概述
在 Kubernetes(K8s)里,容器镜像拉取策略(ImagePullPolicy)决定了 K8s 在创建或重启 Pod 时,如何处理容器镜像的拉取操作。这一策略能够确保使用的镜像始终是最新的,或者使用本地已有的镜像以提升部署效率。
可以使用kubectl explain pod.spec.containers.imagePullPolicy查看资源的详细文档:
示例:
[root@master01 ~]# kubectl explain pod.spec.containers.imagePullPolicy
KIND: Pod
VERSION: v1
FIELD: imagePullPolicy <string>
DESCRIPTION:
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
Possible enum values:
- `"Always"` means that kubelet always attempts to pull the latest image.
Container will fail If the pull fails.
- `"IfNotPresent"` means that kubelet pulls if the image isn't present on
disk. Container will fail if the image isn't present and the pull fails.
- `"Never"` means that kubelet never pulls an image, but only uses a local
image. Container will fail if the image isn't present通过文档可以发现,镜像拉取策略有三个类型,分别是Always、IfNotPresent、Never
也可以通过官方文档来查看:https://kubernetes.io/docs/concepts/containers/images#updating-images
镜像拉取策略分类详解
Never
Never表示永不拉取镜像,kubelet 不会尝试获取镜像。如果镜像已经以某种方式存在本地, kubelet 会尝试启动容器;否则,会启动失败。
示例:
[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-tomcat
spec:
containers:
- name: container-tomcat
image: tomcat:8.0
# 指定镜像拉取策略为Never
imagePullPolicy: Never
ports:
- name: http
containerPort: 8080
# 创建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created
# 查看pod
[root@master01 ~/pod]# kubectl get po pod-tomcat
NAME READY STATUS RESTARTS AGE
pod-tomcat 0/1 ErrImageNeverPull 0 111s
# 查看详情,发现并没有拉取镜像
[root@master01 ~/pod]# kubectl describe po pod-tomcat
Name: pod-tomcat
...省略万字内容
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m7s default-scheduler Successfully assigned default/pod-tomcat to node02
Normal SandboxChanged 2m5s kubelet Pod sandbox changed, it will be killed and re-created.
Warning ErrImageNeverPull 25s (x12 over 2m6s) kubelet Container image "tomcat:8.0" is not present with pull policy of Never
Warning Failed 25s (x12 over 2m6s) kubelet Error: ErrImageNeverPullIfNotPresent
如果本地有镜像就使用本地的,如果没有就去远程仓库拉取
示例:
[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-tomcat
spec:
containers:
- name: container-tomcat
image: tomcat:8.0
# 指定镜像拉取策略为IfNotPresent
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
# 创建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created
# 查看pod
[root@master01 ~/pod]# kubectl get pod pod-tomcat
NAME READY STATUS RESTARTS AGE
pod-tomcat 1/1 Running 0 43s
#查看pod详情
[root@master01 ~/pod]# kubectl describe pod pod-tomcat
Name: pod-tomcat
Namespace: default
##...省略万字内容
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 64s default-scheduler Successfully assigned default/pod-tomcat to node02
Normal Pulling 63s kubelet Pulling image "tomcat:8.0"
Normal Pulled 23s kubelet Successfully pulled image "tomcat:8.0" in 40.129798231s (40.129811976s including waiting)
Normal Created 23s kubelet Created container container-tomcat
Normal Started 23s kubelet Started container container-tomcatAlways
如果本地有镜像,则对比本地镜像和远程仓库的摘要信息,若相同则使用本地缓存,若不同则重新拉取镜像。
如果本地没有镜像,则无需对比摘要信息,直接拉取镜像。
示例:
[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-tomcat
spec:
containers:
- name: container-tomcat
# 镜像更改为latest
image: tomcat:latest
# 指定镜像拉取策略为Always
imagePullPolicy: Always
ports:
- name: http
containerPort: 8080
# 创建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created
#查看pod
[root@master01 ~/pod]# kubectl get pod pod-tomcat
NAME READY STATUS RESTARTS AGE
pod-tomcat 1/1 Running 0 4m53s
# 查看pod详情
[root@master01 ~/pod]# kubectl describe pod pod-tomcat
Name: pod-tomcat
Namespace: default
## ...省略万字内容
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m39s default-scheduler Successfully assigned default/pod-tomcat to node02
Normal Pulling 5m38s kubelet Pulling image "tomcat:latest"
Normal Pulled 4m55s kubelet Successfully pulled image "tomcat:latest" in 43.43020764s (43.430224485s including waiting)
Normal Created 4m55s kubelet Created container container-tomcat
Normal Started 4m55s kubelet Started container container-tomcat镜像默认的拉取策略
官网的描述是这样的:
- 如果你省略了
imagePullPolicy字段,并且你为容器镜像指定了摘要, 那么imagePullPolicy会自动设置为IfNotPresent。 - 如果你省略了
imagePullPolicy字段,并且容器镜像的标签是:latest,imagePullPolicy会自动设置为Always。 - 如果你省略了
imagePullPolicy字段,并且没有指定容器镜像的标签,imagePullPolicy会自动设置为Always。 - 如果你省略了
imagePullPolicy字段,并且为容器镜像指定了非:latest的标签,imagePullPolicy就会自动设置为IfNotPresent
简单点来说就是如果没有指定镜像的版本,或者指定镜像的版本为 :latest,那么镜像拉取策略就是 Always。否则就是 IfNotPresent