AI 助理
备案控制台
开发者社区 开发与运维 文章 正文

Kubernetes----Pod配置镜像拉取策略

2022-05-23 1290
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: Kubernetes----Pod配置镜像拉取策略

一、默认的镜像拉取策略

1.1 当镜像指定的标签是latest时,默认策略是每次都下载更新

编辑pod-imagepullpolicy.yaml 文件,内容如下:

apiVersion: v1
kind: Namespace
metadata:
  name: dev

---

apiVersion: v1
kind: Pod
metadata:
  name: pod-image-pull-policy
  namespace: dev
  labels:
    user: redrose2100
spec:
  containers:
  - name: nginx
    image: nginx:latest

使用如下命令创建

[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#

如下,查看pod的简要信息

[root@master pod]# kubectl get pod -n dev
NAME                    READY   STATUS    RESTARTS   AGE
pod-image-pull-policy   1/1     Running   0          6m9s
[root@master pod]#

如下命令查看pod创建的过程,可以发现这里有下载镜像的操作

[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name:         pod-image-pull-policy
Namespace:    dev
Priority:     0
Node:         node2/192.168.16.42
Start Time:   Mon, 21 Mar 2022 16:49:36 +0800
Labels:       user=redrose2100
Annotations:  <none>
Status:       Running
IP:           10.244.2.25
IPs:
  IP:  10.244.2.25
Containers:
  nginx:
    Container ID:   docker://1d0d85ef687c943c2413ef37ab5ac49a275268c22c250c01debf5319a18418cd
    Image:          nginx:latest
    Image ID:       docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 21 Mar 2022 16:49:52 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wxz2x (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-wxz2x:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  6m40s  default-scheduler  Successfully assigned dev/pod-image-pull-policy to node2
  Normal  Pulling    6m40s  kubelet            Pulling image "nginx:latest"
  Normal  Pulled     6m25s  kubelet            Successfully pulled image "nginx:latest" in 15.434915091s
  Normal  Created    6m25s  kubelet            Created container nginx
  Normal  Started    6m24s  kubelet            Started container nginx
[root@master pod]#

使用如下命令删除

[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#

1.2 当镜像指定的是具体标签时,默认采用本地已经存在的镜像

编辑pod-imagepullpolicy.yaml文件,将镜像标签指定为具体值,如下:

apiVersion: v1
kind: Namespace
metadata:
  name: dev

---

apiVersion: v1
kind: Pod
metadata:
  name: pod-image-pull-policy
  namespace: dev
  labels:
    user: redrose2100
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1

使用如下命令创建:

[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#

使用如下命令查询简要信息

[root@master pod]# kubectl get pod -n dev
NAME                    READY   STATUS    RESTARTS   AGE
pod-image-pull-policy   1/1     Running   0          2m5s
[root@master pod]#

通过如下命令可以看到,这里没有下载镜像的操作,使用的本机已经存在的镜像

[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name:         pod-image-pull-policy
Namespace:    dev
Priority:     0
Node:         node2/192.168.16.42
Start Time:   Mon, 21 Mar 2022 17:02:22 +0800
Labels:       user=redrose2100
Annotations:  <none>
Status:       Running
IP:           10.244.2.26
IPs:
  IP:  10.244.2.26
Containers:
  nginx:
    Container ID:   docker://cce0ce987f105b9e4a6a331664b1e6cdb786795351a27d445ce07bd0b763bb30
    Image:          nginx:1.17.1
    Image ID:       docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 21 Mar 2022 17:02:23 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gbs9h (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-gbs9h:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  2m49s  default-scheduler  Successfully assigned dev/pod-image-pull-policy to node2
  Normal  Pulled     2m48s  kubelet            Container image "nginx:1.17.1" already present on machine
  Normal  Created    2m48s  kubelet            Created container nginx
  Normal  Started    2m48s  kubelet            Started container nginx
[root@master pod]#

使用如下命令删除

[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#

二、自定义镜像拉取策略

2.1 指定每次都从远端仓库拉取镜像

编辑 pod-imagepullpolicy.yaml 文件,通过imagePullPolicy字段设置Always,即可设置每次都从仓库拉取镜像,这里镜像tag设置为1.17.1,如果默认的情况下是不会下载的,这里通过设置让它必须下载,yaml内容如下:

apiVersion: v1
kind: Namespace
metadata:
  name: dev

---

apiVersion: v1
kind: Pod
metadata:
  name: pod-image-pull-policy
  namespace: dev
  labels:
    user: redrose2100
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    imagePullPolicy: Always

使用如下命令创建资源

[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#

查看pod创建过程,如下,可以看到此时,镜像是重新下载的

[root@master pod]# kubectl get pod -n dev
NAME                    READY   STATUS    RESTARTS   AGE
pod-image-pull-policy   1/1     Running   0          51s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name:         pod-image-pull-policy
Namespace:    dev
Priority:     0
Node:         node2/192.168.16.42
Start Time:   Mon, 21 Mar 2022 17:52:46 +0800
Labels:       user=redrose2100
Annotations:  <none>
Status:       Running
IP:           10.244.2.27
IPs:
  IP:  10.244.2.27
Containers:
  nginx:
    Container ID:   docker://424550f7d6d4d8906bb9f955e143558a430f6e60083f0018291dbc1563c4c4bd
    Image:          nginx:1.17.1
    Image ID:       docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 21 Mar 2022 17:53:02 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-5bg2f (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-5bg2f:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  68s   default-scheduler  Successfully assigned dev/pod-image-pull-policy to node2
  Normal  Pulling    68s   kubelet            Pulling image "nginx:1.17.1"
  Normal  Pulled     52s   kubelet            Successfully pulled image "nginx:1.17.1" in 15.387649503s
  Normal  Created    52s   kubelet            Created container nginx
  Normal  Started    52s   kubelet            Started container nginx
[root@master pod]#

使用如下命令删除资源

[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#

2.2 指定优先使用本机缓存的镜像,如果本地没有在从仓库拉取

编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置IfNotPresent,详细内容如下:

apiVersion: v1
kind: Namespace
metadata:
  name: dev

---

apiVersion: v1
kind: Pod
metadata:
  name: pod-image-pull-policy
  namespace: dev
  labels:
    user: redrose2100
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    imagePullPolicy: IfNotPresent

使用如下命令创建资源

[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#

使用如下命令查看,可以发现此时又不会去下载镜像,因为本机已经存在镜像了

[root@master pod]# kubectl get pod -n dev
NAME                    READY   STATUS    RESTARTS   AGE
pod-image-pull-policy   1/1     Running   0          32s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name:         pod-image-pull-policy
Namespace:    dev
Priority:     0
Node:         node2/192.168.16.42
Start Time:   Mon, 21 Mar 2022 18:15:42 +0800
Labels:       user=redrose2100
Annotations:  <none>
Status:       Running
IP:           10.244.2.28
IPs:
  IP:  10.244.2.28
Containers:
  nginx:
    Container ID:   docker://f881c5d47ea7c396b2804bffbb3854e1f46ba27be2ba4a90fc39896cc5f49198
    Image:          nginx:1.17.1
    Image ID:       docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 21 Mar 2022 18:15:43 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sqr77 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-sqr77:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  46s   default-scheduler  Successfully assigned dev/pod-image-pull-policy to node2
  Normal  Pulled     45s   kubelet            Container image "nginx:1.17.1" already present on machine
  Normal  Created    45s   kubelet            Created container nginx
  Normal  Started    45s   kubelet            Started container nginx
[root@master pod]#

使用如下命令删除资源

[root@master pod]# kubectl delete -f pod-imagepullpolicy.yaml
namespace "dev" deleted
pod "pod-image-pull-policy" deleted
[root@master pod]#

2.3 指定只使用本机存在的镜像,如果本机不存在,则直接报错

编辑 pod-imagepullpolicy.yaml 文件,通过将imagePullPolicy字段设置Never,详细内容如下:这里需要将镜像的tag值修改为一个本地不存在的,比如1.17.5

apiVersion: v1
kind: Namespace
metadata:
  name: dev

---

apiVersion: v1
kind: Pod
metadata:
  name: pod-image-pull-policy
  namespace: dev
  labels:
    user: redrose2100
spec:
  containers:
  - name: nginx
    image: nginx:1.17.5
    imagePullPolicy: Never

使用如下命令创建资源

[root@master pod]# kubectl apply -f pod-imagepullpolicy.yaml
namespace/dev created
pod/pod-image-pull-policy created
[root@master pod]#

通过如下命令查询,可以看出,此时因为本机没有此tag的镜像,因此直接失败了,而不会去仓库拉取

[root@master pod]# kubectl get pod -n dev
NAME                    READY   STATUS              RESTARTS   AGE
pod-image-pull-policy   0/1     ErrImageNeverPull   0          35s
[root@master pod]# kubectl describe pod pod-image-pull-policy -n dev
Name:         pod-image-pull-policy
Namespace:    dev
Priority:     0
Node:         node2/192.168.16.42
Start Time:   Mon, 21 Mar 2022 18:19:57 +0800
Labels:       user=redrose2100
Annotations:  <none>
Status:       Pending
IP:           10.244.2.29
IPs:
  IP:  10.244.2.29
Containers:
  nginx:
    Container ID:
    Image:          nginx:1.17.5
    Image ID:
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ErrImageNeverPull
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-b5skf (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kube-api-access-b5skf:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason             Age                From               Message
  ----     ------             ----               ----               -------
  Normal   Scheduled          53s                default-scheduler  Successfully assigned dev/pod-image-pull-policy to node2
  Warning  ErrImageNeverPull  15s (x6 over 53s)  kubelet            Container image "nginx:1.17.5" is not present with pull policy of Never
  Warning  Failed             15s (x6 over 53s)  kubelet            Error: ErrImageNeverPull
[root@master pod]#
文章标签:
容器服务Kubernetes版
Perl
缓存
关键词:
容器服务Kubernetes版镜像
容器服务Kubernetes版策略
容器服务Kubernetes版配置镜像
容器服务Kubernetes版配置
相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
redrose2100
目录
相关文章
游客j4mujezz7vm7y
|
4月前
|
JSON Kubernetes API
深入理解Kubernetes配置:编写高效的YAML文件
深入理解Kubernetes配置:编写高效的YAML文件
游客j4mujezz7vm7y
206 4
小陈运维
|
2月前
|
运维 Kubernetes 数据安全/隐私保护
K8S 拉取私有仓库镜像
在Kubernetes中从私有仓库拉取镜像时,需先创建包含认证信息的Secret,然后在Pod或Deployment中引用此Secret。本文通过具体步骤演示了如何创建Secret、更新Kubernetes资源配置文件以引用Secret,并验证了镜像拉取及应用运行的成功。
小陈运维
109 6
阿里云基础设施.
|
2月前
|
存储 运维 Kubernetes
K8s业务迁移最佳实践: 灵活管理资源备份与调整策略,实现高效简便的应用恢复
在当今快速变化的云原生领域,Kubernetes(K8s)集群的运维面临着诸多挑战,其中灾备与业务迁移尤为关键。ACK备份中心支持丰富的资源调整策略,在数据恢复阶段即可自动适配目标集群环境,确保业务无缝重启。
阿里云基础设施.
81 4
有路有乔-六月
|
2月前
|
Kubernetes 监控 Java
如何在Kubernetes中配置镜像和容器的定期垃圾回收
如何在Kubernetes中配置镜像和容器的定期垃圾回收
有路有乔-六月
59 0
有路有乔-六月
|
2月前
|
Kubernetes 监控 Java
如何设置 Kubernetes的垃圾回收策略为定期
如何设置 Kubernetes的垃圾回收策略为定期
有路有乔-六月
46 0
代码bug生产队
|
2月前
|
Kubernetes Java 调度
Kubernetes中的Pod垃圾回收策略是什么
Kubernetes中的Pod垃圾回收策略是什么
代码bug生产队
89 0
爱吃龙利鱼
|
3月前
|
Kubernetes 应用服务中间件 nginx
k8s学习--kubernetes服务自动伸缩之水平收缩(pod副本收缩)VPA策略应用案例
k8s学习--kubernetes服务自动伸缩之水平收缩(pod副本收缩)VPA策略应用案例
爱吃龙利鱼
75 1
尹正杰
|
4月前
|
Kubernetes 网络虚拟化 Docker
K8S镜像下载报错解决方案(使用阿里云镜像去下载kubeadm需要的镜像文件)
文章提供了一个解决方案,用于在无法直接访问Google镜像仓库的情况下,通过使用阿里云镜像来下载kubeadm所需的Kubernetes镜像。
尹正杰
476 4
K8S镜像下载报错解决方案(使用阿里云镜像去下载kubeadm需要的镜像文件)
尹正杰
|
4月前
|
Kubernetes 安全 API
Kubernetes系统安全-授权策略(authorization policy)
文章主要介绍了Kubernetes系统中的授权策略,包括授权模块的概述、RBAC授权模块的详细说明以及如何创建和管理角色(Role)和集群角色(ClusterRole)。
尹正杰
68 0
Kubernetes系统安全-授权策略(authorization policy)
游客mldfis24krfue
|
5月前
|
Kubernetes Docker Perl
在K8S中,如果是因为开发写的镜像问题导致pod起不来该怎么排查?
在K8S中,如果是因为开发写的镜像问题导致pod起不来该怎么排查?
游客mldfis24krfue
112 2

热门文章

最新文章

  • 1
    《docker高级篇(大厂进阶):7.Docker容器监控之CAdvisor+InfluxDB+Granfana》包括:原生命令、是什么、compose容器编排,一套带走
  • 2
    二进制安装Kubernetes(k8s)v1.32.0
  • 3
    《docker高级篇(大厂进阶):5.Docker-compose容器编排》包括是什么能干嘛去哪下、Compose核心概念、Compose使用三个步骤、Compose常用命令、Compose编排微服务
  • 4
    K8S 拉取私有仓库镜像
  • 5
    《docker高级篇(大厂进阶):5.Docker-compose容器编排》包括是什么能干嘛去哪下、Compose核心概念、Compose使用三个步骤、Compose常用命令、Compose编排微服务
  • 6
    阿里云 ACK FinOps成本优化最佳实践
  • 7
    阿里云 ACK 高可用稳定性最佳实践
  • 8
    云原生入门与实践:Kubernetes的简易部署
  • 9
    赋能加速AI应用交付,F5 BIG-IP Next for Kubernetes方案解读
  • 10
    阿里云ACK容器服务生产级可观测体系建设实践
  • 1
    Kubernetes学习-深入Pod篇(一) 创建Pod,Pod配置文件详解
    684
  • 2
    Kubernetes学习-集群搭建篇(三) Node配置完善和API概述
    90
  • 3
    Kubernetes学习-集群搭建篇(二) 部署Node服务,启动JNI网络插件
    347
  • 4
    Kubernetes学习-集群搭建篇(一) 搭建Master结点
    199
  • 5
    Kubernetes学习-核心概念篇(三) 核心概念和专业术语
    133
  • 6
    Kubernetes详解(九)——资源配置清单创建Pod实战
    130
  • 7
    Kubernetes详解(七)——Service对象部署和应用
    83
  • 8
    Kubernetes 集群的持续监控与性能优化策略
    141
  • 9
    Kubernetes详解(六)——Pod对象部署和应用
    133
  • 10
    Kubernetes详解(五)——Kubernetes核心对象
    104

    • 相关课程

    更多
  • 阿里云 EMR on ACK 实战
  • 阿里云K8S微服务部署案例
  • Kubernetes极速入门
  • Serverless 容器从入门到精通: - Serverless Kubernetes
  • Kubernetes云原生管理实践
  • Kubernetes入门

    • 相关电子书

    更多
  • ACK 云原生弹性方案—云原生时代的加速器
  • ACK集群类型选择最佳实践
  • 企业运维之云原生和Kubernetes 实战

    • 相关实验场景

    更多
  • 在ACK Serverless中部署Stable Diffusion应用
  • 通过容器镜像仓库与容器服务快速部署spring-hello应用
  • 使用ACK Serverless容器化部署大语言模型FastChat
  • 通过EDAS实现K8s微服务应用的金丝雀发布
  • 基于ACK Serverless轻松部署企业级Stable Diffusion
  • 容器中的volume卷

    • 推荐镜像

    更多
  • kubernetes
  • CloudFoundry
  • pouch
    • 下一篇
    阿里云无影云电脑免费试用,最长可试用3个月