二、pod镜像拉取

1、镜像拉取策略
IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod 都会重新拉取一次镜像
Never:Pod 永远不会主动拉取这个镜像
注意:如果省略imagePullPolicy 镜像tag为 :latest 策略为always ,否则 策略为 IfNotPresent

配置:

apiVersion: v1
kind: Pod
metadata:
  name: foo
  namespace: awesomeapps
spec:
  containers:
  - name: foo
    image: janedoe/awesomeapp:v1
    imagePullPolicy: IfNotPresent  #配置拉取策略

2、镜像拉取权限
如果镜像仓库的拉取镜像权限需要登录,那么就需要配置才imagePullSecrets:能进行拉取
登录镜像仓库后,会生产一个/root/.docker/config.json配置文件:

[root@k8s-node04 ~]# docker login 10.16.8.152
[root@k8s-node04 ~]# cat .docker/config.json 
{
        "auths": {
                "10.16.8.152": {
                        "auth": "eHc6WGlhbmd3ZWkxMjM0NTY="
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.4 (linux)"
        }
}

把这个文件编码成一个base64的字符串:

[root@k8s-node04 ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxMC4xNi44LjE1MiI6IHsKCQkJImF1dGgiOiAiZUhjNldHbGhibWQzWldreE1qTTBOVFk9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy40IChsaW51eCkiCgl9Cn0=

在k8s中注册一个secert:

[root@k8s-master01-etcd01 yaml]# cat registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: registry-pull-secret
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xNi44LjE1MiI6IHsKCQkJImF1dGgiOiAiZUhjNldHbGhibWQzWldreE1qTTBOVFk9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4wIChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson

#注册secert

[root@k8s-master01-etcd01 yaml]# kubectl create -f registry-pull-secret.yaml 
secret/registry-pull-secret created

#查看 secret

[root@k8s-master01-etcd01 yaml]# kubectl get secrets 
NAME                   TYPE                                  DATA   AGE
default-token-6wrdx    kubernetes.io/service-account-token   3      3d6h
registry-pull-secret   kubernetes.io/dockerconfigjson        1      43s

在pod部署yaml中配置这个registry-pull-secret:

apiVersion: v1
kind: Pod
metadata:
  name: foo
  namespace: awesomeapps
spec:
  containers:
  - name: foo
    image: janedoe/awesomeapp:v1
 imagePullSecrets:
 - name: registry-pull-secret

 

posted @ 2019-11-29 15:03  xw115428  阅读(971)  评论(0编辑  收藏  举报