Solved: Container image cleaning

bfaller · ‎Mar 09, 2022

Since agent requires a running container to gather inventory, installed container images without live container are not gathered by the agent. Nevertheless, if these containers images was gathered on the past, there are in the database.

My question is how to know if the container images are still here or have been deleted on the host ?

I think that all containers images are kept. And FNMS users have no way to clean them with UI.

tmullin · ‎Mar 10, 2022

Hi bfaller,

There are two different sets of inventory data collected for containers. Software inventory from the container, which requires a running container, and data about the currently existing images/containers from the Docker/Kubernetes API. As long as the host still exists, we will continue to collect information about which images and containers are present on that device.

The software inventory we collect from a container to represent an image will always exist in the database once we've received it. However, it's ignored unless we also see that the image is actually currently deployed somewhere. If not, it is not imported by the inventory import process and you won't see any trace of it in the UI.

The second set of inventory we collect from the Docker/Kubernetes API will always represent the current state of containers and images. So if an image is no longer present on a host, as long as you're still receiving regular inventory from that host then you will see the image disappear from that host on the All Containers page in the UI. If the host no longer exists and you aren't receiving any updated inventory from it and want to manually remove the data, deleting the host from the All Inventory page will also remove the associated container inventory.

View solution in original post

tmullin · ‎Mar 10, 2022

Hi bfaller,

There are two different sets of inventory data collected for containers. Software inventory from the container, which requires a running container, and data about the currently existing images/containers from the Docker/Kubernetes API. As long as the host still exists, we will continue to collect information about which images and containers are present on that device.

The software inventory we collect from a container to represent an image will always exist in the database once we've received it. However, it's ignored unless we also see that the image is actually currently deployed somewhere. If not, it is not imported by the inventory import process and you won't see any trace of it in the UI.

The second set of inventory we collect from the Docker/Kubernetes API will always represent the current state of containers and images. So if an image is no longer present on a host, as long as you're still receiving regular inventory from that host then you will see the image disappear from that host on the All Containers page in the UI. If the host no longer exists and you aren't receiving any updated inventory from it and want to manually remove the data, deleting the host from the All Inventory page will also remove the associated container inventory.