search

devspace-sh / devspace

DevSpace - The Fastest Developer Tool for Kubernetes ⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.
https://devspace.sh
Apache License 2.0
4.19k stars 351 forks source link

Allow specifying that dev/base images be always pulled #2149

Closed withinboredom closed 2 years ago

withinboredom commented 2 years ago

Is your feature request related to a problem?
Yes

Which solution do you suggest?

Usually, dev/base images (at least in my experience) are not versioned, and tags receive regular security updates.

dev spaces

Currently, when dev spaces are deployed, they are deployed with imagePullPolicy: IfNotPresent which makes it very difficult to regularly apply security updates to a dev tag without changing (potentially) dozens of repositories and/or manually deleting the tag off the nodes.

Manually updating the deployment to pull always causes sync to break or stop working.

base images

When building new images, --pull is not passed. This means if a base image receives a security update, the developer will not get them, and then deploy that image to a cluster.

Which alternative solutions exist?

  1. version base/dev tags daily when security updates are applied. Any developer will need to update the Dockerfile to use the new tags.
  2. docker system prune --all --volumes locally to get the latest base images if you want to build them.
  3. shut down all devspaces and delete the image from each node in the cluster to update dev images.

Additional context

/kind feature

withinboredom commented 2 years ago

Just discovered #1748 which fixes the dev images:

    patches:
      - op: replace
        path: spec.containers[0].imagePullPolicy
        value: Always
withinboredom commented 2 years ago

And that args can be passed to buildkit, seems to work.

Hopefully, this will help other people who didn't RTFM.