diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf index 5e36226d1..d391c75a5 100644 --- a/registry/coder/templates/kubernetes-devcontainer/main.tf +++ b/registry/coder/templates/kubernetes-devcontainer/main.tf @@ -264,7 +264,7 @@ resource "kubernetes_deployment" "main" { container { name = "dev" image = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image - image_pull_policy = "Always" + image_pull_policy = "IfNotPresent" security_context { privileged = true } @@ -455,4 +455,4 @@ resource "coder_metadata" "container_info" { key = "cache repo" value = var.cache_repo == "" ? "not enabled" : var.cache_repo } -} \ No newline at end of file +} diff --git a/registry/coder/templates/kubernetes-envbox/main.tf b/registry/coder/templates/kubernetes-envbox/main.tf index e70ad2a39..98543d9c5 100644 --- a/registry/coder/templates/kubernetes-envbox/main.tf +++ b/registry/coder/templates/kubernetes-envbox/main.tf @@ -152,7 +152,7 @@ resource "kubernetes_pod" "main" { name = "dev" # We highly recommend pinning this to a specific release of envbox, as the latest tag may change. image = "ghcr.io/coder/envbox:latest" - image_pull_policy = "Always" + image_pull_policy = "IfNotPresent" command = ["/envbox", "docker"] security_context { @@ -310,4 +310,4 @@ resource "kubernetes_pod" "main" { } } } -} \ No newline at end of file +} diff --git a/registry/coder/templates/kubernetes/main.tf b/registry/coder/templates/kubernetes/main.tf index c72316ff2..7d7c0aa87 100644 --- a/registry/coder/templates/kubernetes/main.tf +++ b/registry/coder/templates/kubernetes/main.tf @@ -287,7 +287,7 @@ resource "kubernetes_deployment" "main" { container { name = "dev" image = "codercom/enterprise-base:ubuntu" - image_pull_policy = "Always" + image_pull_policy = "IfNotPresent" command = ["sh", "-c", coder_agent.main.init_script] security_context { run_as_user = "1000"