This chart wraps the Spotify/docker-GC Docker image in the form of a DaemonSet so that Docker resource garbage collection occurs on all nodes of a given Kubernetes cluster.
It is unclear if this should be used on a Kubernetes cluster since Kubelet has many of these cleanup features.
This chart will do the following:
Although docker normally prevents removal of images that are in use by containers, we take extra care to not remove any image tags (e.g., Ubuntu:14.04, busybox, etc) that are in use by containers. A naive docker RMI $(docker images -q) will leave images stripped of all tags, forcing docker to re-pull the repositories when starting new containers even though the images themselves are still on disk.
This script is intended to be run as a cron job, but you can also run it as a Docker container.
To use the script manually, run docker-GC. The system user under which docker-GC runs needs to have read and write access to the $STATE_DIR environment variable which defaults to /var/lib/docker-GC.
There can be images that are large that serve as a common base for many application containers, and as such, make sense to pin to the machine, as many derivative containers will use it. This can save time in pulling those kinds of images. There may be other reasons to exclude images from garbage collection. To do so, create /etc/docker-GC-exclude, or if you want the file to be read from elsewhere, set the EXCLUDE_FROM_GC environment variable to its location. This file can contain image name patterns (in the grep sense), one per line, such as Spotify/Cassandra: latest or it can contain image ids (truncated to the length shown in docker images which are 12.
An example image excludes file might contain:
There can also be containers (for example data only containers) which you would like to exclude from garbage collection. To do so, create /etc/docker-GC-exclude-containers, or if you want the file to be read from elsewhere, set the EXCLUDE_CONTAINERS_FROM_GC environment variable to its location. This file should contain name patterns (in the grep sense), one per line, such as MariaDB-data.
An example container excludes file might contain:
There can be occasions where you don’t want to remove a dangling volume. To enable this functionality you can create a file named /etc/docker-GC-exclude-volumes (or specify EXCLUDE_VOLUMES_IDS_FILE env var with any path for such file), containing name patterns (in the grep sense), one per line, of volumes that will be excluded from garbage collection.
By default, docker will not remove an image if it is tagged in multiple repositories. If you have a server running docker where this is the case, for example in CI environments where dockers are being built, re-tagged, and pushed, you can enable a force flag to override this default.
You might want to always keep a set of the most recent images for any repository. For example, if you are continually rebuilding an image during development you would want to clear out all but the most recent version of an image. To do so, set the MINIMUM_IMAGES_TO_SAVE=1 environment variable. You can preserve any count of the most recent images, e.g. save the most recent 10 with MINIMUM_IMAGES_TO_SAVE=10.
By default, if an error is encountered when cleaning up a container, Docker will report the error back and leave it on disk. This can sometimes lead to containers accumulating. If you run into this issue, you can force the removal of the container by setting the environment variable below:
By default, docker-GC will not remove a container if it existed less than 3600 seconds (1 hour) ago. In some cases, you might need to change this setting (e.g. you need exited containers to stick around for debugging for several days). Set the GRACE_PERIOD_SECONDS variable to override this default.
Tell us about a new Kubernetes application
Never miss a thing! Sign up for our newsletter to stay updated.
Discover and learn about everything Kubernetes