k8s expired mirror clean-up

Others 2020-03-05 20:51:06 views: null

With the release of the application, k8s environment will leave a lot of space mirrors expired, it is necessary to clean up automatically through the task.

crontab task can call the following script:

1. mirrored node cleanup

Delete dangling mirror

docker image prune -f

Delete the image containers, plus conditions: Founded 10 days ago, limited to the application image

docker image prune -a --force --filter "label=type=appimage" --filter "until=240h"

2.harbor image cleanup

Automatic garbage in the morning

Achieved by the following logic script:

  1. There tag container used, do not delete
  2. The newly created tag in each repository, do not delete
  3. Created less than a specified number of days, do not delete
  4. Other cases, delete
# more harbor_clear.py 
#!/usr/bin/python3

from __future__ import print_function
import time,datetime,pytz
from kubernetes import client
from kubernetes.client.rest import ApiException
from pprint import pprint
import pandas
import os,sys
from datetime import datetime
import requests, json
import ssl
import urllib3
urllib3.disable_warnings()

tag_keepdays = 7
harbor_url = "https://harbor.test.17of.com"
harbor_auth = ('admin','yourpassword')
api_server = "https://apiserverip:6443"
api_token = "yourtoken"
cert_file = "/root/.ca.crt"
logfile = "/root/harbor_clear/harbor_clear.log"

def mylog(str):
    with open(logfile,'a') as f:
        f.write(str)
        f.write("\n")

# 获取k8s集群中有容器使用的tag list
def get_taglist_inuse():

    configuration = client.Configuration()
    configuration.host = api_server
    configuration.verify_ssl=True
    configuration.debug = False
    configuration.api_key = {"authorization": "Bearer " + api_token}
    configuration.ssl_ca_cert = cert_file
    myclient = client.ApiClient(configuration)

    namespace = 'default'
    pretty = 'true'
    limit = 1000
    timeout_seconds = 100
    watch = 'false'

    v1 = client.AppsV1Api(myclient)
    ret = v1.list_namespaced_deployment(namespace, pretty=pretty, limit=limit, timeout_seconds=timeout_seconds, watch=watch)

    taglist = []
    for i in ret.items:
        taglist.append(i.spec.template.spec.containers[0].image.replace(harbor_url.split('//')[1]+"/",''))
    return taglist

# 获取harbor中的tag list
def get_taglist_inharbor():
    
    ## get project id list

    url = harbor_url + "/api/projects"
    resp = requests.get(url, auth=harbor_auth, verify=False)
    projdetaillist = resp.json()
    projidlist = []
    for i in range(len(projdetaillist)):
        if projdetaillist[i]["name"] != "baseimage":
            projidlist.append(projdetaillist[i]["project_id"])

    ## get repository list

    reponamelist = []
    url = harbor_url + "/api/repositories"
    for projid in projidlist:
        project_id = {'project_id':projid}
        resp = requests.get(url, params=project_id, auth=harbor_auth, verify=False)
        repodetaillist = resp.json()
        for repodetail in repodetaillist:
            reponamelist.append(repodetail["name"])

    ## get tag list

    nowtime = datetime.now()
    taglist = []
    for repo in reponamelist:
        url = harbor_url + "/api/repositories/" + repo + "/tags"
        resp = requests.get(url, auth=harbor_auth, verify=False)
        tagdetaillist = resp.json()
        for tagdetail in tagdetaillist:
            tagdic = {"reponame":repo, "name":tagdetail["name"], "created":tagdetail["created"]}
            taglist.append(tagdic)
    
    return(taglist)

# 在harbor中删除指定tag
# tag: {'reponame': 'dlmm/dlmm-inf', 'name': 'origin_release_v20190709.1', 'created': '2019-08-21T03:25:00.949639757Z'}
def delete_tag_inharbor(tag):
    tag_url = "/api/repositories/" + tag["reponame"] + "/tags/" + tag["name"]
    url = harbor_url + tag_url
    resp = requests.delete(url, auth=harbor_auth, verify=False)
    if resp.status_code == 200:
        mylog(datetime.now().strftime("%Y-%m-%d %H:%M:%S") + " delete_success " + tag["reponame"] + " " + tag["name"] + " " + tag["created"])
    else:
        mylog(datetime.now().strftime("%Y-%m-%d %H:%M:%S") + " delete_failed "  + tag["reponame"] + " " + tag["name"] + " " + tag["created"] + " " + str(resp))

tag_inuse = get_taglist_inuse()
tag_inharbor = get_taglist_inharbor()

df_harbor = pandas.DataFrame(tag_inharbor)
df_harbor_last = df_harbor.groupby(['reponame'])['created'].max().to_dict()

# 获取满足删除条件的tag list
tag_todelete = []
for tag in tag_inharbor:
    # 有容器使用的tag,不删
    if tag["reponame"] + ":" + tag["name"] in tag_inuse:
        continue
    # 各repository中的最新创建的tag,不删
    if tag["created"] == df_harbor_last[tag["reponame"]]:
        continue
    # 创建时间小于指定天数的,不删
    createtime = datetime.strptime(tag["created"].split("T")[0],"%Y-%m-%d")    
    if (datetime.now() - createtime).days < tag_keepdays:
        continue
    # 其他情况,删除
    tag_todelete.append(tag)

for tag in tag_todelete:
    delete_tag_inharbor(tag)

 

sdmei
Published 24 original articles · won praise 25 · views 20000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/sdmei/article/details/100746092
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com