Fix Allow IfNotPresent policy when operator-sdk run bundle
#6795
#6851
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change:
❯ go run cmd/operator-sdk/main.go run bundle Error: accepts 1 arg(s), received 0 Usage: operator-sdk run bundle <bundle-image> [flags] Flags: --ca-secret-name string Name of a generic secret containing a PEM root certificate file required to pull bundle images. This secret *must* be in the namespace that this command is configured to run in, and the file *must* be encoded under the key "cert.pem" --decompression-image string image used in an init container in the registry pod to decompress the compressed catalog contents. cat and gzip binaries are expected to exist in the PATH (default "registry.access.redhat.com/ubi8:8.9") -h, --help help for bundle + --image-pull-policy string image pull policy for the registry pod (default "Always") --index-image string index image in which to inject bundle (default "quay.io/operator-framework/opm:latest") --install-mode InstallModeValue install mode --kubeconfig string Path to the kubeconfig file to use for CLI requests. -n, --namespace string If present, namespace scope for this CLI request --pull-secret-name string Name of image pull secret ("type: kubernetes.io/dockerconfigjson") required to pull bundle images. This secret *must* be both in the namespace and an imagePullSecret of the service account that this command is configured to run in --security-context-config SecurityContext specifies the security context to use for the catalog pod. allowed: 'restricted', 'legacy'. (default legacy) --service-account string Service account name to bind registry objects to. If unset, the default service account is used. This value does not override the operator's service account --skip-tls skip authentication of image registry TLS certificate when pulling a bundle image in-cluster --skip-tls-verify skip TLS certificate verification for container image registries while pulling bundles --timeout duration Duration to wait for the command to complete before failing (default 2m0s) --use-http use plain HTTP for container image registries while pulling bundles Global Flags: --plugins strings plugin keys to be used for this subcommand execution --verbose Enable verbose logging FATA[0000] accepts 1 arg(s), received 0 exit status 1
Motivation for the change:
When pushing bundle to temp registry like ttl.sh, images ought to become unavailable eventually. We want pod restarts if any to not result in pull errors. The images will be tagged with a short sha hash so it should be "globally unique" to the user working on a branch.
Fixes #6795
Checklist
If the pull request includes user-facing changes, extra documentation is required:
changelog/fragments
(seechangelog/fragments/00-template.yaml
)website/content/en/docs