Kubeadm: Document how to pre-pull images

Created on 22 Nov 2016 · 20Comments · Source: kubernetes/kubeadm

_From @bulletRush on October 21, 2016 7:50_

Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see http://kubernetes.io/docs/troubleshooting/.):
No.

**What keywords did you search in Kubernetes issues before filing this one?:
kubeadm, kubeadm pull, kubeadm image

Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST

Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"4+", GitVersion:"v1.4.0-beta.8", GitCommit:"3040f87c570a772ce94349b379f41f329494a4f7", GitTreeState:"clean", BuildDate:"2016-09-18T21:06:37Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"}

Environment:

Cloud provider or hardware configuration: vmware virtual machine 2c4g
OS (e.g. from /etc/os-release): centos 7.2
Kernel (e.g. uname -a): Linux 130 3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18 13:04:29 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Install tools:
Others:

Hi, I have implement pre pull image and configurable pods.
so you can:

pre download kube-apiserver/kcm and so on images before write static manifests.
you can download image from docker hub instead of "gcr.io". so you can use a docker hub mirror now.
use custom configuration in pod(not fully test).

To use this feature, you can run kubeadm in this command ./kubeadm init --config=config.json. a short sample about config.json :

{
    "podSpecs": {
        "dummy": {
            "containers": [
                {
                    "image": "barrettwu/pause-amd64:3.0",
                    "imagePullPolicy": "IfNotPresent",
                    "name": "dummy",
                    "resources": {}
                }
            ],
            "securityContext": {
                "hostNetwork": true
            },
            "serviceAccountName": "",
            "volumes": null
        }
    },
    "prePullPods": [ 
        "dummy"
    ]
}

when you run kubeadm by ./kubeadm --config=config.json, the output will show you the image pull process:

[root@130 kubeadm]# ./kubeadm init --config=config.json 
Running pre-flight checks
<master/tokens> generated token: "79284f.3e6b319b0ae9ad6f"
prePullPods: [etcd kube-apiserver kube-scheduler pause kube-controller-manager kube-discovery dummy addonImages]
pre pull image "weaveworks/weave-npc:1.7.2" in pod "addonImages"
1.7.2: Pulling from weaveworks/weave-npc

2aff618222e8: Pull complete 
b6f276ea2686: Downloading [=======================>                           ] 6.106 MB/12.92 MB
a3ed95caeb02: Download complete 
^Ced95caeb02: Pulling fs layer

If you config kube-apiserver, kube-controller-manager in this config file, the static pod manifests genereted by kubeadm will use podSpec definition in this file.

but I still have some confuse about my implementation:

what's your idea to implement this feature? my implementation has so much of shortage.
- conflict with pre-flight check if you use custom pod config.
- only images listed both in prePullPods and podSpecs can be download.
should I remove the configurable pod feature to make a pr? because this have a lot of limitation and will cause kubelet failed to start some pod if some static manifest generated rule changed.

_Copied from original issue: kubernetes/kubernetes#35264_

documentatiocontent-gap kinsupport prioritbacklog

Source

mikedanese

👍1

Most helpful comment

I need this kind of thing too.

kfox1111 on 10 Dec 2016

👍5

All 20 comments

_From @errordeveloper on October 24, 2016 11:18_

@bulletRush thank you very much for this proposal. We have considered this already, and we will very likely implement it soon.

mikedanese on 22 Nov 2016

_From @bulletRush on October 24, 2016 14:25_

@errordeveloper, may i do something for this feature?

mikedanese on 22 Nov 2016

@bulletRush can you send a documentation patch how to pre-pull the images?

luxas on 25 Nov 2016

This documentation need at least one request: change image pull policy from default(which is always) to IfNotPresent. Second, kubeadm need a new flag(e.g. kubeadm list-images as jbeda mentioned) which can tell people which images need pre-pull).
I can make a pr for first request. If second request is acceptable, I can do this also. After this two requests are satisfied, then I can send a doc patch which use @jbeda's method.

My refused pr is here: [kubeadm] specify an alternate location for all images and pre pull them. I still think a support for pre pull directly is more friendly for newbee.

bulletRush on 26 Nov 2016

and what's for-new-contributors label means?

bulletRush on 26 Nov 2016

I need this kind of thing too.

kfox1111 on 10 Dec 2016

👍5

See: #101

luxas on 17 Jan 2017

hope the command kubeadm list-images been implemented asap, waiting for the guide.

KeithTt on 25 Jan 2017

I think that it would be useful to know what images the new config needs, not the current one. The process of the software update is as follows:

determine which images will be needed (currently, by grepping through yaml)
pre-pull these images
good luck, everybody
kubectl apply
things calm down
done

ChipmunkV on 13 Apr 2017

just to clarify; has this feature been implemented and is awaiting documentation? or it has not been implemented? what's the workflow to pre-pull an image? if not, do you need help to move this along?

ilackarms on 10 May 2017

Seems like the work items here are:

Implement new command into kubeadm, list-images, which tells users what to pre-pull
Document
Change image pull policy on all containers to IfNotPresent

Is that a fair assessment @bulletRush ?

jamiehannaford on 30 Jun 2017

Change image pull policy on all containers to IfNotPresent

Have been the case since v1.5 at least, probably earlier as well

Document

There is docs on what master images can be used per branch already

Implement new command into kubeadm, list-images, which tells users what to pre-pull

We decided to document on the site instead of building it into kubeadm

@jamiehannaford Fair enough?

luxas on 30 Jun 2017

@luxas Sounds good, didn't realise all this was already there 😄 If that's the case, does this issue need to stay open?

jamiehannaford on 30 Jun 2017

I think it can be closed

luxas on 30 Jun 2017

is there no kube command to pre-pull images? must it be done manually (ssh to node and docker pull)?

ilackarms on 30 Jun 2017

@ilackarms Perfectly right. kubeadm doesn't care about which CRI runtime to use.
It can be docker, containerd, frakti, cri-o, rkt or whatever. There's no way for kubeadm to know which one you're using.

luxas on 30 Jun 2017

👍1

@luxas maybe for that reason there should be a kubeadm or kubectl command for pre-pulling an image? since the kubelet knows how to pull anyway (via the CRI)

ilackarms on 30 Jun 2017

@ilackarms That is a sig-node feature in that case; to expose a "Pull API" in the Kubelet API (a quite big one).
Feel free to open such an issue in the main repo and work on a proposal for that feature.

However, such a thing doesn't exist right now, so there is no client like kubeadm or kubectl that can consume it.

luxas on 30 Jun 2017

understood @luxas. probably we would want to bubble up that api from the kubelet through the apiserver so a kube client can request that an image be pre-pulled (e.g. to eliminate cold start times)

ilackarms on 30 Jun 2017

+1 for a pre-pull api.

In the mean time, I've usually hacked around the lack by using a daemonset with the containers to be kept hot with the container command overridden to be:

command: [/bin/sh,-c,'while true; do sleep 1000; done']

kfox1111 on 30 Jun 2017

Was this page helpful?

0 / 5 - 0 ratings