How to Force Kubernetes to Re-Pull an Image

Last updated: November 6, 2023

Reviewed by: Eric Martin

1. Overview

Kubernetes is a highly robust platform for orchestrating containers that are extensively employed to effectively manage and scale applications packaged within containers. To ensure application stability and security, it’s crucial to know how to force Kubernetes to re-pull an image when necessary. In this tutorial, we’ll explore various techniques that allow us to accomplish this task effectively.

2. Image Pull Policy

One way to force Kubernetes to re-pull an image is by setting the image pull policy. Kubernetes allows us to specify the image pull policy for each container in a pod. By default, Kubernetes uses the IfNotPresent policy, which only pulls the image if it is not already present on the node. However, we can force Kubernetes to always re-pull the image by setting the pull policy to Always in the container specification within our deployment manifest.

For instance, let’s define a Kubernetes Deployment named “my-app” that manages three replicas of a pod template with a single container named “my-container”. The container uses the “myregistry/my-image” Docker image with the “latest” tag and always pulls the image from the registry:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  template:
    spec:
      containers:
        - name: my-container
          image: myregistry/my-image:latest
          imagePullPolicy: Always

3. Image Tags

Updating the image tag is a powerful and straightforward method to trigger Kubernetes to pull a new version of an image. By modifying the tag associated with the image, Kubernetes recognizes it as a distinct image and initiates the process of pulling the updated version. This approach is particularly valuable when deploying specific image versions or when working with image repositories that utilize tags for versioning.

Let’s consider an example to illustrate this process.

Suppose we have a Deployment named my-app defined in Kubernetes, and within the Deployment, there’s a container named my-container that references an image named myregistry/my-image with the tag 2.0.0. Now, let’s say we want to update the image to a newer version, such as 2.1.0.

To accomplish this, we simply modify the tag value in the Deployment definition to 2.1.0:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  template:
    spec:
      containers:
        - name: my-container
          image: myregistry/my-image:2.1.0

Upon saving and applying the modified Deployment, Kubernetes detects the change in the image tag. It recognizes that the image tag has been updated to 2.1.0 and initiates the process of pulling the new version of the image from the container registry. Once the updated image is successfully pulled, Kubernetes automatically applies the changes to the running pods associated with the Deployment, ensuring that the application is now utilizing the latest image version.

This approach provides flexibility and control over the image update process. It allows for seamless integration of newer versions of container images into Kubernetes deployments without disrupting the overall application functionality.

By simply modifying the image tag, developers and operators can ensure that their applications always benefit from the latest features, bug fixes, and security patches provided by the updated container image.

4. Image Pull Secrets

In scenarios where we need to re-pull an image due to changes in credentials for accessing a private container registry, Kubernetes allows us to specify image pull secrets. When credentials change, creating a new image pull secret with updated credentials and associating it with our deployment can trigger Kubernetes to re-pull the image.

Let’s consider the following YAML file example that defines a secret:

apiVersion: v1
kind: Secret
metadata:
  name: my-registry-secret
  type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <base64-encoded credentials>
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  template:
    spec:
      containers:
        - name: my-container
          image: myregistry/my-image:latest
      imagePullSecrets:
        - name: my-registry-secret

Now, consider the scenario where the development team is constructing a sophisticated microservices-based application that depends on container images residing in a private registry.

To successfully deploy this application on a Kubernetes cluster, the team would define an ImagePullSecret encompassing the essential authentication details, such as username and password or an access token. Subsequently, they would associate this secret with the appropriate Pods or Service Accounts responsible for pulling the container images.

With the ImagePullSecret accurately configured, the Kubernetes cluster autonomously retrieves the necessary credentials during deployment, establishing a secure authentication process with the private registry to acquire the required container images.

This robust approach guarantees seamless access to the restricted images, thereby ensuring smooth and reliable operation within the Kubernetes environment.

5. Image Stream in OpenShift

In OpenShift, the ImageStream feature streamlines the management and updating of container images within application deployments. Functioning as an abstraction layer, ImageStream enables modification of image metadata without altering the image name, facilitating seamless updates without disrupting the deployment process.

When the associated tag has been modified, OpenShift and Kubernetes will be prompted to fetch the updated image. When a new image is pushed to the registry, OpenShift compares the metadata with the existing version. If the tag has changed, OpenShift recognizes it as a new iteration and automatically updates the ImageStream. Consequently, any deployments referencing the ImageStream will incorporate the latest image version during subsequent deployment or rollout.

The benefits of ImageStream are manifold. It simplifies image updates by necessitating modifications solely to the ImageStream tag, minimizing configuration errors and saving time. Moreover, it ensures consistency across deployments, guaranteeing that all applications reliant on the ImageStream adopt the same updated image version.

Additional advanced features, such as rollback and automatic pruning, further enhance the management process. Rollback facilitates easy reversion to a previous image version, while automatic pruning optimizes storage usage by removing older iterations.

To illustrate its usage, let’s consider another example YAML file:

apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
  name: my-image-stream
spec:
  tags:
    - name: latest
      from:
        kind: DockerImage
        name: myregistry/my-image:2.1.0

In this example, the YAML file defines an ImageStream named my-app-image with a tag named latest. The tag specifies the source as a Docker image located at registry.example.com/my-app:latest. Updating the ImageStream’s tag to a new version triggers OpenShift to pull the updated image and automatically deploy it across the cluster.

In summary, ImageStream in OpenShift simplifies image management by abstracting the image name and enabling easy modification of metadata. It streamlines the update process, ensures consistency across deployments, and offers features like rollback and automatic pruning.

6. Using Rolling Updates

Kubernetes supports rolling updates, which provide a mechanism for updating our application deployment gradually. During a rolling update, Kubernetes creates a new replica set with the updated image while gradually scaling down the old replica set. This approach ensures that all instances of our application use the latest image. Rolling updates also offer the ability to roll back to the previous version if any issues arise during the update process.

The command below illustrates how we can edit a deployment by rolling update:

$ kubectl set image deployment/my-app my-container=myregistry/my-image:2.1.0
deployment/my-app image updated

7. Conclusion

In this article, we’ve explored several methods to force Kubernetes to re-pull an image. By understanding the importance of image re-pulling and applying the appropriate techniques, we can ensure that our applications are up to date with the latest versions and incorporate critical bug fixes or security patches.

We discussed the usage of ImagePullPolicy, updating image tags, employing ImagePullSecrets, leveraging ImageStream in OpenShift, and utilizing rolling updates.

By setting the image pull policy to Always or updating the image tag, we can prompt Kubernetes to fetch the latest image from the container registry. Furthermore, if there are changes in the credentials required to access the registry, using image pull secrets is an effective method to trigger a re-pull.

OpenShift users can take advantage of the ImageStream feature to manage image updates without modifying the image name. Finally, rolling updates provide a controlled and gradual process for updating deployments while ensuring application availability.

We need to choose the method that aligns with our specific requirements and environment. By following these techniques, we can maintain the reliability, security, and efficiency of our containerized applications in Kubernetes.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.