Kubernetes之Pod镜像拉取策略配置
时间:2022-08-03 17:19:00 sitemap
1、默认的镜像拉取策略
1.1 镜像指定的标签是latest默认策略是每次下载更新
编辑pod-imagepullpolicy.yaml内容如下:
apiVersion: v1 kind: Namespace metadata: name: dev --- apiVersion: v1 kind: Pod metadata: name: pod-image-pull-policy namespace: dev labels: user: redrose2100 spec: containers: - name: nginx image: nginx:latest
使用以下命令创建
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml namespace/dev created pod/pod-image-pull-policy created [root@master pod]#
如下,查看pod的简要信息
[root@master pod]# kubectl get pod -n dev NAME READY STATUS RESTARTS AGE pod-image-pull-policy 1/1 Running 0 6m9s [root@master pod]#
下列命令查看pod在创建过程中,可以发现这里有下载镜像的操作
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev Name: pod-image-pull-policy Namespace: dev Priority: 0 Node: node2/192.168.16.42 Start Time: Mon, 21 Mar 2022 16:49:36 0800 Labels: user=redrose2100 Annotations: Status: Running IP: 10.244.2.25 IPs: IP: 10.244.2.25 Containers: nginx: Container ID: docker://1d0d85ef687c943c2413ef37ab5ac49a275268c22c250c01debf5319a18418cd Image: nginx:latest Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 Port: Host Port: State: Running Started: Mon, 21 Mar 2022 16:49:52 0800 Ready: True Restart Count: 0 Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wxz2x (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-wxz2x: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: true QoS Class: BestEffort Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 6m40s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2 Normal Pulling 6m40s kubelet Pulling image "nginx:latest" Normal Pulled 6m25s kubelet Successfully pulled image "nginx:latest" in 15.434915091s Normal Created 6m25s kubelet Created container nginx Normal Started 6m24s kubelet Started container nginx [root@master pod]#
使用下列命令删除
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml namespace "dev" deleted pod "pod-image-pull-policy" deleted [root@master pod]#
1.2 当镜像指定具体标签时,当地现有镜像默认使用
编辑pod-imagepullpolicy.yaml将镜像标签指定为具体值的文件,如下:
apiVersion: v1 kind: Namespace metadata: name: dev --- apiVersion: v1 kind: Pod metadata: name: pod-image-pull-policy namespace: dev labels: user: redrose2100 spec: containers: - name: nginx image: nginx:1.17.1
使用以下命令创建:
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml namespace/dev created pod/pod-image-pull-policy created [root@master pod]#
使用以下命令查询简短信息
[root@master pod]# kubectl get pod -n dev NAME READY STATUS RESTARTS AGE pod-image-pull-policy 1/1 Running 0 2m5s [root@master pod]#
从以下命令可以看出,这里没有下载镜像的操作,使用本机已经存在的镜像
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev Name: pod-image-pull-policy Namespace: dev Priority: 0 Node: node2/192.168.16.42 Start Time: Mon, 21 Mar 2022 17:02:22 0800 Labels: user=redrose2100 Annotations: Status: Running IP: 10.244.2.26 IPs: IP: 10.244.2.26 Containers: nginx: Container ID: docker://cce0ce987f105b9e4a6a331664b1e6cdb786795351a27d445ce07bd0b763bb30 Image: nginx:1.17.1 Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a73a967c03dbb
Port:
Host Port:
State: Running
Started: Mon, 21 Mar 2022 17:02:23 +0800
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gbs9h (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-gbs9h:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m49s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulled 2m48s kubelet Container image "nginx:1.17.1" already present on machine
Normal Created 2m48s kubelet Created container nginx
Normal Started 2m48s kubelet Started container nginx
[root@master pod]#
使用如下命令删除
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
二、自定义镜像拉取策略
2.1 指定每次都从远端仓库拉取镜像
编辑 pod-imagepullpolicy.yaml 文件,通过imagePullPolicy字段设置Always,即可设置每次都从仓库拉取镜像,这里镜像tag设置为1.17.1,如果默认的情况下是不会下载的,这里通过设置让它必须下载,yaml内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: Always
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
查看pod创建过程,如下,可以看到此时,镜像是重新下载的
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 51s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 17:52:46 +0800
Labels: user=redrose2100
Annotations:
Status: Running
IP: 10.244.2.27
IPs:
IP: 10.244.2.27
Containers:
nginx:
Container ID: docker://424550f7d6d4d8906bb9f955e143558a430f6e60083f0018291dbc1563c4c4bd
Image: nginx:1.17.1
Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Port:
Host Port:
State: Running
Started: Mon, 21 Mar 2022 17:53:02 +0800
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-5bg2f (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-5bg2f:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 68s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulling 68s kubelet Pulling image "nginx:1.17.1"
Normal Pulled 52s kubelet Successfully pulled image "nginx:1.17.1" in 15.387649503s
Normal Created 52s kubelet Created container nginx
Normal Started 52s kubelet Started container nginx
[root@master pod]#
使用如下命令删除资源
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
2.2 指定优先使用本机缓存的镜像,如果本地没有在从仓库拉取
编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置IfNotPresent,详细内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: IfNotPresent
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
使用如下命令查看,可以发现此时又不会去下载镜像,因为本机已经存在镜像了
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 1/1 Running 0 32s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 18:15:42 +0800
Labels: user=redrose2100
Annotations:
Status: Running
IP: 10.244.2.28
IPs:
IP: 10.244.2.28
Containers:
nginx:
Container ID: docker://f881c5d47ea7c396b2804bffbb3854e1f46ba27be2ba4a90fc39896cc5f49198
Image: nginx:1.17.1
Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Port:
Host Port:
State: Running
Started: Mon, 21 Mar 2022 18:15:43 +0800
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sqr77 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-sqr77:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 46s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Normal Pulled 45s kubelet Container image "nginx:1.17.1" already present on machine
Normal Created 45s kubelet Created container nginx
Normal Started 45s kubelet Started container nginx
[root@master pod]#
使用如下命令删除资源
[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#
2.3 指定只使用本机存在的镜像,如果本机不存在,则直接报错
编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置Never,详细内容如下:这里需要将镜像的tag值修改为一个本地不存在的,比如1.17.5
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: v1
kind: Pod
metadata:
name: pod-image-pull-policy
namespace: dev
labels:
user: redrose2100
spec:
containers:
- name: nginx
image: nginx:1.17.5
imagePullPolicy: Never
使用如下命令创建资源
[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#
通过如下命令查询,可以看出,此时因为本机没有此tag的镜像,因此直接失败了,而不会去仓库拉取
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-image-pull-policy 0/1 ErrImageNeverPull 0 35s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name: pod-image-pull-policy
Namespace: dev
Priority: 0
Node: node2/192.168.16.42
Start Time: Mon, 21 Mar 2022 18:19:57 +0800
Labels: user=redrose2100
Annotations:
Status: Pending
IP: 10.244.2.29
IPs:
IP: 10.244.2.29
Containers:
nginx:
Container ID:
Image: nginx:1.17.5
Image ID:
Port:
Host Port:
State: Waiting
Reason: ErrImageNeverPull
Ready: False
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-b5skf (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-b5skf:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 53s default-scheduler Successfully assigned dev/pod-image-pull-policy to node2
Warning ErrImageNeverPull 15s (x6 over 53s) kubelet Container image "nginx:1.17.5" is not present with pull policy of Never
Warning Failed 15s (x6 over 53s) kubelet Error: ErrImageNeverPull
[root@master pod]#