logo头像

博学广问,自律静思

定期清理虚拟机上的docker资源

在部署持续集成流水线项目的虚拟机上,随着构建次数的增加,机器上的docker镜像等资源会越来越多,最终将机器占满。本项目是帮助DevOps人员自动清理机器上的docker资源。

定期清理脚本

1
2
3
4
5
6
7
8
9
10
11
#!/bin/bash
set -e
while true; do
echo "Starting an new job to clean Docker..."
echo "CLEAN\_FILTER:${CLEAN\_FILTER}, CLEAN\_INTERVAL: ${CLEAN\_INTERVAL}"
docker system prune -a -f --filter ${CLEAN_FILTER}
echo "All docker images after cleaning are at below:"
docker images -a
echo "Clean Docker job finised, next job will start after ${CLEAN_INTERVAL} seconds"
sleep $CLEAN_INTERVAL
done

Dockerfile

1
2
3
4
5
6
FROM docker
ENV CLEAN_INTERVAL=3600
ENV CLEAN_FILTER="until=48h"
WORKDIR /app
COPY . .
CMD \["sh", "./clean_docker.sh"\]

K8S部署

为什么是K8S部署?理论上K8S部署的服务我们一般不会关心服务的docker镜像会不会把机器占满的问题,那么为什么我还要写K8S部署呢? 这主要用于 CI Agent跑在K8S上的情况。以微软Azure DevOps K8S Agent为例,https://github.com/Azure/helm-vsts-agent,其agent会将宿主机的docker.sock挂载在K8S node上,如果agent存在构建docker镜像的行为,就会导致agent构建出来的docker 镜像已经“脱离”了K8S的控制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: docker-cleaner
namespace: devops
spec:
selector:
matchLabels:
app: docker-cleaner
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
template:
metadata:
labels:
app: docker-cleaner
spec:
volumes:
- name: dockersocket
hostPath:
path: /var/run/docker.sock
containers:
- name: docker-cleaner
image: bywang/docker-cleaner
imagePullPolicy: Always
env:
- name: CLEAN_INTERVAL
value: 14400
resources:
requests:
cpu: 10m
memory: 40Mi
volumeMounts:
- name: dockersocket
mountPath: /var/run/docker.sock