Add imagePullPolicy to initContainer configuration

Author: eliranb

api/v1beta/lightrunjavaagent_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -41,6 +42,8 @@ type InitContainer struct {
 	SharedVolumeMountPath string `json:"sharedVolumeMountPath"`
 	// Image of the init container. Image name and tag will define platform and version of the agent
 	Image string `json:"image"`
+	// Pull policy of the init container. Can be one of: Always, IfNotPresent, or Never.
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy"`
 }
 
 // LightrunJavaAgentSpec defines the desired state of LightrunJavaAgent

charts/lightrun-agents/README.md

@@ -33,6 +33,7 @@ The values.yaml file includes the following configurable parameters for each Jav
 | `javaAgents[].containerSelector`                   | Selector for containers within the deployment to inject the Lightrun Java Agent.                                                                                                                                                                | Required                                                        |
 | `javaAgents[].deploymentName`                      | Name of the Kubernetes deployment to attach the Lightrun Java Agent.                                                                                                                                                                            | Required                                                        |
 | `javaAgents[].initContainer.image`                 | Image for the Lightrun Java Agent init container.                                                                                                                                                                                               | Required                                                        |
+| `javaAgents[].initContainer.imagePullPolicy` | Image pull policy for the init container. Can be one of: Always, IfNotPresent, or Never. | Optional (if not provided, defaults to `"IfNotPresent"`) |
 | `javaAgents[].initContainer.sharedVolumeMountPath` | Mount path for the shared volume in the init container.                                                                                                                                                                                         | Optional (if not provided, defaults to `"/lightrun"`"           |
 | `javaAgents[].initContainer.sharedVolumeName`      | Name of the shared volume for the init container.                                                                                                                                                                                               | Optional (if not provided, defaults to `"lightrun-agent-init"`" |
 | `javaAgents[].name`                                | Name of the Lightrun Java Agent custom resource.                                                                                                                                                                                                | Required                                                        |
@@ -91,6 +92,7 @@ javaAgents:
     serverHostname: 'lightrun.example.com'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"      
     agentPoolCredentials:
       existingSecret: ""
       apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
@@ -104,6 +106,7 @@ javaAgents:
     namespace: 'my-namespace-2'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"
     deploymentName: "my-deployment-2"
     containerSelector:
       - my-container-2
@@ -139,6 +142,7 @@ javaAgents:
     agentCliFlags: "--lightrun_extra_class_path=<PATH_TO_JAR>:<PATH_TO_JAR>,lightrun_init_wait_time_ms"
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"
       sharedVolumeName: 'my-shared-volume'
       sharedVolumeMountPath: '/mypath'
     agentPoolCredentials:
@@ -154,6 +158,7 @@ javaAgents:
     namespace: 'my-namespace-2'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"
       sharedVolumeName: 'my-shared-volume'
       sharedVolumeMountPath: '/mypath'
     deploymentName: "my-deployment-2"

charts/lightrun-agents/templates/java-agent-cr.yaml

@@ -8,6 +8,7 @@ metadata:
 spec:
   initContainer:
     image: {{ .initContainer.image }}
+    imagePullPolicy: {{ .initContainer.imagePullPolicy | default "IfNotPresent" }}
     sharedVolumeName: {{ .initContainer.sharedVolumeName | default "lightrun-agent-init" }}
     sharedVolumeMountPath: {{ .initContainer.sharedVolumeMountPath | default "/lightrun" }}
   deploymentName: {{ .deploymentName }}

charts/lightrun-agents/values.yaml

@@ -17,6 +17,7 @@ javaAgents: []
 #    serverHostname: 'lightrun.example.com'
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #    agentPoolCredentials:
 #      existingSecret: ""
 #      apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
@@ -30,6 +31,7 @@ javaAgents: []
 #    namespace: 'my-namespace-2'
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #    deploymentName: "my-deployment-2"
 #    containerSelector:
 #      - my-container-2
@@ -63,6 +65,7 @@ javaAgents: []
 #    agentCliFlags: "--lightrun_extra_class_path=<PATH_TO_JAR>:<PATH_TO_JAR>,lightrun_init_wait_time_ms"
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #      sharedVolumeName: 'my-shared-volume'
 #      sharedVolumeMountPath: '/mypath'
 #    agentPoolCredentials:
@@ -78,6 +81,7 @@ javaAgents: []
 #    namespace: 'my-namespace-2'
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #      sharedVolumeName: 'my-shared-volume'
 #      sharedVolumeMountPath: '/mypath'
 #    deploymentName: "my-deployment-2"

docs/custom_resource.md

@@ -11,6 +11,8 @@ spec:
     # agent version - first part of the tag (1.7.0)
     # init container sub-version - last part of the tag (init.0)
     image: "lightruncom/k8s-operator-init-java-agent-linux:1.7.0-init.0"
+    # imagePullPolicy of the init container. Can be one of: Always, IfNotPresent, or Never.
+    imagePullPolicy: "IfNotPresent"
     # Volume name in case you have some convention in the names
     sharedVolumeName: lightrun-agent-init
     # Mount path where volume will be parked. Various distributions may have it's limitations.

internal/controller/patch_funcs.go

@@ -99,54 +99,57 @@ func (r *LightrunJavaAgentReconciler) addVolume(deploymentApplyConfig *appsv1ac.
 }
 
 func (r *LightrunJavaAgentReconciler) addInitContainer(deploymentApplyConfig *appsv1ac.DeploymentApplyConfiguration, lightrunJavaAgent *agentv1beta.LightrunJavaAgent, secret *corev1.Secret) {
-
-	deploymentApplyConfig.Spec.Template.Spec.WithInitContainers(
-		corev1ac.Container().
-			WithName(initContainerName).
-			WithImage(lightrunJavaAgent.Spec.InitContainer.Image).
-			WithVolumeMounts(
-				corev1ac.VolumeMount().WithName(lightrunJavaAgent.Spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"),
-				corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"),
-			).WithEnv(
-			corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom(
-				corev1ac.EnvVarSource().WithSecretKeyRef(
-					corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"),
-				),
+	spec := lightrunJavaAgent.Spec
+	isImagePullPolicyConfigured := spec.InitContainer.ImagePullPolicy != ""
+	initContainerApplyConfig := corev1ac.Container().
+		WithName(initContainerName).
+		WithImage(spec.InitContainer.Image).
+		WithVolumeMounts(
+			corev1ac.VolumeMount().WithName(spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"),
+			corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"),
+		).WithEnv(
+		corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom(
+			corev1ac.EnvVarSource().WithSecretKeyRef(
+				corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"),
 			),
-			corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom(
-				corev1ac.EnvVarSource().WithSecretKeyRef(
-					corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"),
-				),
+		),
+		corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom(
+			corev1ac.EnvVarSource().WithSecretKeyRef(
+				corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"),
 			),
-			corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(lightrunJavaAgent.Spec.ServerHostname),
-		).
-			WithResources(
-				corev1ac.ResourceRequirements().
-					WithLimits(
-						corev1.ResourceList{
-							corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
-							corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 500 * 10^6 = 500M
-						},
-					).WithRequests(
+		),
+		corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(spec.ServerHostname),
+	).
+		WithResources(
+			corev1ac.ResourceRequirements().
+				WithLimits(
 					corev1.ResourceList{
 						corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
-						corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)),
+						corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 500 * 10^6 = 500M
 					},
-				),
-			).
-			WithSecurityContext(
-				corev1ac.SecurityContext().
-					WithCapabilities(
-						corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")),
-					).
-					WithAllowPrivilegeEscalation(false).
-					WithRunAsNonRoot(true).
-					WithSeccompProfile(
-						corev1ac.SeccompProfile().
-							WithType(corev1.SeccompProfileTypeRuntimeDefault),
-					),
+				).WithRequests(
+				corev1.ResourceList{
+					corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
+					corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)),
+				},
 			),
-	)
+		).
+		WithSecurityContext(
+			corev1ac.SecurityContext().
+				WithCapabilities(
+					corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")),
+				).
+				WithAllowPrivilegeEscalation(false).
+				WithRunAsNonRoot(true).
+				WithSeccompProfile(
+					corev1ac.SeccompProfile().
+						WithType(corev1.SeccompProfileTypeRuntimeDefault),
+				),
+		)
+	if isImagePullPolicyConfigured {
+		initContainerApplyConfig.WithImagePullPolicy(spec.InitContainer.ImagePullPolicy)
+	}
+	deploymentApplyConfig.Spec.Template.Spec.WithInitContainers(initContainerApplyConfig)
 }
 
 func (r *LightrunJavaAgentReconciler) patchAppContainers(lightrunJavaAgent *agentv1beta.LightrunJavaAgent, origDeployment *appsv1.Deployment, deploymentApplyConfig *appsv1ac.DeploymentApplyConfiguration) error {
@@ -275,53 +278,57 @@ func (r *LightrunJavaAgentReconciler) addVolumeToStatefulSet(statefulSetApplyCon
 }
 
 func (r *LightrunJavaAgentReconciler) addInitContainerToStatefulSet(statefulSetApplyConfig *appsv1ac.StatefulSetApplyConfiguration, lightrunJavaAgent *agentv1beta.LightrunJavaAgent, secret *corev1.Secret) {
-	statefulSetApplyConfig.Spec.Template.Spec.WithInitContainers(
-		corev1ac.Container().
-			WithName(initContainerName).
-			WithImage(lightrunJavaAgent.Spec.InitContainer.Image).
-			WithVolumeMounts(
-				corev1ac.VolumeMount().WithName(lightrunJavaAgent.Spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"),
-				corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"),
-			).WithEnv(
-			corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom(
-				corev1ac.EnvVarSource().WithSecretKeyRef(
-					corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"),
-				),
+	spec := lightrunJavaAgent.Spec
+	isImagePullPolicyConfigured := spec.InitContainer.ImagePullPolicy != ""
+	initContainerApplyConfig := corev1ac.Container().
+		WithName(initContainerName).
+		WithImage(spec.InitContainer.Image).
+		WithVolumeMounts(
+			corev1ac.VolumeMount().WithName(spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"),
+			corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"),
+		).WithEnv(
+		corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom(
+			corev1ac.EnvVarSource().WithSecretKeyRef(
+				corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"),
 			),
-			corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom(
-				corev1ac.EnvVarSource().WithSecretKeyRef(
-					corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"),
-				),
+		),
+		corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom(
+			corev1ac.EnvVarSource().WithSecretKeyRef(
+				corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"),
 			),
-			corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(lightrunJavaAgent.Spec.ServerHostname),
-		).
-			WithResources(
-				corev1ac.ResourceRequirements().
-					WithLimits(
-						corev1.ResourceList{
-							corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
-							corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 64M
-						},
-					).WithRequests(
+		),
+		corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(spec.ServerHostname),
+	).
+		WithResources(
+			corev1ac.ResourceRequirements().
+				WithLimits(
 					corev1.ResourceList{
 						corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
-						corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)),
+						corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 64M
 					},
-				),
-			).
-			WithSecurityContext(
-				corev1ac.SecurityContext().
-					WithCapabilities(
-						corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")),
-					).
-					WithAllowPrivilegeEscalation(false).
-					WithRunAsNonRoot(true).
-					WithSeccompProfile(
-						corev1ac.SeccompProfile().
-							WithType(corev1.SeccompProfileTypeRuntimeDefault),
-					),
+				).WithRequests(
+				corev1.ResourceList{
+					corev1.ResourceCPU:    *resource.NewMilliQuantity(int64(50), resource.BinarySI),
+					corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)),
+				},
 			),
-	)
+		).
+		WithSecurityContext(
+			corev1ac.SecurityContext().
+				WithCapabilities(
+					corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")),
+				).
+				WithAllowPrivilegeEscalation(false).
+				WithRunAsNonRoot(true).
+				WithSeccompProfile(
+					corev1ac.SeccompProfile().
+						WithType(corev1.SeccompProfileTypeRuntimeDefault),
+				),
+		)
+	if isImagePullPolicyConfigured {
+		initContainerApplyConfig.WithImagePullPolicy(spec.InitContainer.ImagePullPolicy)
+	}
+	statefulSetApplyConfig.Spec.Template.Spec.WithInitContainers(initContainerApplyConfig)
 }
 
 func (r *LightrunJavaAgentReconciler) patchStatefulSetAppContainers(lightrunJavaAgent *agentv1beta.LightrunJavaAgent, origStatefulSet *appsv1.StatefulSet, statefulSetApplyConfig *appsv1ac.StatefulSetApplyConfiguration) error {