2055049 – No pre-caching for NFD images

Bug 2055049 - No pre-caching for NFD images

Summary: No pre-caching for NFD images

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node Feature Discovery Operator
Sub Component:
Version:	4.11
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.11.0
Assignee:	Carlos Eduardo Arango Gutierrez
QA Contact:	Lena Horsley
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2052622 2055244
TreeView+	depends on / blocked

Reported:	2022-02-16 09:26 UTC by Artyom
Modified:	2022-08-10 10:24 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2055244 (view as bug list)
Environment:
Last Closed:	2022-08-10 10:23:42 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-nfd-operator pull 241	0	None	open	Bug 2055049: Do not set explicitly image pull policy to Always	2022-02-16 10:40:15 UTC
Red Hat Product Errata	RHSA-2022:5070	0	None	None	None	2022-08-10 10:24:00 UTC

Description Artyom 2022-02-16 09:26:47 UTC

Description of problem:

In Telco far edge use case, a cluster might have limited management bandwidth.
Upgrading such a cluster is expected to be time-limited (capped by a maintenance window) and will involve container image pre-caching on the node.
Image pre-caching solution for nodes with limited management bandwidth relies on the assumption, that workloads can use locally stored images without contacting a registry.  This is possible if the container image pull policy is set to "IfNotPresent".
The NFD operator is using Always as the pull policy, we should delete the policy and have the default behavior:

When you (or a controller) submit a new Pod to the API server, your cluster sets the image pull policy field when specific conditions are met:

1. if you omit the imagePullPolicy field, and the tag for the container image is :latest, imagePullPolicy is automatically set to Always

2. if you omit the imagePullPolicy field, and you don't specify the tag for the container image, imagePullPolicy is automatically set to Always;

3.if you omit the imagePullPolicy field, and you specify the tag for the container image that isn't :latest, the imagePullPolicy is automatically set to IfNotPresent.


Version-Release number of selected component (if applicable):
master

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Artyom 2022-02-16 09:55:22 UTC

After digging into the documentation, I can see it is possible to specify the image pull policy during the creation of NFD components.

From https://docs.openshift.com/container-platform/4.9/hardware_enablement/psap-node-feature-discovery-operator.html:

You can edit the CR to choose another namespace, image, imagePullPolicy, and nfd-worker-conf, among other options.

But we still should update the operator pull policy to correct one.

Comment 7 errata-xmlrpc 2022-08-10 10:23:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.11.0 extras and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5070

Note You need to log in before you can comment on or make changes to this bug.