Document how to clean container registry and script to prune. (#5670)

apache · Jun 27, 2024 · 5696cb6 · 5696cb6
1 parent 39bfbb7
commit 5696cb6
Show file tree

Hide file tree

Showing 2 changed files with 139 additions and 0 deletions.
diff --git a/docs/modules/ROOT/pages/installation/registry/registry.adoc b/docs/modules/ROOT/pages/installation/registry/registry.adoc
@@ -56,6 +56,67 @@ This should be within the standard convention adopted by https://docs.docker.com
 
 NOTE: you can configure Camel K to use an insecure private registry. However, your Kubernetes cluster may not be able to https://github.com/apache/camel-k/issues/4720#issuecomment-1708228367[pull images from an insecure registry without proper configuration].
 
+[[pruning-registry]]
+== Pruning unused images from container registry
+
+Over time, while building integrations the produced images are stored in the container registry and it may become outdated and may require pruning old unused images.
+
+NOTE: Each container registry vendor can provide unique details about the pruning policy, check your vendor documentation.
+
+NOTE: This is an unsupported functionality, use at your own risk.
+
+It's recommended only to delete container images from container registry if the corresponding `Integration` or `IntegrationKit` doesn't exist anymore or has no expectation to be used. Then if you delete the container image, you should also delete corresponding `Integrationkit` custom resource object.
+
+Camel K materializes the Camel integration in one of the two kubernetes objects: `Deployment` or `CronJob`.
+
+You have to check if the `Integration` is running or scaled down to zero pods, which is the case for CronJobs or Knative deployments.
+
+Then, we can provide some general guide about how to inspect the Camel K objects to prune unused images.
+
+For this guide, we assume you are connected to the container registry with `docker login`.
+
+Step 1: List all Camel K container images, prefixed with `camel-k`
+
+```
+$ docker images |grep k-kit
+10.98.248.245/camel-k/camel-k-kit-cpth0mtf799b89lheon0  <none>  bd52ae6e32af   54 years ago    481MB
+10.98.248.245/camel-k/camel-k-kit-cptguntf799b89lheok0  <none>  b7f347193b3c   54 years ago    471MB
+10.98.248.245/camel-k/camel-k-kit-cptgv0tf799b89lheokg  <none>  8d2d963396ca   54 years ago    477MB
+10.98.248.245/camel-k/camel-k-kit-cpth0mtf799b89lheomg  <none>  dc11800ef203   54 years ago    481MB
+10.98.248.245/camel-k/camel-k-kit-cptgvd5f799b89lheol0  <none>  0bbdf20f2f49   54 years ago    479MB
+```
+
+Step 2: List the container images of the Camel K Integrations (don't print the sha256 digest)
+```
+$ kubectl get -A it -oyaml|grep 'image:'|sed 's/^\s*image: //g;s/@sha256.*//g'|sort|uniq
+10.98.248.245/camel-k/camel-k-kit-cptguntf799b89lheok0
+10.98.248.245/camel-k/camel-k-kit-cptgv0tf799b89lheokg
+10.98.248.245/camel-k/camel-k-kit-cptgvd5f799b89lheol0
+10.98.248.245/camel-k/camel-k-kit-cpth0mtf799b89lheon0
+```
+
+Step 3: Compare them and remove the container images and `IntegrationKit` from list 1 not found in list 2
+```
+docker rmi dc11800ef203
+kubectl delete ik/kit-cpth0mtf799b89lheomg
+```
+
+There is a https://github.com/apache/camel-k/blob/main/script/prune-camel-k-kit-images.sh[prune-camel-k-kit-images.sh] script to help you in this task. This script requires the following cli tools: `kubectl, comm, docker`.
+The script lists the dangling images from the container registry, it accepts two parameters with no arguments: `-v` (verbose) and `-p`  (prune images).
+
+An example of an execution:
+```
+$ prune-camel-k-kit-images.sh -p
+> Images from container registry, eligible for pruning.
+10.98.248.245/camel-k/camel-k-kit-cpth0mtf799b89lheom0
+
+> Delete Container Images
+integrationkit.camel.apache.org "kit-cpth0mtf799b89lheom0" deleted
+Untagged: 10.98.248.245/camel-k/camel-k-kit-cpth0mtf799b89lheom0@sha256:3857f8e331e50ded6529641e668de8781eb3cb7b881ea14b89cfc4f6b6e9d455
+Deleted: sha256:1015a6b18f164e9b086337e69a98e5850149c158cb778bac6059984756dc0528
+Deleted: sha256:2f0d224916e77654c4401f6fc4b1147a9a6e3ccf713213c38e877d7b939bab81
+```
+
 [[configuring-registry-list]]
 === Special container registry requirements
 We have some hints that can help you configuring on the most common platforms:

diff --git a/script/prune-camel-k-kit-images.sh b/script/prune-camel-k-kit-images.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# list and remove dangling camel-k kit images
+
+remove=0
+verbose=0
+while getopts "pv" opt; do
+  case "${opt}" in
+    v)
+      verbose=1
+      ;;
+    p)
+      remove=1
+      ;;
+    \?)
+      ;;
+  esac
+done
+shift $((OPTIND-1))
+
+file_images=$(mktemp)
+file_images_from_ints=$(mktemp)
+
+trap "rm -f $file_images $file_images_from_ints" SIGINT SIGTERM ERR EXIT
+
+IFS=''
+
+# images from container registry
+docker images |grep k-kit|awk '{print $1}'|sort|uniq > $file_images
+
+if [ $verbose -eq 1 ]; then
+    echo "> Images from container registry:"
+    cat $file_images
+    echo
+fi
+
+# images from integrations
+kubectl get -A it -oyaml|grep 'image:'|sed 's/^\s*image: //g;s/@sha256.*//g'|sort|uniq > $file_images_from_ints
+if [ $verbose -eq 1 ]; then
+    echo "> Images of Camel K Integrations"
+    cat $file_images_from_ints
+    echo
+fi
+
+# use comm utility to show only the images with no associated integration
+dangling=$(comm -3 $file_images $file_images_from_ints)
+if [ -z $dangling ] ; then
+    echo "> No dangling container images to prune."
+else
+    echo "> Images from container registry, eligible for pruning."
+    echo $dangling
+    if [ $remove -eq 1 ] ; then
+        echo
+        echo "> Delete Container Images"
+        echo $dangling|while read imgaddr; do
+            ns=$(echo $imgaddr|awk -F '/' '{print $2}');
+            kit=$(echo $imgaddr|awk -F '/' '{print $3}'|sed 's/camel-k-//g');
+            kubectl -n $ns delete ik/$kit
+            imgid=$(docker images|grep $imgaddr|awk '{print $3}')
+            docker rmi $imgid
+        done
+    fi
+fi