Downloading binaries and containers

• Each node downloads binaries and container images on its own, which is.
• For K8s apps, pull policy is k8s_image_pull_policy: IfNotPresent.

There is also a “pull once, push many” mode as well:

• Override the download_run_once: True to download container images only oncethen push to cluster nodes in batches. The default delegate nodefor pushing images is the first kube-master.
• If your ansible runner node (aka the admin node) have password-less sudo anddocker enabled, you may want to define the download_localhost: True, whichmakes that node a delegate for pushing images while running the deployment withansible. This maybe the case if cluster nodes cannot access each over via sshor you want to use local docker images as a cache for multiple clusters.

Container images may be defined by its repo and tag, for example:andyshinn/dnsmasq:2.72. Or by repo and tag and sha256 digest:andyshinn/dnsmasq@sha256:7c883354f6ea9876d176fe1d30132515478b2859d6fc0cbf9223ffdc09168193.

The full list of available vars may be found in the download’s ansible role defaults.Those also allow to specify custom urls and local repositories for binaries and containerimages as well. See also the DNS stack docs for the related intranet configuration,so the hosts can resolve those urls and repos.

• At least foo_image_repo and foo_download_url as described before (i.e. in case of use of proxies to registries and binaries repositories, checksums and versions do not necessarily need to be changed).NB: Regarding foo_image_repo, when using insecure registries/proxies, you will certainly have to append them to the docker_insecure_registries variable in group_vars/all/docker.yml
• Depending on the
  • When container_manager=docker, docker_foo_repo_base_url, docker_foo_repo_gpgkey, dockerproject_bar_repo_base_url and dockerproject_bar_repo_gpgkey (where foo is the distribution and bar is system package manager)
  • When container_manager=crio, crio_rhel_repo_base_url