Reputation: 180
Kubernetes imagePullPolicy:always behavior change?
I've been reading about the Kubernetes imagePullPolicy attribute when set to 'always', and it seems like something has changed:
Up through version 1.21 of the documentation, it said the following:
If you would like to always force a pull, you can do one of the following:
- set the imagePullPolicy of the container to Always.
- omit the imagePullPolicy and use :latest as the tag for the image to use; Kubernetes will set the policy to Always.
- omit the imagePullPolicy and the tag for the image to use.
- enable the AlwaysPullImages admission controller.
But starting with version 1.22 of the K8S documentation, it says imagePullPolicy works as follows when set to always:
Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest. If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet pulls the image with the resolved digest, and uses that image to launch the container.
These are very different explanations: <= 1.21, it says that 'always' forces the image to always be pulled from the registry. But >=1.22, it says 'always' forces a digest check against the registry, but will use a cached copy if nothing changed.
I'm trying to understand if the behavior actually changed starting in 1.22, or was this simply a change to the explanation and documentation?
Upvotes: 2
Views: 1275
Answers (1)
Reputation: 1664
I think this change tends to save network bandwidth rather than changing the behaviour. In 1.21 or earlier versions, k8s is Always trying to pull the image all over again without checking some image layers exists on the node or not. In the new version, k8s will check the image layers and if they exist, it will pull only the missing layers. Yes, behavior is changed to some extent but users & clusters are not supposed to be effected negatively by this change.
These lines below in the same documentation indicates that its ultimate behaviour will not change;
The caching semantics of the underlying image provider make even imagePullPolicy: Always efficient, as long as the registry is reliably accessible. Your container runtime can notice that the image layers already exist on the node so that they don't need to be downloaded again.
Note:
You should avoid using the :latest tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly.
Upvotes: 3
Related Questions
- setting image pull policy using kubectl
- Kubectl update imagePullPolicy
- Difference between Always and IfNotPresent imagePullPolicy
- What's the benefit of not using ImagePullPolicy set to Always?
- kubernetes keeps on pulling old image, even with imagePullPolicy set to Always
- kubernetes imagePullPolicy:Always is not pulling image automatically
- Kubernetes ImagePullPolicy is not working
- Why imagePullPolicy cannot be changed to other than Always in Kubernetes
- Kubernetes rolling update with different image
- Kubernetes rolling update vs set image