Kubernetes基础：镜像拉取策略

这篇文章以官方Metrics Server提供的Deployment在使用过程中的问题为例，对在Kubernetes中Pod的镜像拉取策略进行说明。

镜像拉取策略

主要有如下三种：

• • IfNotPresent：宿主机器不存在时拉取镜像（默认值）
  • Always：每次创建时都会拉取镜像
  • Never： 不会主动拉取镜像

原因排查

有了如上基础知识，就可以对image中的问题进行排查了，比如Metrics Server在部署的时候Pod出现了如下错误信息

[root@host131 1.8+]# kubectl get pods -A
NAMESPACE     NAME                             READY   STATUS             RESTARTS   AGE
kube-system   coredns-59db588569-gz6x8         1/1     Running            0          54m
kube-system   metrics-server-789c77976-sfvsx   0/1     ImagePullBackOff   0          27m
[root@host131 1.8+]# 

ImagePullBackOff是因为镜像拉取失败，查看详细日志信息可以看到

[root@host131 1.8+]# kubectl describe pod metrics-server-789c77976-sfvsx -n kube-system
Name:         metrics-server-789c77976-sfvsx
Namespace:    kube-system
Priority:     0
Node:         192.168.163.131/192.168.163.131
Start Time:   Fri, 31 Jan 2020 16:16:31 -0500
Labels:       k8s-app=metrics-server
              pod-template-hash=789c77976
Annotations:  
Status:       Pending
IP:           10.254.152.3
IPs:
  IP:           10.254.152.3
Controlled By:  ReplicaSet/metrics-server-789c77976
Containers:
  metrics-server:
    Container ID:  
    Image:         k8s.gcr.io/metrics-server-amd64:v0.3.6
    Image ID:      
    Port:          4443/TCP
    Host Port:     0/TCP
    Args:
      --cert-dir=/tmp
      --secure-port=4443
      --kubelet-insecure-tls
      --kubelet-preferred-address-types=InternalIP
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Environment:    
    Mounts:
      /tmp from tmp-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from metrics-server-token-x25zl (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  tmp-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  
  metrics-server-token-x25zl:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  metrics-server-token-x25zl
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  beta.kubernetes.io/os=linux
                 kubernetes.io/arch=amd64
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age                   From                      Message
  ----     ------     ----                  ----                      -------
  Normal   Scheduled               default-scheduler         Successfully assigned kube-system/metrics-server-789c77976-sfvsx to 192.168.163.131
  Normal   Pulling    25m (x4 over 28m)     kubelet, 192.168.163.131  Pulling image "k8s.gcr.io/metrics-server-amd64:v0.3.6"
  Warning  Failed     25m (x4 over 27m)     kubelet, 192.168.163.131  Failed to pull image "k8s.gcr.io/metrics-server-amd64:v0.3.6": rpc error: code = Unknown desc = Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  Warning  Failed     25m (x4 over 27m)     kubelet, 192.168.163.131  Error: ErrImagePull
  Normal   BackOff    25m (x6 over 27m)     kubelet, 192.168.163.131  Back-off pulling image "k8s.gcr.io/metrics-server-amd64:v0.3.6"
  Warning  Failed     2m58s (x97 over 27m)  kubelet, 192.168.163.131  Error: ImagePullBackOff
[root@host131 1.8+]#

原因确认

但是本地是存在此镜像的

[root@host131 1.8+]# docker images |grep k8s.gcr.io/metrics-server-amd64
k8s.gcr.io/metrics-server-amd64         v0.3.6              9dd718864ce6        3 months ago        39.9MB
[root@host131 1.8+]#

所以基本可以断定这是因为镜像拉取策略被设定为Always的缘故

[root@host131 1.8+]# kubectl get pods -n kube-system metrics-server-789c77976-sfvsx -o yaml |grep imagePullPolicy
    imagePullPolicy: Always
[root@host131 1.8+]# 

对应方法

修改Deployment的yaml文件中的imagePullPolicy或者保证镜像能够拉取到即可解决此问题。

参考内容

https://kubernetes.io/docs/concepts/containers/images/