How can I get the image ID (the docker sha256 hash) of a image / container within a Kubernetes deployment?
Asked
Active
Viewed 3.0k times
28
-
1Kubernetes identifies the container by `k8s_
_ – ichbinblau Aug 10 '17 at 13:34_ _ `. That is pretty much enough to identify a container by service name, pod name and it namespace. So you can get the ID of a container by `sudo docker ps -a -q --no-trunc --filter="name=k8s_ _ _ "`. eg. `sudo docker ps -a -q --no-trunc --filter="name=k8s_admin-dashboard_admin-dashboard-1561008181-554pw_default"`
4 Answers
37
Something like this will do the trick (you must have jq installed):
$ kubectl get pod --namespace=xx yyyy -o json | jq '.status.containerStatuses[] | { "image": .image, "imageID": .imageID }'
{
"image": "nginx:latest",
"imageID": "docker://sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448"
}
{
"image": "eu.gcr.io/zzzzzzz/php-fpm-5:latest",
"imageID": "docker://sha256:6ba3fe274b6110d7310f164eaaaaaaaaaa707a69df7324a1a0817fe3b475566a"
}
Janos Lenart
- 25,074
- 5
- 73
- 75
-
1I love `jq`; as an additional trick (since the poster asked specifically about the sha) if your version of `jq` is new enough: `{the_sha: .imageID|capture("docker://(?
sha256.+)").s}`, or you can use `match("docker://(sha256.+)").captures[0].string` in older versions; finally, in the specific example you used, `jq` is ecma5-esque in that if your dest key and source key are named the same, the syntax `{image, imageID}` will do what you think– mdaniel Aug 11 '17 at 04:33 -
1oh, and as much as I love `jq`, don't forget that `kubectl` has two different output templating languages, so if you _only_ have `kubectl`, it'll be hella verbose but you can use `-o go-template='{{a ton of text here}}'` or `-o jsonpath='more text with bizarre syntax'` – mdaniel Aug 11 '17 at 04:36
-
5Seems the JSON has changed with the newest version. The following seems to work instead now: `kubectl get pods -o json | jq '.items[] .status.containerStatuses[] | { "image": .image, "imageID": .imageID }'` – Chris Stryczynski Mar 06 '20 at 15:46
23
An example without jq usage.
Using jsonpath:
kubectl get pods $YOUR_POD_NAME -o jsonpath="{..imageID}"
Using go-templates
kubectl get pods $YOUR_POD_NAME -o go-template --template="{{ range .status.containerStatuses }}{{ .imageID }}{{end}}"
Andrew
- 3,912
- 17
- 28
-
1Why was this downvoted? Works like a charm and much better than with jq – Mr. Developerdude Feb 20 '20 at 23:29
-
I think it's because i misread question and my answer haven't provided a hash, only full image name. Thanks to @evan, i corrected my answer and removed go-templates part, since its not possible to get hash info from it. – Andrew Feb 25 '20 at 13:16
-
actually, after rereading Janos answer i came with go-templates solution as well, so it's back :D – Andrew Feb 25 '20 at 13:23
-
5
Right way to do this:
kubectl get pods --all-namespaces -o jsonpath="{.items[*].status.containerStatuses[*].imageID}" | tr -s '[[:space:]]' '\n' | sort | uniq -c
leogps
- 894
- 7
- 6
0
The simplest one to use is:
For getting images SHA value of all the pods in a single namespace:
kubectl get pods -n <your-namespace> -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'
For getting images SHA value of all the pods in all the namespace:
kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'
rbashish
- 2,073
- 2
- 24
- 35