-
各工作节点负责运行Pod对象,而Pod的核心功能用于运行容器,因此工作节点上必须配置容器引擎,如Dokcer、Containerd等,启动容器时,容器引擎将首先于本地查找指定的镜像文件,不存在的镜像则需要从指定的镜像仓库(Registry)下载至本地;
-
kubernetes支持用户自定义镜像文件的获取方式策略,例如在网络资源紧张的时候可以禁止从仓库中获取文件镜像等,容器的ImagePullPolicy字段用于为其指定镜像获取策略,可用值包括:
- IfNotPresent: 本地有镜像则使用本地镜像,本地不存在则拉取镜像;(默认值)
- Always: 每次都尝试拉取镜像;
- Never: 永不拉取,禁止从仓库下载镜像,如果本地镜像已经存在,kubelet会尝试启动容器,否则,启动失败;
-
官方文档: https://kubernetes.io/zh-cn/docs/concepts/containers/images/
-
我们可以通过explain来查看它的属性
imgaepullpolicy是容器级别的;
root@ks-master01-10:~# kubectl explain pod.spec.containers.imagePullPolicy
KIND: Pod
VERSION: v1
FIELD: imagePullPolicy <string>
DESCRIPTION:
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
- 示例说明;
root@ks-master01-10:~# cat tomcat-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat-test
namespace: default
spec:
containers:
- name: tomcat
image: tomcat:latest
imagePullPolicy: Always
root@ks-master01-10:~# kubectl apply -f tomcat-test.yaml
pod/tomcat-test created
- 现在Pod是正常状态;
root@ks-master01-10:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
tomcat-test 1/1 Running 0 87s
- 我们来看看详细描述;
定义了使用tomcat:latest镜像,其获取策略为Always,这就意味每次启动容器时,它都会从镜像仓库获取最新版本的镜像文件;
root@ks-master01-10:~# kubectl describe pods tomcat-test
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 82s default-scheduler Successfully assigned default/mysql-test to ks-node24-24
Normal Pulling 81s kubelet Pulling image "tomcat:latest"
Normal Pulled 45s kubelet Successfully pulled image "tomcat:latest" in 36.41152006s
Normal Created 45s kubelet Created container tomcat
Normal Started 45s kubelet Started container tomcat
- IfNotPresent
对于其他标签的镜像,其默认策略为IfNotPresent,需要注意的是,使用私有仓库中的镜像时通常需要由Registry服务器完成认证才能进行,认证过程要么需要在相关节点上交互执行docker login命令进行,要么就是将认证信息定义为secret资源,通过ImagePullSecrets字段来完成认证信息;
- 示例
root@ks-master01-10:~# cat httpdpod-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: httpd-testpod
namespace: default
spec:
containers:
- name: httpd
image: registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14
imagePullPolicy: IfNotPresent
root@ks-master01-10:~# kubectl apply -f httpdpod-test.yaml
pod/httpd-testpod created
来查看下详情;
为什么能拉取私有仓库的镜像,因为docker login认证过。没有认证的话拉取镜像的时候会Error;
root@ks-master01-10:~# kubectl describe pods httpd-testpod
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 4m28s default-scheduler Successfully assigned default/httpd-testpod to ks-node24-24
Normal Pulling 4m27s kubelet Pulling image "registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14"
Normal Pulled 4m24s kubelet Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/lengyuye/httpd:alpine3.14" in 3.56652979s
Normal Created 4m23s kubelet Created container httpd
Normal Started 4m23s kubelet Started container httpd
Pod运行正常;
root@ks-master01-10:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
httpd-testpod 1/1 Running 0 3m26s
标签:httpd,kubernetes,tomcat,Normal,拉取,ks,kubelet,镜像
From: https://www.cnblogs.com/xunweidezui/p/16600323.html