Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

imagePullPolicy: IfNotPresent for all versioned containers #4212

Merged
merged 4 commits into from
Nov 8, 2018
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/clusterdefinition.md
Original file line number Diff line number Diff line change
Expand Up @@ -387,8 +387,8 @@ Below is a list of apiserver options that acs-engine will configure by default:

| apiserver option | default value |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| "--admission-control" | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,AlwaysPullImages" (Kubernetes versions prior to 1.9.0 |
| "--enable-admission-plugins"`*` | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,AlwaysPullImages" (Kubernetes versions 1.9.0 and later |
| "--admission-control" | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota" (Kubernetes versions prior to 1.9.0) |
| "--enable-admission-plugins"`*` | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,ExtendedResourceToleration" (Kubernetes versions 1.9.0 and later) |
CecileRobertMichon marked this conversation as resolved.
Show resolved Hide resolved
| "--authorization-mode" | "Node", "RBAC" (_the latter if enabledRbac is true_) |
| "--audit-log-maxage" | "30" |
| "--audit-log-maxbackup" | "10" |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ spec:
containers:
- name: kubedns
image: <img>
imagePullPolicy: IfNotPresent
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
Expand Down Expand Up @@ -143,6 +144,7 @@ spec:
mountPath: /kube-dns-config
- name: dnsmasq
image: <imgMasq>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
Expand Down Expand Up @@ -181,6 +183,7 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: <imgSidecar>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ spec:
serviceAccountName: heapster
containers:
- image: <img>
imagePullPolicy: IfNotPresent
command:
- "/heapster"
- "--source=kubernetes.summary_api:\"\""
Expand All @@ -108,6 +109,7 @@ spec:
cpu: 80m
memory: 140Mi
- image: <imgNanny>
imagePullPolicy: IfNotPresent
command:
- "/pod_nanny"
- "--cpu=80m"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
- args:
- --heapster-host=http://heapster.kube-system:80
image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: "/"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ spec:
serviceAccountName: heapster
containers:
- image: <img>
imagePullPolicy: IfNotPresent
command:
- "/heapster"
- "--source=kubernetes.summary_api:\"\""
Expand All @@ -108,6 +109,7 @@ spec:
cpu: 80m
memory: 140Mi
- image: <imgNanny>
imagePullPolicy: IfNotPresent
command:
- "/pod_nanny"
- "--cpu=80m"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ spec:
- name: PROMETHEUS_PORT
value: "10055"
image: <img>
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
Expand Down Expand Up @@ -134,6 +135,7 @@ spec:
- "--server=/ip6.arpa/127.0.0.1#10053"
- "--log-facility=-"
image: <imgMasq>
imagePullPolicy: IfNotPresent
name: dnsmasq
ports:
- containerPort: 53
Expand All @@ -156,6 +158,7 @@ spec:
- name: PROBE_DOMAINS
value: bing.com kubernetes.default.svc.<domain>
image: <imgHealthz>
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
- args:
- --heapster-host=http://heapster.kube-system:80
image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: "/"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ spec:
serviceAccountName: heapster
containers:
- image: <img>
imagePullPolicy: IfNotPresent
command:
- "/heapster"
- "--source=kubernetes.summary_api:\"\""
Expand All @@ -108,6 +109,7 @@ spec:
cpu: 80m
memory: 140Mi
- image: <imgNanny>
imagePullPolicy: IfNotPresent
command:
- "/pod_nanny"
- "--cpu=80m"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ spec:
- name: PROMETHEUS_PORT
value: "10055"
image: <img>
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
Expand Down Expand Up @@ -134,6 +135,7 @@ spec:
- "--server=/ip6.arpa/127.0.0.1#10053"
- "--log-facility=-"
image: <imgMasq>
imagePullPolicy: IfNotPresent
name: dnsmasq
ports:
- containerPort: 53
Expand All @@ -156,6 +158,7 @@ spec:
- name: PROBE_DOMAINS
value: bing.com kubernetes.default.svc.<domain>
image: <imgHealthz>
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
- args:
- --heapster-host=http://heapster.kube-system:80
image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: "/"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ spec:
containers:
- name: kubedns
image: <img>
imagePullPolicy: IfNotPresent
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
Expand Down Expand Up @@ -142,6 +143,7 @@ spec:
mountPath: /kube-dns-config
- name: dnsmasq
image: <imgMasq>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
Expand Down Expand Up @@ -180,6 +182,7 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: <imgSidecar>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
Expand Down
1 change: 1 addition & 0 deletions parts/k8s/addons/azure-cni-networkmonitor.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
containers:
- name: azure-cnms
image: <img>
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
env:
Expand Down
1 change: 1 addition & 0 deletions parts/k8s/addons/ip-masq-agent.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ spec:
containers:
- name: azure-ip-masq-agent
image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.0
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ spec:
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.2"
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: "100m"
Expand Down Expand Up @@ -203,7 +203,7 @@ spec:
containers:
- name: mic
image: mcr.microsoft.com/k8s/aad-pod-identity/mic:1.2
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ spec:
beta.kubernetes.io/os: linux
containers:
- image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
name: cluster-autoscaler
resources:
limits:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ spec:
priorityClassName: system-cluster-critical
containers:
- image: <img>
imagePullPolicy: IfNotPresent
name: heapster
resources:
limits:
Expand All @@ -126,6 +127,7 @@ spec:
- /heapster
- --source=kubernetes.summary_api:''
- image: <imgNanny>
imagePullPolicy: IfNotPresent
name: heapster-nanny
resources:
limits:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
containers:
- name: keyvault-flexvolume
image: mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v0.0.5
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: <cpuReq>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ spec:
containers:
- name: kubedns
image: <img>
imagePullPolicy: IfNotPresent
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
Expand Down Expand Up @@ -144,6 +145,7 @@ spec:
mountPath: /kube-dns-config
- name: dnsmasq
image: <imgMasq>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
Expand Down Expand Up @@ -182,6 +184,7 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: <imgSidecar>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ spec:
- --cluster-cidr=<CIDR>
- --feature-gates=ExperimentalCriticalPodAnnotation=true
image: <img>
imagePullPolicy: IfNotPresent
name: kube-proxy
resources:
requests:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ spec:
beta.kubernetes.io/os: linux
containers:
- image: <img>
imagePullPolicy: IfNotPresent
name: rescheduler
resources:
requests:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ spec:
- --auto-generate-certificates
- --heapster-host=http://heapster.kube-system:80
image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: "/"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ spec:
containers:
- name: metrics-server
image: <img>
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --source=kubernetes.summary_api:''
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ spec:
- name: TILLER_HISTORY_MAX
value: "<maxHist>"
image: <img>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /liveness
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ spec:
containers:
- name: cloud-controller-manager
image: <img>
imagePullPolicy: IfNotPresent
command: ["cloud-controller-manager"]
args: [<config>]
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ spec:
containers:
- name: kube-addon-manager
image: <img>
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 5m
Expand Down
1 change: 1 addition & 0 deletions parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ spec:
containers:
- name: kube-apiserver
image: <img>
imagePullPolicy: IfNotPresent
command: ["/hyperkube", "apiserver"]
args: [<args>]
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ spec:
containers:
- name: kube-controller-manager
image: <img>
imagePullPolicy: IfNotPresent
command: ["/hyperkube", "controller-manager"]
args: [<args>]
volumeMounts:
Expand Down
1 change: 1 addition & 0 deletions parts/k8s/manifests/kubernetesmaster-kube-scheduler.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ spec:
containers:
- name: kube-scheduler
image: <img>
imagePullPolicy: IfNotPresent
command: ["/hyperkube", "scheduler"]
args: [<args>]
volumeMounts:
Expand Down
4 changes: 2 additions & 2 deletions pkg/api/defaults-apiserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,9 +143,9 @@ func getDefaultAdmissionControls(cs *ContainerService) (string, string) {
// Add new version case when applying admission controllers only available in that version or later
switch {
case common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.9.0"):
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,AlwaysPullImages,ExtendedResourceToleration"
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,ExtendedResourceToleration"
default:
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,AlwaysPullImages"
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
}

// Pod Security Policy configuration
Expand Down