Skip to content

Commit 105b75e

Browse files
committed
Add note about volume lifecycle and pod eviction
Signed-off-by: Sascha Grunert <[email protected]>
1 parent 55e87ce commit 105b75e

File tree

1 file changed

+7
-1
lines changed
  • keps/sig-node/4639-oci-volume-source

1 file changed

+7
-1
lines changed

keps/sig-node/4639-oci-volume-source/README.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,9 @@ Beside that, I want:
215215
- to package this file in an OCI object to take advantage of OCI distribution.
216216
- the image to be downloaded with the same credentials that kubelet using for other images.
217217
- to be able to use image pull secrets when downloading the image if an image is from the registry that requires image pull secrets.
218+
- to be able to update the configuration if the artifact is referenced by a
219+
moving tag like `latest`. To achieve that, I just have to restart the pod and
220+
specify a `pullPolicy` of `Always`.
218221

219222
#### Story 2
220223

@@ -369,10 +372,13 @@ While the `imagePullPolicy` is working on container level, the introduced
369372
`pullPolicy` is a pod level construct. This means that we can support the same
370373
values `IfNotPresent`, `Always` and `Never`, but will only pull once per pod.
371374

372-
This means we need to pull in [`SyncPod`](https://github.com/kubernetes/kubernetes/blob/b498eb9/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1049)
375+
Technically it means that we need to pull in [`SyncPod`](https://github.com/kubernetes/kubernetes/blob/b498eb9/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L1049)
373376
for OCI objects on a pod level and not during [`EnsureImageExists`](https://github.com/kubernetes/kubernetes/blob/b498eb9/pkg/kubelet/images/image_manager.go#L102)
374377
before the container gets started.
375378

379+
If users want to re-pull artifacts when referencing moving tags like `latest`,
380+
then they need to restart / evict the pod.
381+
376382
##### Registry authentication
377383

378384
For registry authentication purposes the same logic will be used as for the

0 commit comments

Comments
 (0)