简体   繁体   English

Kubernetes 部署 - 指定图像拉取的多个选项作为后备?

[英]Kubernetes deployment - specify multiple options for image pull as a fallback?

We have had image pull issues at one time or another with all of our possible docker registries including Artifactory, AWS ECR, and GitLab.我们所有可能的 docker 注册中心(包括 Artifactory、AWS ECR 和 GitLab)都曾有一次或多次出现图像拉取问题。 Even DockerHub occasionally has issues.甚至 DockerHub 偶尔也会出现问题。

Is there a way in a Kubernetes deployment to specify that a pod can get an image from multiple different repositories so it can fall back if one is down?在 Kubernetes 部署中是否有办法指定一个 pod 可以从多个不同的存储库获取图像,以便在一个存储库出现故障时可以回退?

If not, what other solutions are there to maintain stability?如果不是,还有哪些其他解决方案可以保持稳定? I've seen things like Harbor and Trow, but it seems like a heavy handed solution to a simple problem.我见过像 Harbour 和 Trow 这样的东西,但它似乎是一个简单问题的笨拙解决方案。

Is there a way in a Kubernetes deployment to specify that a pod can get an image from multiple different repositories so it can fall back if one is down?在 Kubernetes 部署中是否有办法指定一个 pod 可以从多个不同的存储库获取图像,以便在一个存储库出现故障时可以回退?

Not really, not natively.不是真的,不是天生的。 You could probably trick a K8s node to pull images from different image registries (one at a time) if you place them behind something like a TCP load balancer that directs traffic to multiple registries.如果您将 K8s 节点放置在诸如 TCP 负载均衡器之类的东西之后,您可能会欺骗 K8s 节点从不同的图像注册表中提取图像(一次一个),该负载平衡器将流量引导到多个注册表。 But this might take a lot of testing and work.但这可能需要大量的测试和工作。

If not, what other solutions are there to maintain stability?如果不是,还有哪些其他解决方案可以保持稳定? I've seen things like Harbor and Trow, but it seems like a heavy handed solution to a simple problem.我见过像 Harbour 和 Trow 这样的东西,但它似乎是一个简单问题的笨拙解决方案。

I'd say either Harbor , Quay , and Trow is the way to go if you want something more redundant.如果您想要更多冗余的东西,我会说HarbourQuayTrow是通往 go 的方式。

Kubernetes has the ability to set ImagePullPolicy and you can set it for example to Never if you'd like to pre-pull all your critical images on all the K8s nodes. Kubernetes 具有设置ImagePullPolicy能力,例如,如果您想在所有 K8s 节点上预拉所有关键图像,您可以将其设置为Never You can tie this to some automation to pre-pull your images across your clusters and nodes.您可以将其与一些自动化联系起来,以便在集群和节点之间预先拉取您的图像。

I've actually opened a K8s feature request to see if this idea gains traction.实际上,我已经打开了一个 K8s功能请求,看看这个想法是否会受到关注。

Update:更新:

If you're using containerd or cri-o (or even Docker has registry mirrors).如果您使用的是containerdcri-o (甚至Docker有注册表镜像)。 You have the ability to configure mirror registries:您可以配置镜像注册表:

containerd.toml example containerd.toml示例

...
    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]
        [plugins.cri.registry.mirrors."local.insecure-registry.io"]
          endpoint = ["http://localhost:32000"]
        [plugins.cri.registry.mirrors."gcr.io"]
          endpoint = ["https://gcr.io"]
      [plugins.cri.registry.configs]
        [plugins.cri.registry.configs.auths]
          [plugins.cri.registry.configs.auths."https://gcr.io"]
            auth = "xxxxx...."
...

cri-o.conf example cri-o.conf示例

...
# registries is used to specify a comma separated list of registries to be used
# when pulling an unqualified image (e.g. fedora:rawhide).
registries = [
“registry.example.xyz”,
“registry.fedoraproject.org”
]
...

✌️ ✌️

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM