zoukankan      html  css  js  c++  java
  • 二、pod镜像拉取

    1、镜像拉取策略
    IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
    Always:每次创建Pod 都会重新拉取一次镜像
    Never:Pod 永远不会主动拉取这个镜像
    注意:如果省略imagePullPolicy 镜像tag为 :latest 策略为always ,否则 策略为 IfNotPresent

    配置:

    apiVersion: v1
    kind: Pod
    metadata:
      name: foo
      namespace: awesomeapps
    spec:
      containers:
      - name: foo
        image: janedoe/awesomeapp:v1
        imagePullPolicy: IfNotPresent  #配置拉取策略

    2、镜像拉取权限
    如果镜像仓库的拉取镜像权限需要登录,那么就需要配置才imagePullSecrets:能进行拉取
    登录镜像仓库后,会生产一个/root/.docker/config.json配置文件:

    [root@k8s-node04 ~]# docker login 10.16.8.152
    [root@k8s-node04 ~]# cat .docker/config.json 
    {
            "auths": {
                    "10.16.8.152": {
                            "auth": "eHc6WGlhbmd3ZWkxMjM0NTY="
                    }
            },
            "HttpHeaders": {
                    "User-Agent": "Docker-Client/19.03.4 (linux)"
            }
    }

    把这个文件编码成一个base64的字符串:

    [root@k8s-node04 ~]# cat .docker/config.json |base64 -w 0
    ewoJImF1dGhzIjogewoJCSIxMC4xNi44LjE1MiI6IHsKCQkJImF1dGgiOiAiZUhjNldHbGhibWQzWldreE1qTTBOVFk9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy40IChsaW51eCkiCgl9Cn0=

    在k8s中注册一个secert:

    [root@k8s-master01-etcd01 yaml]# cat registry-pull-secret.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: registry-pull-secret
    data:
      .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xNi44LjE1MiI6IHsKCQkJImF1dGgiOiAiZUhjNldHbGhibWQzWldreE1qTTBOVFk9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4wIChsaW51eCkiCgl9Cn0=
    type: kubernetes.io/dockerconfigjson

    #注册secert

    [root@k8s-master01-etcd01 yaml]# kubectl create -f registry-pull-secret.yaml 
    secret/registry-pull-secret created

    #查看 secret

    [root@k8s-master01-etcd01 yaml]# kubectl get secrets 
    NAME                   TYPE                                  DATA   AGE
    default-token-6wrdx    kubernetes.io/service-account-token   3      3d6h
    registry-pull-secret   kubernetes.io/dockerconfigjson        1      43s

    在pod部署yaml中配置这个registry-pull-secret:

    apiVersion: v1
    kind: Pod
    metadata:
      name: foo
      namespace: awesomeapps
    spec:
      containers:
      - name: foo
        image: janedoe/awesomeapp:v1
     imagePullSecrets:
     - name: registry-pull-secret
  • 相关阅读:
    EF Core 原理从源码出发(一)
    EF Core 原理从源码出发(二)
    AutoMapper的源码分析
    Latex 引用为名字+序号
    Latex引用文献按照引用顺序排序
    HttpRunner3.X
    Python Selenium — 封装浏览器引擎类
    Online PCA for Contaminated Data
    LEARNING WITH AMIGO: ADVERSARIALLY MOTIVATED INTRINSIC GOALS
    LEARNING INVARIANT REPRESENTATIONS FOR REINFORCEMENT LEARNING WITHOUT RECONSTRUCTION
  • 原文地址:https://www.cnblogs.com/xw115428/p/11957824.html
Copyright © 2011-2022 走看看