Kubernetes: Pre-pull images into node (moved to: https://github.com/itaysk/kube-imagepuller )

prepull.yaml

###
# There's a newer version available here:
# https://github.com/itaysk/kube-imagepuller
# All future updates will be made there.
# Please also post you questions as issues on that repo instead of commenting here
###


apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
  name: prepull
  annotations:
    source: "https://gist.github.com/itaysk/7bc3e56d69c4d72a549286d98fd557dd"
spec:
  selector:
    matchLabels:
      name: prepull 
  template:
    metadata:
      labels:
        name: prepull 
    spec:
      initContainers:
      - name: prepull 
        image: docker
        command: ["docker", "pull", "hello-world"]
        volumeMounts:
        - name: docker
          mountPath: /var/run
      volumes:
      - name: docker
        hostPath:
          path: /var/run
      containers:
      - name: pause
        image: gcr.io/google_containers/pause

I just tried this on GCP but I am getting:

Error response from daemon: Head https://us-central1-docker.pkg.dev/v2/PROJECT_ID/...0.0.1: denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/PROJECT_ID/locations/us-central1/repositories/REPOSITORY" (or it may not exist)

The image does exist definitely, it's running on other nodes, so it appears that the DaemonSet simply does not have the permission to run docker pull. Any idea who I can make this work?

@itaysk also I was wondering if we could do something like this:

initContainers:
- name: prepull
  image:  "<image-url>"
  env:
    SHUTDOWN: "True"  # Signal your application to shutdown immediately

Basically, use the image that you would like to pull directly but set an environment variable to make sure your application shuts-down (or does never actually start). This way the image should get pulled too I guess?

Update: Okay, this appears to work but I'd prefer the other way. Using env is just a bit ugly.