diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index d184fb9b4c9a4159eb50fccee5f68e8d4e9c132a..49abb1d035ec4e2240ea2fe2fa63630d51d61e41 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -139,6 +139,9 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
## to self hosted registries like so:
docker_options: "--insecure-registry={{ kube_service_addresses }}"
+# K8s image pull policy (imagePullPolicy)
+k8s_image_pull_policy: IfNotPresent
+
# default packages to install within the cluster
kpm_packages: []
# - name: kube-system/grafana
diff --git a/roles/dnsmasq/templates/dnsmasq-ds.yml b/roles/dnsmasq/templates/dnsmasq-ds.yml
index 49223124e65e65f240287cc1236996154b43f4eb..50cea23c5e3efd4010e9b7b6fc6fdd5e04e1f041 100644
--- a/roles/dnsmasq/templates/dnsmasq-ds.yml
+++ b/roles/dnsmasq/templates/dnsmasq-ds.yml
@@ -15,6 +15,7 @@ spec:
containers:
- name: dnsmasq
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- dnsmasq
args:
diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
index 1a45e023b6aa7ccda53afcf2e344e406f506f5e2..469060278398c4553d2141208d39b40ab2313709 100644
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -24,6 +24,7 @@ spec:
containers:
- name: calico-policy-controller
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_endpoint }}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
index ed38d671d89f8d32e15ac47bb3bcead6971f3387..fc29a0942aae4fe4f2dd643277d1c5f3233880a8 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
@@ -22,6 +22,7 @@ spec:
containers:
- name: kubedns
image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@@ -64,6 +65,7 @@ spec:
protocol: TCP
- name: dnsmasq
image: "{{ kubednsmasq_image_repo }}:{{ kubednsmasq_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
args:
- --log-facility=-
- --cache-size=1000
@@ -78,6 +80,7 @@ spec:
protocol: TCP
- name: healthz
image: "{{ exechealthz_image_repo }}:{{ exechealthz_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
# keep request = limit to keep this container in guaranteed class
limits:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 77b8dde63e1b9a6798891f8d074844370f337a7e..d5eb2266ebff1390ce78956f6e0cdf5113474ed4 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-apiserver
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- apiserver
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index a528f361e22975d170a43712c8a833652370d816..02d3866184991a9119f40aea1ae82a36d65330db 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-controller-manager
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- controller-manager
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index 15a705937fbee2caefd98f305e2c2fc69ff4c199..853e616fcd965cbdf16604fc4916cd3f9bb08652 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-scheduler
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- scheduler
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 86d1e6f9e93e619d2fd95ba382eb30252f6b375d..422507acfa0a30703fad222f001913573de1bac1 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- proxy
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 8e5dfcc116d94722c06b694d124736524b0d1c76..0930ee61ec6177d2de3fe95e321983d8974c0b42 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
securityContext:
privileged: true
volumeMounts:
diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2
index 4fbb8bc14e351261015f362499bf94419d03d229..f73fae9bdf8095570fdd67ce4e5f8b93d43fd280 100644
--- a/roles/network_plugin/canal/templates/canal-node.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yml.j2
@@ -48,6 +48,7 @@ spec:
# container hosts.
- name: flannel
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
# Cluster name
- name: CLUSTER_NAME
@@ -117,6 +118,7 @@ spec:
# host.
- name: calico-node
image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
# The location of the etcd cluster.
- name: ETCD_ENDPOINTS
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 74a935bf14157f0a565066e587cdcca032e141d3..70b62e9ac5e791ffcac688319eaea1e5d36c2c90 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -18,6 +18,7 @@
containers:
- name: "flannel-container"
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- "/bin/sh"
- "-c"