-
-
Save itaysk/7bc3e56d69c4d72a549286d98fd557dd to your computer and use it in GitHub Desktop.
| ### | |
| # There's a newer version available here: | |
| # https://github.com/itaysk/kube-imagepuller | |
| # All future updates will be made there. | |
| # Please also post you questions as issues on that repo instead of commenting here | |
| ### | |
| apiVersion: apps/v1beta2 | |
| kind: DaemonSet | |
| metadata: | |
| name: prepull | |
| annotations: | |
| source: "https://gist.github.com/itaysk/7bc3e56d69c4d72a549286d98fd557dd" | |
| spec: | |
| selector: | |
| matchLabels: | |
| name: prepull | |
| template: | |
| metadata: | |
| labels: | |
| name: prepull | |
| spec: | |
| initContainers: | |
| - name: prepull | |
| image: docker | |
| command: ["docker", "pull", "hello-world"] | |
| volumeMounts: | |
| - name: docker | |
| mountPath: /var/run | |
| volumes: | |
| - name: docker | |
| hostPath: | |
| path: /var/run | |
| containers: | |
| - name: pause | |
| image: gcr.io/google_containers/pause |
@pengsun : not sure that's the best solution to use a ReplicaSet here, I prefer DaemonSet. Second, I think using podspec.imagepullsecret won't work here because the docker init container is not using this secret. I've posted an update to address this here https://github.com/itaysk/kube-imagepuller
I just tried this on GCP but I am getting:
Error response from daemon: Head https://us-central1-docker.pkg.dev/v2/PROJECT_ID/...0.0.1: denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/PROJECT_ID/locations/us-central1/repositories/REPOSITORY" (or it may not exist)
The image does exist definitely, it's running on other nodes, so it appears that the DaemonSet simply does not have the permission to run docker pull. Any idea who I can make this work?
@itaysk also I was wondering if we could do something like this:
initContainers:
- name: prepull
image: "<image-url>"
env:
SHUTDOWN: "True" # Signal your application to shutdown immediately
Basically, use the image that you would like to pull directly but set an environment variable to make sure your application shuts-down (or does never actually start). This way the image should get pulled too I guess?
Update: Okay, this appears to work but I'd prefer the other way. Using env is just a bit ugly.
@xoen : Daemonset transitioned between apps, extentions, beta and stable along the different version of Kubernetes. Best to check the correct version for you by checking the online docs for your version.
Also, I've created a Helm chart for this here: https://github.com/itaysk/kube-imagepuller which detects the correct version