Openshift Kubernetes Runner has a pull-if-not-present policy
Breaking out the notes from gitlab#290240 (comment 505944006) into this new issue.
It appears that the runner is using the default Kubernetes docker image pull policy pull-if-not-present
This is causing issues when images are updated, such as security analyzers, as old out of date images are used.
Documentation https://docs.gitlab.com/runner/security/index.html#usage-of-private-docker-images-with-if-not-present-pull-policy suggests that always
is preferred
I've tried setting this value in the Openshift console runner environment, this spins up a new runner pod which appears to pull a new image, but this is only because it is new, the environment variable does not persist and the image is reused afterwards.
At the very least we should document how to set this in the Openshift Runner yml.
cc @fcatteau