Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add admission controller to force image pulls #18909

Merged

Conversation

ncdc
Copy link
Member

@ncdc ncdc commented Dec 18, 2015

Add an admission controller that forces every container's image pull policy to
Always when a pod is created.

Refs #18787

@ncdc
Copy link
Member Author

ncdc commented Dec 18, 2015

@kubernetes/rh-cluster-infra @smarterclayton @deads2k @liggitt @kubernetes/sig-node @davidopp

limitations under the License.
*/

package alwayspullimages
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Godoc here for the package explaining why you would use this.

@smarterclayton
Copy link
Contributor

Otherwise looks fine to me.


func (a *alwaysPullImages) Admit(attributes admission.Attributes) (err error) {
// Ignore all calls to subresources or resources other than pods.
if attributes.GetSubresource() != "" || attributes.GetResource() != api.Resource("pods") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

len(...) == 0

@k8s-github-robot
Copy link
Contributor

Labelling this PR as size/L

@k8s-github-robot k8s-github-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Dec 18, 2015

// TestAdmission verifies all create requests for pods result in every container's image pull policy
// set to Always
func TestAdmission(t *testing.T) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test case for non-pod object.

@k8s-bot
Copy link

k8s-bot commented Dec 18, 2015

GCE e2e test build/test passed for commit a079283d1a0d3483299ce3980688f2d942100c93.

@ncdc ncdc force-pushed the force-image-pulls-admission branch from a079283 to dfbfc1f Compare December 22, 2015 15:05
@ncdc
Copy link
Member Author

ncdc commented Dec 22, 2015

@smarterclayton @pmorie updated, PTAL.

@smarterclayton
Copy link
Contributor

LGTM, squash and I'll tag

@ncdc ncdc force-pushed the force-image-pulls-admission branch from dfbfc1f to 410cd42 Compare December 22, 2015 15:16
@ncdc
Copy link
Member Author

ncdc commented Dec 22, 2015

Squashed

@smarterclayton
Copy link
Contributor

smarterclayton commented Dec 22, 2015 via email

@ncdc
Copy link
Member Author

ncdc commented Dec 22, 2015

Roger that

@ncdc ncdc force-pushed the force-image-pulls-admission branch from 410cd42 to f175a22 Compare December 22, 2015 15:32
Add an admission controller that forces every container's image pull policy to
Always when a pod is created.
@ncdc
Copy link
Member Author

ncdc commented Dec 22, 2015

@smarterclayton doc updated

@k8s-bot
Copy link

k8s-bot commented Dec 22, 2015

GCE e2e test build/test passed for commit dfbfc1f78b7ffdc962471e85829a097357ad27d2.

@smarterclayton smarterclayton added the lgtm Indicates that a PR is ready to be merged. label Dec 22, 2015
@k8s-bot
Copy link

k8s-bot commented Dec 22, 2015

GCE e2e build/test failed for commit 410cd42b3d20eaf0547968ee1ca519045052763c.

@ncdc
Copy link
Member Author

ncdc commented Dec 22, 2015

unrelated e2e failure: [Fail] hostPath [It] should give a volume the correct mode [Conformance]

@k8s-bot
Copy link

k8s-bot commented Dec 22, 2015

GCE e2e test build/test passed for commit f175a22.

@k8s-github-robot
Copy link
Contributor

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Dec 23, 2015

GCE e2e test build/test passed for commit f175a22.

@k8s-github-robot
Copy link
Contributor

Automatic merge from submit-queue

k8s-github-robot added a commit that referenced this pull request Dec 23, 2015
@k8s-github-robot k8s-github-robot merged commit e185b10 into kubernetes:master Dec 23, 2015
@ncdc ncdc mentioned this pull request Jan 29, 2016
85 tasks
@ncdc ncdc deleted the force-image-pulls-admission branch February 13, 2017 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

8 participants