Before Cleaning Up Your K8s Image Registry: How to Identify and Preserve Used Images

-

 Hey DevOps folks, Gonchik here! Today, I want to share some insights and practical tips on managing your Kubernetes image registry more effectively. If you’re dealing with GitLab’s Container Registry, you know how quickly it can fill up with outdated and unused images. Storage costs can skyrocket, and managing all those images can become a nightmare. Let’s talk about how to avoid accidentally deleting the images your clusters still need.

Easy to clean, hard to restore. Dalle-3

Why Cleaning Up is Crucial

We’ve all been there — our CI/CD pipelines are constantly pushing new images with every commit, and over time, old deployments and misconfigured scripts leave behind a cluttered mess. This bloat doesn’t just affect costs; it can complicate day-to-day operations and make it harder to find the images you actually need.

The Importance of Identifying Used Images

Before you hit that “delete” button, it’s absolutely critical to know which images are still in use by your running pods. This is especially important in production environments where a mistake can lead to downtime and impact your end users. We need a foolproof way to identify these images so we can exclude them from cleanup routines.

Here’s my go-to command for extracting a list of all images used by running pods in a Kubernetes cluster. This list is invaluable for reference when cleaning up your GitLab registry:

kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec['initContainers', 'containers'][*].image}" | tr -s '[[:space:]]' '\n' | sort > images.txt

Breaking Down the Command

Let me explain what’s happening here:

1. Fetch Pods from All Namespaces: kubectl get pods — all-namespaces

This command grabs all pods across all namespaces in your cluster, ensuring you don’t miss anything.

2. Extract Image Fields with JSONPath: -o jsonpath=”{.items[*].spec.{initContainers[*].image,containers[*].image}}”

The JSONPath syntax extracts the image fields from both initContainers and containers in each pod spec.

3. Translate and Squeeze Spaces: tr -s ‘[[:space:]]’ ‘\n’

The tr command is used to translate and squeeze spaces into newlines, putting each image on its own line.

4. Sort the Image List: sort

The sorted list makes it easier to reference and cross-check.

5. Redirect to File: > images.txt

Finally, we redirect the sorted list to a file named images.txt for easy access.

Validating and Making Exceptions

Now that you have images.txt, it’s time to roll up your sleeves and start cross-referencing this list with the images in your GitLab container registry. This step ensures that nothing critical gets wiped out. Once you have this list, update your cleaner script or automation logic to exclude these images from deletion.

Implementing the Cleanup

Armed with your used images list, you can move forward with cleaning up your Kubernetes image registry. GitLab offers several built-in features for cleanup, like expiration policies, and you can also create custom scripts using GitLab’s API. This will help you manage storage costs and keep your registry in tip-top shape.

Wrapping Up

Cleaning up your Kubernetes image registry is an ongoing process, but the key is to do it without risking any downtime or service disruption. By taking the time to identify and preserve the images that are still in use, especially in your production clusters, you can ensure a smoother and safer cleanup process.

So, go ahead and declutter your registry — your future self will thank you!

Happy cleaning, Gonchik

Feel free to tweak it further to add more personal anecdotes or insights!




Comments

Post a Comment

Popular posts from this blog

How only 2 parameters of PostgreSQL reduced anomaly of Jira Data Center nodes

-
Image
  Hello community, Gonchik Tsymzhitov is in touch. Today, I would like to share with you a short story about postgresqltuner.pl in usage.  So from previous articles I hope you configured the PostgreSQL server and postgresqltuner.pl.  After executing command, ./postgresqltuner.pl --ssd for ssd disks server. You can see like this output: postgresqltuner.pl version 1.0.1 [OK]      I can invoke executables Connecting to /var/run/postgresql:5432 database template1 as user 'postgres'... [OK]      The user account used by me for reporting has superuser rights on this PostgreSQL instance =====  OS information  ===== [INFO]    OS: linux Version: 5.4.17-2036.102.0.2.el8uek.x86_64 Arch: x86_64-linux-thread-multi [INFO]    OS total memory: 41.03 GB [OK]      vm.overcommit_memory is adequate: no memory overcommitment [INFO]    Running under a vmware hypervisor [INFO]    Currently used I/O sc...
Read more

Stories about detecting Atlassian Confluence bottlenecks with APM tool [part 1]

-
Image
  Hey! Gonchik, a lover of APM (application performance monitoring) tools, in particular Glowroot, is in touch. Today I will tell you how to find bottlenecks in Confluence On-Prem in the shortest possible time based on one industrial installation. We are faced with a situation where a large number of people simultaneously break into the knowledge base on Confluence On-Prem (during the certification), and the Confluence dies for some time. We immediately thought that the problem is precisely in the simultaneous number of visitors and we can immediately tweak the JVM, but it turned out that not everything is so simple. Below I will tell you how we found the real cause of the brakes and how we dealt with it. The main task: to conduct an audit and, on its basis, achieve performance improvements, especially in times of a large number of active users in the system. Of course, first of all, the hardware resources and OS configurations were checked, where no problems were identified. Howev...
Read more

Unveiling the VMProtect-devirtualization Project: A Review that project

-
Image
  In the intricate world of software protection and cybersecurity, VMProtect holds a prominent place. This software protection tool, known for its use of virtualization technology, is designed to obscure and secure executable files from reverse engineering and tampering. However, even the most sophisticated protection methods invite scrutiny and analysis. In this review, I explore the intriguing and innovative  VMProtect-devirtualization  project by Jonathan Salwan and evaluate how it can significantly assist in uncovering bugs and vulnerabilities in protected game software. Thread emulation by x64unpack (x64Unpack: Hybrid Emulation Unpacker used for VMProtect analysis) What Makes VMProtect Stand Out? VMProtect is widely acclaimed for its robust approach to software protection. By converting executable code into a unique virtual machine language, it ensures that the protected code is extremely difficult to interpret or modify. This layer of virtualization acts as a formid...
Read more