这篇文章以官方Metrics Server提供的Deployment在使用过程中的问题为例,对在Kubernetes中Pod的镜像拉取策略进行说明。
镜像拉取策略
主要有如下三种:
- • IfNotPresent:宿主机器不存在时拉取镜像(默认值)
• Always:每次创建时都会拉取镜像
• Never: 不会主动拉取镜像
原因排查
有了如上基础知识,就可以对image中的问题进行排查了,比如Metrics Server在部署的时候Pod出现了如下错误信息
[root@host131 1.8+]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-59db588569-gz6x8 1/1 Running 0 54m
kube-system metrics-server-789c77976-sfvsx 0/1 ImagePullBackOff 0 27m
[root@host131 1.8+]#
ImagePullBackOff是因为镜像拉取失败,查看详细日志信息可以看到
[root@host131 1.8+]# kubectl describe pod metrics-server-789c77976-sfvsx -n kube-system
Name: metrics-server-789c77976-sfvsx
Namespace: kube-system
Priority: 0
Node: 192.168.163.131/192.168.163.131
Start Time: Fri, 31 Jan 2020 16:16:31 -0500
Labels: k8s-app=metrics-server
pod-template-hash=789c77976
Annotations: <none>
Status: Pending
IP: 10.254.152.3
IPs:
IP: 10.254.152.3
Controlled By: ReplicaSet/metrics-server-789c77976
Containers:
metrics-server:
Container ID:
Image: k8s.gcr.io/metrics-server-amd64:v0.3.6
Image ID:
Port: 4443/TCP
Host Port: 0/TCP
Args:
--cert-dir=/tmp
--secure-port=4443
--kubelet-insecure-tls
--kubelet-preferred-address-types=InternalIP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/tmp from tmp-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from metrics-server-token-x25zl (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
tmp-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
metrics-server-token-x25zl:
Type: Secret (a volume populated by a Secret)
SecretName: metrics-server-token-x25zl
Optional: false
QoS Class: BestEffort
Node-Selectors: beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned kube-system/metrics-server-789c77976-sfvsx to 192.168.163.131
Normal Pulling 25m (x4 over 28m) kubelet, 192.168.163.131 Pulling image "k8s.gcr.io/metrics-server-amd64:v0.3.6"
Warning Failed 25m (x4 over 27m) kubelet, 192.168.163.131 Failed to pull image "k8s.gcr.io/metrics-server-amd64:v0.3.6": rpc error: code = Unknown desc = Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Warning Failed 25m (x4 over 27m) kubelet, 192.168.163.131 Error: ErrImagePull
Normal BackOff 25m (x6 over 27m) kubelet, 192.168.163.131 Back-off pulling image "k8s.gcr.io/metrics-server-amd64:v0.3.6"
Warning Failed 2m58s (x97 over 27m) kubelet, 192.168.163.131 Error: ImagePullBackOff
[root@host131 1.8+]#
原因确认
但是本地是存在此镜像的
[root@host131 1.8+]# docker images |grep k8s.gcr.io/metrics-server-amd64
k8s.gcr.io/metrics-server-amd64 v0.3.6 9dd718864ce6 3 months ago 39.9MB
[root@host131 1.8+]#
所以基本可以断定这是因为镜像拉取策略被设定为Always的缘故
[root@host131 1.8+]# kubectl get pods -n kube-system metrics-server-789c77976-sfvsx -o yaml |grep imagePullPolicy
imagePullPolicy: Always
[root@host131 1.8+]#
对应方法
修改Deployment的yaml文件中的imagePullPolicy或者保证镜像能够拉取到即可解决此问题。
参考内容
https://kubernetes.io/docs/concepts/containers/images/
