最近今天,在研究docker swarm中服務的部署,發現一個非常奇怪的現象······
通過docker service create命令創建service,比如:
docker service create \ --with-registry-auth \ --name=nginx \ --replicas=3 \ --publish published=8080,target=80 \ 172.20.58.152/middleware/nginx:1.21.4
正常的邏輯,是不是每個節點上,都要拉取這個鏡像,然後運行呢?
沒錯,在k8s裏面也是這樣的,不過,在swarm中不是這樣的
登錄其中一個task所在的主機
[root@nccztsjb-node-05 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.20.58.152/middleware/nginx <none> 9a8e1ec1235e 9 months ago 309MB 172.20.58.152/middleware/nginx <none> ea335eea17ab 10 months ago 141MB [root@nccztsjb-node-05 ~]#
奇怪不?明明在創建的service的時候,指定了鏡像的tag:
172.20.58.152/middleware/nginx:1.21.4
可是work節點拉取之後,咋就沒了呢?
百思不得其解之時,看到了官方的一個解釋:
If you specify a tag, the manager (or the Docker client, if you use content trust) resolves that tag to a digest. When the request to create a container task is received on a worker node, the worker node only sees the digest, not the tag.
也就是說,如果指定了鏡像的tag,manager節點會將tag解析成鏡像的摘要。然後,worker節點接收到運行task的命令時,它只能看到鏡像摘要,而不是tag.
所以,理解了嗎
這個也是swarm集羣中鏡像的一個特點。
那要怎麼看看鏡像的摘要?
docker inspect <IMAGE_ID>就能查看鏡像的ID了。
[root@nccztsjb-node-05 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.20.58.152/middleware/nginx <none> 9a8e1ec1235e 9 months ago 309MB 172.20.58.152/middleware/nginx <none> ea335eea17ab 10 months ago 141MB [root@nccztsjb-node-05 ~]# docker inspect 9a8e1ec1235e -f $"{{.RepoDigests}}" [172.20.58.152/middleware/nginx@sha256:7d0dd4475eacf253250a9712fa1333b93755611c05f3b7dcf9a48d03a699d867] [root@nccztsjb-node-05 ~]# [root@nccztsjb-node-05 ~]# docker inspect ea335eea17ab -f $"{{.RepoDigests}}" [172.20.58.152/middleware/nginx@sha256:2f14a471f2c2819a3faf88b72f56a0372ff5af4cb42ec45aab00c03ca5c9989f] [root@nccztsjb-node-05 ~]#
OK,那以後在swarm集羣中部署service,再看到沒有tag的鏡像信息,就不要大驚小怪了喲!