Kubernetes Pod 镜像拉取策略
官方文档:https://kubernetes.io/docs/concepts/containers/images/
• IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
• Always:每次创建 Pod 都会重新拉取一次镜像
• Never: Pod 永远不会主动拉取这个镜像
# 查看已创建deployment的拉取策略
kubectl get deploy/nginx-deployment -o yaml | grep imagePull
imagePullPolicy: IfNotPresent
认证镜像仓库拉取方法
1、Node:修改需要认证的镜像仓库
{"insecure-registries": ["需要认证的仓库地址"]}
vim /etc/docker/daemon.json
2、Node:登录镜像仓库(可提交项目镜像到私有仓库)
docker login 镜像仓库IP地址
3、Node:查看仓库docker认证信息、并编码
cat ~/.docker/config.json | base64 -w 0
4、Master:创建认证yaml文件、 .dockerconfigjson下就是Node config.json的编码信息
apiVersion: v1
kind: Secret
metadata:
# 拉取镜像策略定义名称
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjkfldsajkfldsajklfsJKLFJDAKLJKljkJjfkldsjkfdsaJKLFDASLjkljfklJFKDLHASKjkjfLfdsjaklfjdsaklFDSAJKLFDJSAKLFDSAjklfjdsaklf;jdaklfj;dsklajfkldsajfkld;ajkfld==
type: kubernetes.io/dockerconfigjson
vim registry-pull-secret.yaml
下面根据条件完成策略
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers:
- name: foo
image: janedoe/awesomeapp:v1
imagePullPolicy: IfNotPresent
修改拉取策略类型
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers:
- name: foo
image: janedoe/awesomeapp:v1
imagePullSecrets:
- name: myregistrykey
进项拉取凭据配置