允许在 Kubernetes 上使用本地库中的图像

Question

我正在遵循教程https://docs.openfaas.com/tutorials/first-python-function/，

目前，我有正确的图像

$ docker images | grep hello-openfaas
wm/hello-openfaas                                     latest                          bd08d01ce09b   34 minutes ago      65.2MB
$ faas-cli deploy -f ./hello-openfaas.yml 
Deploying: hello-openfaas.
WARNING! You are not using an encrypted connection to the gateway, consider using HTTPS.

Deployed. 202 Accepted.
URL: http://IP:8099/function/hello-openfaas

有一个步骤预先警告我进行一些设置（我的情况是我正在使用Kubernetes并且minikube不想推送到远程容器注册表，我应该启用 Kubernetes 上本地库中的图像的使用。），我查看提示

see the helm chart for how to set the ImagePullPolicy

我不确定如何正确配置它。最后的结果表明我失败了。

不出所料，我无法访问函数服务，我在 https://docs.openfaas.com/deployment/troubleshooting/#openfaas-didnt-start中找到了一些线索，这可能有助于诊断问题。

$ kubectl logs -n openfaas-fn deploy/hello-openfaas
Error from server (BadRequest): container "hello-openfaas" in pod "hello-openfaas-558f99477f-wd697" is waiting to start: trying and failing to pull image

$ kubectl describe -n openfaas-fn deploy/hello-openfaas
Name:                   hello-openfaas
Namespace:              openfaas-fn
CreationTimestamp:      Wed, 16 Mar 2022 14:59:49 +0800
Labels:                 faas_function=hello-openfaas
Annotations:            deployment.kubernetes.io/revision: 1
                        prometheus.io.scrape: false
Selector:               faas_function=hello-openfaas
Replicas:               1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  0 max unavailable, 1 max surge
Pod Template:
  Labels:       faas_function=hello-openfaas
  Annotations:  prometheus.io.scrape: false
  Containers:
   hello-openfaas:
    Image:      wm/hello-openfaas:latest
    Port:       8080/TCP
    Host Port:  0/TCP
    Liveness:   http-get http://:8080/_/health delay=2s timeout=1s period=2s #success=1 #failure=3
    Readiness:  http-get http://:8080/_/health delay=2s timeout=1s period=2s #success=1 #failure=3
    Environment:
      fprocess:  python3 index.py
    Mounts:      <none>
  Volumes:       <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      False   MinimumReplicasUnavailable
  Progressing    False   ProgressDeadlineExceeded
OldReplicaSets:  <none>
NewReplicaSet:   hello-openfaas-558f99477f (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  29m   deployment-controller  Scaled up replica set hello-openfaas-558f99477f to 1

hello-openfaas.yml

see the helm chart for how to set the ImagePullPolicy

---

我创建一个新项目hello-openfaas2来重现此错误

$ kubectl logs -n openfaas-fn deploy/hello-openfaas
Error from server (BadRequest): container "hello-openfaas" in pod "hello-openfaas-558f99477f-wd697" is waiting to start: trying and failing to pull image

$ kubectl describe -n openfaas-fn deploy/hello-openfaas
Name:                   hello-openfaas
Namespace:              openfaas-fn
CreationTimestamp:      Wed, 16 Mar 2022 14:59:49 +0800
Labels:                 faas_function=hello-openfaas
Annotations:            deployment.kubernetes.io/revision: 1
                        prometheus.io.scrape: false
Selector:               faas_function=hello-openfaas
Replicas:               1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  0 max unavailable, 1 max surge
Pod Template:
  Labels:       faas_function=hello-openfaas
  Annotations:  prometheus.io.scrape: false
  Containers:
   hello-openfaas:
    Image:      wm/hello-openfaas:latest
    Port:       8080/TCP
    Host Port:  0/TCP
    Liveness:   http-get http://:8080/_/health delay=2s timeout=1s period=2s #success=1 #failure=3
    Readiness:  http-get http://:8080/_/health delay=2s timeout=1s period=2s #success=1 #failure=3
    Environment:
      fprocess:  python3 index.py
    Mounts:      <none>
  Volumes:       <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      False   MinimumReplicasUnavailable
  Progressing    False   ProgressDeadlineExceeded
OldReplicaSets:  <none>
NewReplicaSet:   hello-openfaas-558f99477f (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  29m   deployment-controller  Scaled up replica set hello-openfaas-558f99477f to 1

---

来自https://docs.openfaas.com/reference/yaml/，我知道我把它放在imagePullPolicy错误的地方，它的架构中没有这样的关键字。

我也尝试过eval $(minikube docker-env，但仍然遇到同样的错误。

---

我有一种感觉faas-cli deploy可以替换为helm，它们都意味着在 Kubernetes 集群中运行映像（无论是远程还是本地），然后我可以使用在那里helm chart进行设置pullPolicy。尽管我还不太清楚细节，但这个发现给了我启发。

---

到目前为止，之后eval $(minikube docker-env)

version: 1.0
provider:
  name: openfaas
  gateway: http://IP:8099
functions:
  hello-openfaas:
    lang: python3
    handler: ./hello-openfaas
    image: wm/hello-openfaas:latest
    imagePullPolicy: Never

---

在一个壳里，

$ faas-cli new --lang python3 hello-openfaas2 --prefix="wm"
Folder: hello-openfaas2 created.
# I add `imagePullPolicy: Never` to `hello-openfaas2.yml`
$ faas-cli build -f ./hello-openfaas2.yml 
$ faas-cli deploy -f ./hello-openfaas2.yml 
Deploying: hello-openfaas2.
WARNING! You are not using an encrypted connection to the gateway, consider using HTTPS.

Deployed. 202 Accepted.
URL: http://192.168.1.3:8099/function/hello-openfaas2


$ kubectl logs -n openfaas-fn deploy/hello-openfaas2
Error from server (BadRequest): container "hello-openfaas2" in pod "hello-openfaas2-7c67488865-7d7vm" is waiting to start: image can't be pulled

$ kubectl get pods --all-namespaces
NAMESPACE              NAME                                        READY   STATUS             RESTARTS         AGE
kube-system            coredns-64897985d-kp7vf                     1/1     Running            0                47h
...
openfaas-fn            env-6c79f7b946-bzbtm                        1/1     Running            0                4h28m
openfaas-fn            figlet-54db496f88-957xl                     1/1     Running            0                18h
openfaas-fn            hello-openfaas-547857b9d6-z277c             0/1     ImagePullBackOff   0                127m
openfaas-fn            hello-openfaas-7b6946b4f9-hcvq4             0/1     ImagePullBackOff   0                165m
openfaas-fn            hello-openfaas2-7c67488865-qmrkl            0/1     ImagePullBackOff   0                13m
openfaas-fn            hello-openfaas3-65847b8b67-b94kd            0/1     ImagePullBackOff   0                97m
openfaas-fn            hello-python-554b464498-zxcdv               0/1     ErrImagePull       0                3h23m
openfaas-fn            hello-python-8698bc68bd-62gh9               0/1     ImagePullBackOff   0                3h25m

和另一个外壳

docker@minikube:~$ docker ps | grep wm
d7796286641c   wm/hello-openfaas2:0.1             "fwatchdog"              3 minutes ago       Up 3 minutes (healthy)   8080/tcp   wm

Answer 1

当您指定要从中提取的图像而不使用 url 时，默认为DockerHub。当您使用:latest标签时，无论定义什么拉取策略，它总是会拉取最新的镜像。

因此，要使用本地构建的图像 -不要使用最新的标签。

要使 minikube 从本地计算机拉取镜像，您需要执行以下操作：

1. 将您的 docker 客户端指向虚拟机的 docker 守护进程：eval $(minikube docker-env)
2. 配置镜像拉取策略：imagePullPolicy: Never
3. 有一个标志可以传入以在 minikube VM 中使用不安全的注册表。创建机器时必须指定：minikube start --insecure-registry

请注意，您必须eval $(minikube docker-env)在要使用的每个终端上运行 eval，因为它仅为当前 shell 会话设置环境变量。

此流程有效：

# Start minikube and set docker env
minikube start
eval $(minikube docker-env)

# Build image
docker build -t foo:1.0 .

# Run in minikube
kubectl run hello-foo --image=foo:1.0 --image-pull-policy=Never

您可以在minikube 文档中阅读更多内容。