Kubernetes之Pod镜像拉取策略配置
Posted 爱上口袋的天空
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Kubernetes之Pod镜像拉取策略配置相关的知识,希望对你有一定的参考价值。
一、默认的镜像拉取策略
1.1 当镜像指定的标签是latest时,默认策略是每次都下载更新
编辑pod-imagepullpolicy.yaml 文件,内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:latest
使用如下命令创建
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
如下,查看pod的简要信息
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 6m9s
[root@master pod]#
如下命令查看pod创建的过程,可以发现这里有下载镜像的操作
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 16:49:36 +0800
Labels: user=redrose2100
Annotations: <none>
Status: Running
IP: 10.244.2.25
IPs:
IP: 10.244.2.25
Containers:
nginx:
Container ID: docker://1d0d85ef687c943c2413ef37ab5ac49a275268c22c250c01debf5319a18418cd
Image: nginx:latest
Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 21 Mar 2022 16:49:52 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wxz2x (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-wxz2x:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6m40s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulling 6m40s kubelet Pulling image "nginx:latest"
Normal Pulled 6m25s kubelet Successfully pulled image "nginx:latest" in 15.434915091s
Normal Created 6m25s kubelet Created container nginx
Normal Started 6m24s kubelet Started container nginx
[root@master pod]#
使用如下命令删除
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
1.2 当镜像指定的是具体标签时,默认采用本地已经存在的镜像
编辑pod-imagepullpolicy.yaml文件,将镜像标签指定为具体值,如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.1
使用如下命令创建:
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
使用如下命令查询简要信息
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 2m5s
[root@master pod]#
通过如下命令可以看到,这里没有下载镜像的操作,使用的本机已经存在的镜像
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 17:02:22 +0800
Labels: user=redrose2100
Annotations: <none>
Status: Running
IP: 10.244.2.26
IPs:
IP: 10.244.2.26
Containers:
nginx:
Container ID: docker://cce0ce987f105b9e4a6a331664b1e6cdb786795351a27d445ce07bd0b763bb30
Image: nginx:1.17.1
Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 21 Mar 2022 17:02:23 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gbs9h (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-gbs9h:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m49s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulled 2m48s kubelet Container image "nginx:1.17.1" already present on machine
Normal Created 2m48s kubelet Created container nginx
Normal Started 2m48s kubelet Started container nginx
[root@master pod]#
使用如下命令删除
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
二、自定义镜像拉取策略
2.1 指定每次都从远端仓库拉取镜像
编辑 pod-imagepullpolicy.yaml 文件,通过imagePullPolicy字段设置Always,即可设置每次都从仓库拉取镜像,这里镜像tag设置为1.17.1,如果默认的情况下是不会下载的,这里通过设置让它必须下载,yaml内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: Always
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
查看pod创建过程,如下,可以看到此时,镜像是重新下载的
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 51s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 17:52:46 +0800
Labels: user=redrose2100
Annotations: <none>
Status: Running
IP: 10.244.2.27
IPs:
IP: 10.244.2.27
Containers:
nginx:
Container ID: docker://424550f7d6d4d8906bb9f955e143558a430f6e60083f0018291dbc1563c4c4bd
Image: nginx:1.17.1
Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 21 Mar 2022 17:53:02 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-5bg2f (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-5bg2f:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 68s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulling 68s kubelet Pulling image "nginx:1.17.1"
Normal Pulled 52s kubelet Successfully pulled image "nginx:1.17.1" in 15.387649503s
Normal Created 52s kubelet Created container nginx
Normal Started 52s kubelet Started container nginx
[root@master pod]#
使用如下命令删除资源
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
2.2 指定优先使用本机缓存的镜像,如果本地没有在从仓库拉取
编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置IfNotPresent,详细内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: IfNotPresent
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
使用如下命令查看,可以发现此时又不会去下载镜像,因为本机已经存在镜像了
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 32s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 18:15:42 +0800
Labels: user=redrose2100
Annotations: <none>
Status: Running
IP: 10.244.2.28
IPs:
IP: 10.244.2.28
Containers:
nginx:
Container ID: docker://f881c5d47ea7c396b2804bffbb3854e1f46ba27be2ba4a90fc39896cc5f49198
Image: nginx:1.17.1
Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 21 Mar 2022 18:15:43 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sqr77 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-sqr77:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 46s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulled 45s kubelet Container image "nginx:1.17.1" already present on machine
Normal Created 45s kubelet Created container nginx
Normal Started 45s kubelet Started container nginx
[root@master pod]#
使用如下命令删除资源
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
2.3 指定只使用本机存在的镜像,如果本机不存在,则直接报错
编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置Never,详细内容如下:这里需要将镜像的tag值修改为一个本地不存在的,比如1.17.5
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.5
imagePullPolicy: Never
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
通过如下命令查询,可以看出,此时因为本机没有此tag的镜像,因此直接失败了,而不会去仓库拉取
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 0/1 ErrImageNeverPull 0 35s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 18:19:57 +0800
Labels: user=redrose2100
Annotations: <none>
Status: Pending
IP: 10.244.2.29
IPs:
IP: 10.244.2.29
Containers:
nginx:
Container ID:
Image: nginx:1.17.5
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: ErrImageNeverPull
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-b5skf (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-b5skf:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 53s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Warning ErrImageNeverPull 15s (x6 over 53s) kubelet Container image "nginx:1.17.5" is not present with pull policy of Never
Warning Failed 15s (x6 over 53s) kubelet Error: ErrImageNeverPull
[root@master pod]#
以上是关于Kubernetes之Pod镜像拉取策略配置的主要内容,如果未能解决你的问题,请参考以下文章
Docker&Kubernetes ❀ Kubernetes集群资源Pod资源配置清单