519bf768273c4c068350262d2e8c1d0137
e1bb598a8a1c9f90
untagged: calico/kube-controllers:v3.7.3
untagged: calico/kube-controllers@
sha256:6bc3fd181fabb580df33442d728b39d4eeccae0883a50d85b1a26cac7
96a2999
deleted: sha256:283860d96794d56297e78b028c127c4ef11eb8d69db12fadc
09499ea1e9ad52e
deleted: sha256:1fa19ceb586bce53398e7eb6a83c3dbe3ce361089601f225fb
2f2bd5f5c4e22a
deleted: sha256:2d9546013d5adf323812a930d6e1cb6e3b8f304205e881e9
40157f72cabde1d4
untagged: kubernetesui/dashboard:v2.0.0-beta6
untagged: kubernetesui/dashboard@sha256:32616f6bda6477ef2d5ae3dcd96a89f355c5
9e62d254ae72c1b901785df4841c
deleted: sha256:84cd817d07fbd9a8ed8cbf0a9cde6db2433590acf7c30e117697e98e074bee7a
deleted: sha256:01a5867299f095019f49075c2b0e9c56197c19f38a543fe8e7c9de1a55bbd576
Total reclaimed space: 508.2MB
[root@kubemaster ~]#
docker image prune 옵션은 dangling 옵션과 유사하게 동작한다. 다만 docker image prune –a 옵션을 주었을 경우 현재 사용하지 않는 모든 이미지를 지워버리는 옵션을 넣을때는 이를 유의하고 사용해야 한다.
결론
도커 이미지는 많은 장점이 있지만, 버저닝, 불필요한 이미지 삭제, latest 관리는 반드시 필요한 이미지만, 이미지 경량화 그리고 도커 이미지 가비지컬렉션 등을 진행하지 않으면, 어느센가 기존 레가시 환경과 비슷하게 변해 버릴 수도 있으니 항상 관리에 유의해야 할 것이다.
'③ 클라우드 > ⓓ Docker' 카테고리의 다른 글
[Dockerfile] 애매한 명령어 파헤치기 (0) | 2020.07.04 |
---|---|
[Docker Image] 취약점 분석 (Anchore opensource) (0) | 2020.05.30 |
docker save, load & docker export, import 비교하기 (0) | 2020.02.05 |
Docker Container - Status Exited (n) Code 알아보기 (0) | 2019.12.27 |
[Docker] Kubernetes 보안 (Cgroup) (1) | 2019.10.11 |
- Total
- Today
- Yesterday
- Da
- Architecture
- API Gateway
- JBoss
- JEUS7
- openstack token issue
- TA
- apache
- 쿠버네티스
- OpenStack
- SWA
- kubernetes
- 마이크로서비스
- wildfly
- 마이크로서비스 아키텍처
- 아키텍처
- nodejs
- MSA
- Docker
- k8s
- SA
- webtob
- jeus
- 오픈스택
- node.js
- git
- JEUS6
- openstack tenant
- aws
- aa
일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |