Vinodh:
Hi team there was a question about deleting pods in a namespace which has high and critical vulnerabilities. I was trying to get the list of images used in all pods and issue trivy command to identify vulnerabilities. But this took more time. Is there a simple way to achieve this for saving time please?
Vinodh:
Hi @Tej Singh Rana, not sure exactly but I think more than 15 mins maybe. As I had to describe all pods to get the list of images and issue trivy command on all those images individually and then issue delete command on selected pods. I felt like there should be a command or two to achieve this task
Vinodh:
Hi @Tej Singh Rana, one more general question, i could see two workspaces http://kodekloud.slack.com|kodekloud.slack.com and http://kodekloudworkspace.slack.com|kodekloudworkspace.slack.com. Which one is latest and i need to use please?
Tej Singh Rana:
Hi @Vinodh,
You can try with custom-columns
,
root@controlplane:/# kubectl get po -n delta -o custom-columns='Pod Name:metadata.name','Image Name:spec.containers[*].image'
Pod Name Image Name
simple-webapp-1 kodekloud/webapp-delayed-start
simple-webapp-2 httpd:2-alpine
simple-webapp-3 nginx:1.16
simple-webapp-4 httpd:2.4.33
root@controlplane:/#
root@controlplane:/# cd
root@controlplane:~# #trivy image <IMAGE-NAME>
root@controlplane:~#
root@controlplane:~#
root@controlplane:~#
Tej Singh Rana:
Note down vulnerabilities count with the image in the notepad (In the official exam, you will get an inbuilt notepad as you have seen in the CKA exam)
Vinodh:
Thanks very much @Tej Singh Rana
unnivkn:
#get podname & imagename: (refer cheatsheet)
controlplane $ kubectl -n delta get pods -o=custom-columns=‘Name:spec.containers[].name,DATA:spec.containers[].image’
Name DATA
busyboxpod busybox
nginx nginx:latest
nginx-2 nginx:1.20.1
temp-pod nginx:1.21.1-alpine
controlplane $
$ trivy image busybox | grep -i CRITICAL
…
…
$ kubectl -n delta delete pod busyboxpod
$ kubectl -n delta delete pod nginx
$ kubectl -n delta delete pod temp-pod
Vinodh:
@Tej Singh Rana /@unnivkn: Thanks for your inputs above. Yes it took about 8 mins if I have 5 pods running in the namespace, provided i have all commands handy