From dff78f616ef76b52f84076543f1edeae97042601 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobrelia@mirantis.com>
Date: Tue, 22 Nov 2016 16:16:04 +0100
Subject: [PATCH] Allow pre-downloaded images to be used effectively
According to http://kubernetes.io/docs/user-guide/images/ :
By default, the kubelet will try to pull each image from the
specified registry. However, if the imagePullPolicy property
of the container is set to IfNotPresent or Never, then a local\
image is used (preferentially or exclusively, respectively).
Use IfNotPresent value to allow images prepared by the download
role dependencies to be effectively used by kubelet without pull
errors resulting apps to stay blocked in PullBackOff/Error state
even when there are images on the localhost exist.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
---
inventory/group_vars/all.yml | 3 +++
roles/dnsmasq/templates/dnsmasq-ds.yml | 1 +
.../ansible/templates/calico-policy-controller.yml.j2 | 1 +
roles/kubernetes-apps/ansible/templates/kubedns-rc.yml | 3 +++
.../master/templates/manifests/kube-apiserver.manifest.j2 | 1 +
.../templates/manifests/kube-controller-manager.manifest.j2 | 1 +
.../master/templates/manifests/kube-scheduler.manifest.j2 | 1 +
.../kubernetes/node/templates/manifests/kube-proxy.manifest.j2 | 1 +
.../node/templates/manifests/nginx-proxy.manifest.j2 | 1 +
roles/network_plugin/canal/templates/canal-node.yml.j2 | 2 ++
roles/network_plugin/flannel/templates/flannel-pod.yml | 1 +
11 files changed, 16 insertions(+)
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index d184fb9b4..49abb1d03 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -139,6 +139,9 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
## to self hosted registries like so:
docker_options: "--insecure-registry={{ kube_service_addresses }}"
+# K8s image pull policy (imagePullPolicy)
+k8s_image_pull_policy: IfNotPresent
+
# default packages to install within the cluster
kpm_packages: []
# - name: kube-system/grafana
diff --git a/roles/dnsmasq/templates/dnsmasq-ds.yml b/roles/dnsmasq/templates/dnsmasq-ds.yml
index 49223124e..50cea23c5 100644
--- a/roles/dnsmasq/templates/dnsmasq-ds.yml
+++ b/roles/dnsmasq/templates/dnsmasq-ds.yml
@@ -15,6 +15,7 @@ spec:
containers:
- name: dnsmasq
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- dnsmasq
args:
diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
index 1a45e023b..469060278 100644
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -24,6 +24,7 @@ spec:
containers:
- name: calico-policy-controller
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_endpoint }}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
index ed38d671d..fc29a0942 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
@@ -22,6 +22,7 @@ spec:
containers:
- name: kubedns
image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@@ -64,6 +65,7 @@ spec:
protocol: TCP
- name: dnsmasq
image: "{{ kubednsmasq_image_repo }}:{{ kubednsmasq_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
args:
- --log-facility=-
- --cache-size=1000
@@ -78,6 +80,7 @@ spec:
protocol: TCP
- name: healthz
image: "{{ exechealthz_image_repo }}:{{ exechealthz_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
# keep request = limit to keep this container in guaranteed class
limits:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 77b8dde63..d5eb2266e 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-apiserver
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- apiserver
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index a528f361e..02d386618 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-controller-manager
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- controller-manager
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index 15a705937..853e616fc 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-scheduler
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- scheduler
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 86d1e6f9e..422507acf 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /hyperkube
- proxy
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 8e5dfcc11..0930ee61e 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
securityContext:
privileged: true
volumeMounts:
diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2
index 4fbb8bc14..f73fae9bd 100644
--- a/roles/network_plugin/canal/templates/canal-node.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yml.j2
@@ -48,6 +48,7 @@ spec:
# container hosts.
- name: flannel
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
# Cluster name
- name: CLUSTER_NAME
@@ -117,6 +118,7 @@ spec:
# host.
- name: calico-node
image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
env:
# The location of the etcd cluster.
- name: ETCD_ENDPOINTS
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 74a935bf1..70b62e9ac 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -18,6 +18,7 @@
containers:
- name: "flannel-container"
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- "/bin/sh"
- "-c"
--
GitLab