search

confidential-containers / operator

Operator to deploy confidential containers runtime
Apache License 2.0
113 stars 60 forks source link

ImagePullPolicy ignored for CCRuntime #395

Closed teodor-pripoae closed 3 hours ago

teodor-pripoae commented 4 months ago

ImagePullPolicy is set to never in the runtime manifest but pods for pre-install use ImagePullPolicy: Always

To Reproduce

apiVersion: confidentialcontainers.org/v1beta1
kind: CcRuntime
metadata:
  name: ccruntime-sample
  namespace: confidential-containers-system
spec:
  ccNodeSelector:
    matchLabels:
      node.kubernetes.io/worker: ""
  config:
    cleanupCmd:
    - /opt/kata-artifacts/scripts/kata-deploy.sh
    - reset
    debug: false
    defaultRuntimeClassName: kata-qemu
    environmentVariables:
    - name: INSTALL_OFFICIAL_CONTAINERD
      value: "false"
    imagePullPolicy: Never
    installCmd:
    - /opt/kata-artifacts/scripts/kata-deploy.sh
    - install

Describe the results you expected Pods having ImagePullPolicy always

Describe the results you received:

kubectl -n confidential-containers-system get pod cc-operator-pre-install-daemon-d2d4l -o yaml | grep imagePull
    imagePullPolicy: Always

Additional context https://github.com/confidential-containers/operator/blob/main/controllers/ccruntime_controller.go#L920

Xynnn007 commented 6 hours ago

Thanks @teodor-pripoae for rasing this up. I met the same issue and now I am using kubectl edit as a workaround now, though I know the best way is to set in yaml

mythi commented 3 hours ago

This issue is fixed by #396 but I believe it did not get into v0.10.0.

Anyway, marking this as closed.