概述

在 Kubernetes（K8s）里，容器鏡像拉取策略（ImagePullPolicy）決定了 K8s 在創建或重啟 Pod 時，如何處理容器鏡像的拉取操作。這一策略能夠確保使用的鏡像始終是最新的，或者使用本地已有的鏡像以提升部署效率。

可以使用kubectl explain pod.spec.containers.imagePullPolicy查看資源的詳細文檔：
示例：

[root@master01 ~]# kubectl explain pod.spec.containers.imagePullPolicy
KIND:     Pod
VERSION:  v1

FIELD:    imagePullPolicy <string>

DESCRIPTION:
     Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
     if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
     More info:
     https://kubernetes.io/docs/concepts/containers/images#updating-images

     Possible enum values:
     - `"Always"` means that kubelet always attempts to pull the latest image.
     Container will fail If the pull fails.
     - `"IfNotPresent"` means that kubelet pulls if the image isn't present on
     disk. Container will fail if the image isn't present and the pull fails.
     - `"Never"` means that kubelet never pulls an image, but only uses a local
     image. Container will fail if the image isn't present

通過文檔可以發現，鏡像拉取策略有三個類型，分別是Always、IfNotPresent、Never

也可以通過官方文檔來查看：https://kubernetes.io/docs/concepts/containers/images#updating-images

鏡像拉取策略分類詳解

Never

Never表示永不拉取鏡像，kubelet 不會嘗試獲取鏡像。如果鏡像已經以某種方式存在本地， kubelet 會嘗試啟動容器；否則，會啟動失敗。

示例：

[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-tomcat
spec:
  containers:
  - name: container-tomcat
    image: tomcat:8.0
    # 指定鏡像拉取策略為Never
    imagePullPolicy: Never
    ports:
    - name: http
      containerPort: 8080
# 創建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created
# 查看pod
[root@master01 ~/pod]# kubectl get po pod-tomcat
NAME         READY   STATUS              RESTARTS   AGE
pod-tomcat   0/1     ErrImageNeverPull   0          111s

# 查看詳情，發現并沒有拉取鏡像
[root@master01 ~/pod]# kubectl describe po pod-tomcat
Name:             pod-tomcat
...省略萬字內容
Events:
  Type     Reason             Age                  From               Message
  ----     ------             ----                 ----               -------
  Normal   Scheduled          2m7s                 default-scheduler  Successfully assigned default/pod-tomcat to node02
  Normal   SandboxChanged     2m5s                 kubelet            Pod sandbox changed, it will be killed and re-created.
  Warning  ErrImageNeverPull  25s (x12 over 2m6s)  kubelet            Container image "tomcat:8.0" is not present with pull policy of Never
  Warning  Failed             25s (x12 over 2m6s)  kubelet            Error: ErrImageNeverPull

IfNotPresent

如果本地有鏡像就使用本地的，如果沒有就去遠程倉庫拉取

示例：

[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-tomcat
spec:
  containers:
  - name: container-tomcat
    image: tomcat:8.0
    # 指定鏡像拉取策略為IfNotPresent
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 8080

# 創建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created

# 查看pod
[root@master01 ~/pod]# kubectl get pod pod-tomcat
NAME         READY   STATUS    RESTARTS   AGE
pod-tomcat   1/1     Running   0          43s

#查看pod詳情
[root@master01 ~/pod]# kubectl describe pod pod-tomcat
Name:             pod-tomcat
Namespace:        default
##...省略萬字內容
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  64s   default-scheduler  Successfully assigned default/pod-tomcat to node02
  Normal  Pulling    63s   kubelet            Pulling image "tomcat:8.0"
  Normal  Pulled     23s   kubelet            Successfully pulled image "tomcat:8.0" in 40.129798231s (40.129811976s including waiting)
  Normal  Created    23s   kubelet            Created container container-tomcat
  Normal  Started    23s   kubelet            Started container container-tomcat

Always

如果本地有鏡像，則對比本地鏡像和遠程倉庫的摘要信息,若相同則使用本地緩存，若不同則重新拉取鏡像。
如果本地沒有鏡像，則無需對比摘要信息，直接拉取鏡像。

示例：

[root@master01 ~/pod]# cat pod-tomcat.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-tomcat
spec:
  containers:
  - name: container-tomcat
    # 鏡像更改為latest
    image: tomcat:latest
    # 指定鏡像拉取策略為Always
    imagePullPolicy: Always
    ports:
    - name: http
      containerPort: 8080

# 創建pod
[root@master01 ~/pod]# kubectl apply -f pod-tomcat.yaml
pod/pod-tomcat created

#查看pod
[root@master01 ~/pod]# kubectl get pod pod-tomcat
NAME         READY   STATUS    RESTARTS   AGE
pod-tomcat   1/1     Running   0          4m53s

# 查看pod詳情
[root@master01 ~/pod]# kubectl describe pod pod-tomcat
Name:             pod-tomcat
Namespace:        default
## ...省略萬字內容
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  5m39s  default-scheduler  Successfully assigned default/pod-tomcat to node02
  Normal  Pulling    5m38s  kubelet            Pulling image "tomcat:latest"
  Normal  Pulled     4m55s  kubelet            Successfully pulled image "tomcat:latest" in 43.43020764s (43.430224485s including waiting)
  Normal  Created    4m55s  kubelet            Created container container-tomcat
  Normal  Started    4m55s  kubelet            Started container container-tomcat

鏡像默認的拉取策略

官網的描述是這樣的：

• 如果你省略了 imagePullPolicy 字段，并且你為容器鏡像指定了摘要， 那么 imagePullPolicy 會自動設置為 IfNotPresent。
• 如果你省略了 imagePullPolicy 字段，并且容器鏡像的標簽是 :latest， imagePullPolicy 會自動設置為 Always。
• 如果你省略了 imagePullPolicy 字段，并且沒有指定容器鏡像的標簽， imagePullPolicy 會自動設置為 Always。
• 如果你省略了 imagePullPolicy 字段，并且為容器鏡像指定了非 :latest 的標簽， imagePullPolicy 就會自動設置為 IfNotPresent

簡單點來說就是如果沒有指定鏡像的版本，或者指定鏡像的版本為 :latest，那么鏡像拉取策略就是 Always。否則就是 IfNotPresent