Loading

kubernetes之镜像拉取策略ImagePullPolicy;

  1. 各工作节点负责运行Pod对象,而Pod的核心功能用于运行容器,因此工作节点上必须配置容器引擎,如Dokcer、Containerd等,启动容器时,容器引擎将首先于本地查找指定的镜像文件,不存在的镜像则需要从指定的镜像仓库(Registry)下载至本地;

  2. kubernetes支持用户自定义镜像文件的获取方式策略,例如在网络资源紧张的时候可以禁止从仓库中获取文件镜像等,容器的ImagePullPolicy字段用于为其指定镜像获取策略,可用值包括:

    • IfNotPresent: 本地有镜像则使用本地镜像,本地不存在则拉取镜像;(默认值)
    • Always: 每次都尝试拉取镜像,忽略容器运行时维护的所有本地缓存;
    • Never: 永不拉取,禁止从仓库下载镜像,如果本地镜像已经存在,kubelet会尝试启动容器,否则,启动失败;
  3. 官方文档: https://kubernetes.io/zh-cn/docs/concepts/containers/images/

  4. 我们可以通过explain来查看它的属性
    imgaepullpolicy是容器级别的;

root@ks-master01-10:~# kubectl explain pod.spec.containers.imagePullPolicy
KIND:     Pod
VERSION:  v1

FIELD:    imagePullPolicy <string>

DESCRIPTION:
     Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
     if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
     More info:
     https://kubernetes.io/docs/concepts/containers/images#updating-images
  1. 示例说明;
root@ks-master01-10:~#  cat tomcat-test.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: tomcat-test
  namespace: default
spec:
  containers:
  - name: tomcat
    image: tomcat:latest
    imagePullPolicy: Always

root@ks-master01-10:~# kubectl apply -f tomcat-test.yaml 
pod/tomcat-test created
  1. 现在Pod是正常状态;
root@ks-master01-10:~# kubectl get pods
NAME                          READY   STATUS    RESTARTS      AGE
tomcat-test                   1/1     Running   0             87s
  1. 我们来看看详细描述;
    定义了使用tomcat:latest镜像,其获取策略为Always,这就意味每次启动容器时,它都会从镜像仓库获取最新版本的镜像文件;
root@ks-master01-10:~# kubectl describe pods tomcat-test
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  82s   default-scheduler  Successfully assigned default/mysql-test to ks-node24-24
  Normal  Pulling    81s   kubelet            Pulling image "tomcat:latest"
  Normal  Pulled     45s   kubelet            Successfully pulled image "tomcat:latest" in 36.41152006s
  Normal  Created    45s   kubelet            Created container tomcat
  Normal  Started    45s   kubelet            Started container tomcat
  1. IfNotPresent
    对于其他标签的镜像,其默认策略为IfNotPresent,需要注意的是,使用私有仓库中的镜像时通常需要由Registry服务器完成认证才能进行,认证过程要么需要在相关节点上交互执行docker login命令进行,要么就是将认证信息定义为secret资源,通过ImagePullSecrets字段来完成认证信息;
  • 示例
root@ks-master01-10:~# cat httpdpod-test.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: httpd-testpod
  namespace: default
spec:
  containers:
  - name: httpd
    image: registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14
    imagePullPolicy: IfNotPresent

root@ks-master01-10:~# kubectl apply -f httpdpod-test.yaml 
pod/httpd-testpod created

来查看下详情;
为什么能拉取私有仓库的镜像,因为docker login认证过。没有认证的话拉取镜像的时候会Error;

root@ks-master01-10:~# kubectl describe pods httpd-testpod
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  4m28s  default-scheduler  Successfully assigned default/httpd-testpod to ks-node24-24
  Normal  Pulling    4m27s  kubelet            Pulling image "registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14"
  Normal  Pulled     4m24s  kubelet            Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14" in 3.56652979s
  Normal  Created    4m23s  kubelet            Created container httpd
  Normal  Started    4m23s  kubelet            Started container httpd

Pod运行正常;

root@ks-master01-10:~# kubectl get pods
NAME                          READY   STATUS    RESTARTS     AGE
httpd-testpod                 1/1     Running   0            3m26s
posted @ 2022-08-20 08:46  梨花海棠  阅读(2652)  评论(0编辑  收藏  举报