diff --git a/internal/olm/operator/registry/fbcindex/fbc_registry_pod.go b/internal/olm/operator/registry/fbcindex/fbc_registry_pod.go index ec898394ef9..4abc2f238af 100644 --- a/internal/olm/operator/registry/fbcindex/fbc_registry_pod.go +++ b/internal/olm/operator/registry/fbcindex/fbc_registry_pod.go @@ -60,6 +60,9 @@ type FBCRegistryPod struct { //nolint:maligned // BundleItems contains all bundles to be added to a registry pod. BundleItems []index.BundleItem + // ImagePullPolicy is the image pull policy for the registry pod, default is PullAlways + ImagePullPolicy corev1.PullPolicy + // Index image contains a database of pointers to operator manifest content that is queriable via an API. // new version of an operator bundle when published can be added to an index image IndexImage string @@ -156,6 +159,11 @@ func (f *FBCRegistryPod) Create(ctx context.Context, cfg *operator.Configuration } } + if f.ImagePullPolicy == "" { + f.ImagePullPolicy = corev1.PullAlways + } + f.pod.Spec.Containers[0].ImagePullPolicy = f.ImagePullPolicy + if err := f.cfg.Client.Create(ctx, f.pod); err != nil { return nil, fmt.Errorf("error creating pod: %w", err) } diff --git a/internal/olm/operator/registry/index/registry_pod.go b/internal/olm/operator/registry/index/registry_pod.go index 337df0ea224..ccbf9bf3166 100644 --- a/internal/olm/operator/registry/index/registry_pod.go +++ b/internal/olm/operator/registry/index/registry_pod.go @@ -58,6 +58,9 @@ type SQLiteRegistryPod struct { //nolint:maligned // BundleItems contains all bundles to be added to a registry pod. BundleItems []BundleItem + // ImagePullPolicy is the image pull policy for the registry pod, default is PullAlways + ImagePullPolicy corev1.PullPolicy + // Index image contains a database of pointers to operator manifest content that is queriable via an API. // new version of an operator bundle when published can be added to an index image IndexImage string @@ -151,6 +154,11 @@ func (rp *SQLiteRegistryPod) Create(ctx context.Context, cfg *operator.Configura } } + if rp.ImagePullPolicy == "" { + rp.ImagePullPolicy = corev1.PullAlways + } + rp.pod.Spec.Containers[0].ImagePullPolicy = rp.ImagePullPolicy + if err := rp.cfg.Client.Create(ctx, rp.pod); err != nil { return nil, fmt.Errorf("error creating pod: %w", err) } diff --git a/internal/olm/operator/registry/index_image.go b/internal/olm/operator/registry/index_image.go index f7ea0f11103..b16aa09bb65 100644 --- a/internal/olm/operator/registry/index_image.go +++ b/internal/olm/operator/registry/index_image.go @@ -97,6 +97,7 @@ type IndexImageCatalogCreator struct { HasFBCLabel bool FBCContent string PackageName string + ImagePullPolicy string IndexImage string InitImage string BundleImage string @@ -138,6 +139,7 @@ func (c *IndexImageCatalogCreator) BindFlags(fs *pflag.FlagSet) { "while pulling bundles") fs.BoolVar(&c.UseHTTP, "use-http", false, "use plain HTTP for container image registries "+ "while pulling bundles") + fs.StringVar(&c.ImagePullPolicy, "image-pull-policy", string(corev1.PullAlways), "image pull policy for the registry pod") // default to Legacy c.SecurityContext = SecurityContext{ContextType: Legacy} @@ -531,6 +533,7 @@ func (c IndexImageCatalogCreator) createAnnotatedRegistry(ctx context.Context, c InitImage: c.InitImage, FBCContent: c.FBCContent, SecurityContext: c.SecurityContext.String(), + ImagePullPolicy: corev1.PullPolicy(c.ImagePullPolicy), } pod, err = fbcRegistryPod.Create(ctx, c.cfg, cs) @@ -548,6 +551,7 @@ func (c IndexImageCatalogCreator) createAnnotatedRegistry(ctx context.Context, c SkipTLSVerify: c.SkipTLSVerify, UseHTTP: c.UseHTTP, SecurityContext: c.SecurityContext.String(), + ImagePullPolicy: corev1.PullPolicy(c.ImagePullPolicy), } if registryPod.DBPath, err = c.getDBPath(ctx); err != nil { diff --git a/website/content/en/docs/cli/operator-sdk_run_bundle-upgrade.md b/website/content/en/docs/cli/operator-sdk_run_bundle-upgrade.md index f24f64d8628..354520bb644 100644 --- a/website/content/en/docs/cli/operator-sdk_run_bundle-upgrade.md +++ b/website/content/en/docs/cli/operator-sdk_run_bundle-upgrade.md @@ -21,6 +21,7 @@ operator-sdk run bundle-upgrade [flags] ``` --ca-secret-name string Name of a generic secret containing a PEM root certificate file required to pull bundle images. This secret *must* be in the namespace that this command is configured to run in, and the file *must* be encoded under the key "cert.pem" -h, --help help for bundle-upgrade + --image-pull-policy string image pull policy for the registry pod (default "Always") --kubeconfig string Path to the kubeconfig file to use for CLI requests. -n, --namespace string If present, namespace scope for this CLI request --pull-secret-name string Name of image pull secret ("type: kubernetes.io/dockerconfigjson") required to pull bundle images. This secret *must* be both in the namespace and an imagePullSecret of the service account that this command is configured to run in diff --git a/website/content/en/docs/cli/operator-sdk_run_bundle.md b/website/content/en/docs/cli/operator-sdk_run_bundle.md index 8a168fa7db9..fee6c8b10ab 100644 --- a/website/content/en/docs/cli/operator-sdk_run_bundle.md +++ b/website/content/en/docs/cli/operator-sdk_run_bundle.md @@ -31,6 +31,7 @@ operator-sdk run bundle [flags] --ca-secret-name string Name of a generic secret containing a PEM root certificate file required to pull bundle images. This secret *must* be in the namespace that this command is configured to run in, and the file *must* be encoded under the key "cert.pem" --decompression-image string image used in an init container in the registry pod to decompress the compressed catalog contents. cat and gzip binaries are expected to exist in the PATH (default "registry.access.redhat.com/ubi8:8.9") -h, --help help for bundle + --image-pull-policy string image pull policy for the registry pod (default "Always") --index-image string index image in which to inject bundle (default "quay.io/operator-framework/opm:latest") --install-mode InstallModeValue install mode --kubeconfig string Path to the kubeconfig file to use for CLI requests.