let’s say you have a security warning about specific k8s nodes from a security audit
we need to find out which docker images (and their possibly outdated version…) are running on a precise k8s node
let’s say we want to proceed node by node
first make sure you’re on the right cluster
kubectx
list nodes in that cluster
kubectl get nodes
list running pods on that node
node=... kubectl describe node $node | sed -n '/^Non-terminated Pods:/,$p'
get into the right namespace and show running pods on that node again
ns=... kubens $ns kubectl get pods -o wide | grep -E "[[:space:]]+$node[[:space:]]+"
finally show used image on a specific running pod
pod=... kubectl get pod $pod -o yaml | grep image: | sort -uV
or against all those pods altogether
pods=`kubectl get pods -o wide | grep -E "[[:space:]]+$node[[:space:]]+" | awk '{print $1}'`
for pod in $pods; do
kubectl get pod $pod -o yaml | grep image: | sort -uV
done; unset pod