New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add admission controller to force image pulls #18909
Add admission controller to force image pulls #18909
Conversation
|
@kubernetes/rh-cluster-infra @smarterclayton @deads2k @liggitt @kubernetes/sig-node @davidopp |
| limitations under the License. | ||
| */ | ||
|
|
||
| package alwayspullimages |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Godoc here for the package explaining why you would use this.
|
Otherwise looks fine to me. |
|
|
||
| func (a *alwaysPullImages) Admit(attributes admission.Attributes) (err error) { | ||
| // Ignore all calls to subresources or resources other than pods. | ||
| if attributes.GetSubresource() != "" || attributes.GetResource() != api.Resource("pods") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
len(...) == 0
|
Labelling this PR as size/L |
|
|
||
| // TestAdmission verifies all create requests for pods result in every container's image pull policy | ||
| // set to Always | ||
| func TestAdmission(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test case for non-pod object.
|
GCE e2e test build/test passed for commit a079283d1a0d3483299ce3980688f2d942100c93. |
a079283
to
dfbfc1f
Compare
|
@smarterclayton @pmorie updated, PTAL. |
|
LGTM, squash and I'll tag |
dfbfc1f
to
410cd42
Compare
|
Squashed |
|
Oops, one more spot - document here:
https://github.com/kubernetes/kubernetes/blob/master/docs/admin/admission-controllers.md
|
|
Roger that |
410cd42
to
f175a22
Compare
Add an admission controller that forces every container's image pull policy to Always when a pod is created.
|
@smarterclayton doc updated |
|
GCE e2e test build/test passed for commit dfbfc1f78b7ffdc962471e85829a097357ad27d2. |
|
GCE e2e build/test failed for commit 410cd42b3d20eaf0547968ee1ca519045052763c. |
|
unrelated e2e failure: |
|
GCE e2e test build/test passed for commit f175a22. |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e test build/test passed for commit f175a22. |
|
Automatic merge from submit-queue |
Auto commit by PR queue bot
Add an admission controller that forces every container's image pull policy to
Always when a pod is created.
Refs #18787