Cleaning Up Unused Docker Resources with Compose

Overview

On ECS EC2, I ran into a situation where some containers kept repeating a cycle of start → fail → start → fail,
which eventually caused the server to run out of capacity and hit no space left.

This post summarizes how I handled it at the time.

Deleting Unused Docker Resources

To delete unused Docker resources, you can run commands like the following.

// コンテナ削除
$ docker ps -aq | xargs docker rm

// イメージ削除
$ docker images -aq | xargs docker rmi

// タグ無しイメージ一括削除
$ docker volume ls -qf dangling=true | xargs docker volume rm

dangling … hanging down, dangling loosely

Using Spotify’s Cleanup Images

$ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /etc:/etc spotify/docker-gc
$ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker martin/docker-cleanup-volumes

Turning It into a docker-compose.yml

Putting this into docker-compose.yml format makes image management easier.

version: '2'

services:
  docker-gc:
    image: spotify/docker-gc
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc:/etc

  docker-cleanup-volumes:
    image: martin/docker-cleanup-volumes
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker:/var/lib/docker

Running a One-Off Container on ECS EC2 to Clean Up

ecs-cli compose \
        --debug \
        --project-name <project name> \
        --file docker-compose.yml \
    run \
        --cluster <cluster name> \
        --region ap-northeast-1 \
        --aws-profile <profile>

ToDo

I think we need to introduce a mechanism to scan for vulnerabilities in public containers we use for the first time.
I’d like to write up more on this topic in a future post.