NSEnter into a docker container

enter_docker.sh

#!/bin/bash

CONTAINER_NAME="$1"

exec nsenter --target $(
  docker inspect --format "{{.State.Pid}}" $(
    docker ps -q --filter name="${CONTAINER_NAME}"
  )
) --mount --uts --ipc --net --pid

Count file descriptors in all docker containers

for CID in $(docker ps -q); do
 echo -n "${CID}: "
 nsenter --target $(
    docker inspect --format {{.State.Pid}} $CID
  ) --uts --ipc --net --pid --mount sh -c 'ls /proc/*/fd \
| grep -v -e : -e ^\$ \
| wc -l';
done

note: doesn't work for single-binary containers, e.g. many standalone go binaries are distributed without /bin/sh.

We should probably check fds against limit per process. Something like.

for p in /proc/[0-9]*; do
	fds="$(ls $p/fd | wc -l)"
	limit="$(sed -n 's/Max open files/max_open_files/p' /proc/1/limits | awk '{print $2}')"
	printf 'Pid: %s fds: %s limit: %s Used: %f\n' "$p" "$fds" "$limit" "$((fds/limit*100))"
done

Maybe track the maximum percentage in a container?