Allow ability for RKE2 to pull / cache required images before startup

[HoustonDad]

Is your feature request related to a problem? Please describe. When spinning up infra for kubernetes platforms, especially those systems that are on slow / unstable networks. While there are other tools for pulling required images, having this capability built into RKE2 would alleviate the need for yet another binary. Allowing RKE2 itself to stage these images ahead of time would decrease the 'thundering' herd of resource saturation (CPU/Bandwidth, etc) when multiple clusters are starting at once.

Describe the solution you'd like The preferred solution would be similar to kubeadm config images pull, where RKE2 would know what images it requires to start fully, and would download those images ahead of time, without the need to start RKE2 fully.

The workflow would look something like:

curl -sfL https://get.rke2.io | sh -
rke2 images pull
systemctl enable rke2-server && systemctl start rke2-server

Describe alternatives you've considered Hauler and the docker load/save scripts can be used for this, but it's just another set of scripts / yet another binary that's required vs the functionality being built in.

[brandond]

You can already do this. Just put .txt files in the agent/images dir. One image per line in the file. File name does not matter, only the extension. Images listed in txt files will be pulled during startup, at the same stage of startup as importing airgap image tarballs.

[HoustonDad]

Howdy,

The main issue with the way RKE2 currently does image loading is that it requires some sort of container registry to be available to the node at runtime in order to access the images.

The solution we proposed would allow customers to build, for example, a virtual machine image that comes with RKE2 preinstalled and all minimum infrastructure images preloaded, without being bootstrapped. This image could then be shipped to the high side, cloned, provided a base config, and have either the server or agent service started up without any dependency on external registry servers.

The goal here is to be able to do this without having another binary to do it or script (hauler / docker-load/save).

[brandond]

The solution we proposed would allow customers to build, for example, a virtual machine image that comes with RKE2 preinstalled and all minimum infrastructure images preloaded, without being bootstrapped. The main issue with the way RKE2 currently does image loading is that it requires some sort of container registry to be available to the node at runtime in order to access the images.

This is literally what the airgap tarball images are for. Just build your VM image with compressed image tarballs in the agent images dir, as covered in the airgap install docs. The images are imported from the tarball without access to an external container image registry. It's not clear to me why having images preloaded into the containerd image store is better than this? You'd still need to start rke2 in "container runtime only" mode, have it load the images, and then shut it down again - and I don't see how this is less work than just dropping compressed image tarballs in the images dir.

The other disadvantage to doing this this is that the unpacked image layers are stored uncompressed on disk, so the VM image size will be significantly bloated compared to keeping the images in a compressed tarball that is extracted when RKE2 is started.

[brandond]

I will note that there has been a request from RFED to add an rke2 extract command (or similar) that would just do the initial bootstrap extraction of the binaries to disk, without actually starting anything. This doesn't overlap with what we're discussing here about image importing, but it seemed relevant.

Internal ref: SURE-9045 / SCC Case 01553381