Kubernetes executor missing default pull policy fallback

Summary

When using the Kubernetes executor, if allowed_pull_policies is specified in the config.toml without pull_policy being specified in the config.toml or .gitlab-ci.yml, it results in the following error: pull_policy ([]) defined in Runner config (default) is not one of the allowed_pull_policies ([Always IfNotPresent]) (Always IfNotPresent will differ depending on the policies configured in allowed_pull_policies, of course. In the Kubernetes executor documentation, it states, "If you don’t specify pull_policy, the cluster’s image default pull policy is used." However, the existing gitlab-runner code seems to suggest that this won't actually happen. There isn't a process to fall back to Kubernetes' default pull policy if no explicit pull_policy is set in the config.toml or .gitlab-ci.yml. Instead, it results in an empty pull policy ([]), which triggers the error.

Steps to reproduce

  1. Configure a GitLab instance with a Kubernetes executor
  2. In the config.toml, configure allowed_pull_policies, but do not include a line for pull_policy
  3. Do not include a pull_policy line in the job's .gitlab-ci.yml either.
  4. The job will fail with the error mentioned above.

What is the current bug behavior?

When using the Kubernetes executor, if allowed_pull_policies is specified in the config.toml without pull_policy being specified in the config.toml or .gitlab-ci.yml, it results in the following error: pull_policy ([]) defined in Runner config (default) is not one of the allowed_pull_policies ([Always IfNotPresent]) (Always IfNotPresent will differ depending on the policies configured in allowed_pull_policies, of course.

What is the expected correct behavior?

In the Kubernetes executor documentation, it states, "If you don’t specify pull_policy, the cluster’s image default pull policy is used.". This is the expected behavior.

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Implementation Guide

Unlike DockerConfig.GetPullPolicies which returns a default of always is none was specified, KubernetesConfig.GetPullPolicies returns "", which is meant to indicate that the cluster's default pull policy should be used. However, the value of "" causes verifyPullPolicies to fail. We could Update verifyPullPolicies to check for and allow an empty pullPolicies.

Edited by Axel von Bertoldi