chore: Update templates from Always to IfNotPresent for image_pull_policy

[rowansmithau]

Description

Change image_pull_policy from Always to IfNotPresent on Coder owned templates. Given these are a reference point for users and customers and they copy them into their own templates I think it makes sense to encourage the use of caching of images.

Type of Change

• New module
• New template
• Bug fix
• Feature/enhancement
• Documentation
• Other

Template Information

Path:

https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes-devcontainer
https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes-envbox
https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes

Testing & Validation

• Tests pass (bun test)
• Code formatted (bun fmt)
• Changes tested locally

Related Issues

None

[matifali]

if someone has build pipeline, where they regularly build an publish new images to a registry, will it not pull the stale image?

So may be we shoudl add a comment that

In CI/CD with frequent image updates, tag images uniquely and keep IfNotPresent.
If you rely on mutable tags like latest, set image_pull_policy: Always.

[rowansmithau]

if someone has build pipeline, where they regularly build an publish new images to a registry, will it not pull the stale image?

So may be we shoudl add a comment that

In CI/CD with frequent image updates, tag images uniquely and keep IfNotPresent.
If you rely on mutable tags like latest, set image_pull_policy: Always.

My thought was if someone has a build pipeline they should have a good understanding of their container runtime image pull policy and can set it appropriately for their use case. These are just example getting started templates for which the average Joe will use to begin using Coder, for which I don't feel like it makes sense to have the image pull policy default to Always. As it is, Always still results in a cached image being reused if present providing the sha/digest has not changed (by default), so this is really just us trying to be providing good guidance to users new to the concept.

[DevelopmentCats]

if someone has build pipeline, where they regularly build an publish new images to a registry, will it not pull the stale image?
So may be we shoudl add a comment that

In CI/CD with frequent image updates, tag images uniquely and keep IfNotPresent.
If you rely on mutable tags like latest, set image_pull_policy: Always.

My thought was if someone has a build pipeline they should have a good understanding of their container runtime image pull policy and can set it appropriately for their use case. These are just example getting started templates for which the average Joe will use to begin using Coder, for which I don't feel like it makes sense to have the image pull policy default to Always. As it is, Always still results in a cached image being reused if present providing the sha/digest has not changed (by default), so this is really just us trying to be providing good guidance to users new to the concept.

I do generally agree with what you are saying here because IfNotPresent is the default image_pull_policy which would be expected by most who are familiar with the default behaviour.

[matifali]

@rowansmithau is the goal here is to provide faster startups in general?

[rowansmithau]

@matifali it's more around trying to be a good steward of not having excessive / unnecessary API calls be the default behaviour for folks who use our templates / use our templates as a baseline. It would have the added benefit of either matching existing startup times (at worst) or reducing workspace startup time by a few ms/s because it wouldn't be making the call to Docker Hub / ghcr to check the sha (as it does with Always).

[matifali]

One important note is that the templates we bundle in and the one in the registry aren't synchronized yet.

There is a request to do that though.

cc: @david-fraley