mirror of
https://github.com/containerd/containerd.git
synced 2026-06-24 08:48:48 +00:00
8f7c7fb447
The RunPodSandbox unconditionally pre-pulls the pause container image via ensurePauseImageExists() before starting any sandbox. However, only the "podsandbox" controller actually uses the pause image to create a pause container holding namespaces. Shim-based sandbox controllers (e.g. Kata Containers) manage the sandbox lifecycle entirely at the shim level and never reference the pause image. Add a DisablePauseImagePull flag to the Runtime config that gates ensurePauseImageExists(). When a sandboxer is not "podsandbox", the flag skips the unnecessary pre-pull, avoiding wasted network/storage overhead and reducing sandbox startup latency. The long-term direction is to offload image pulling entirely to the controller implementation (shim level); this flag is an incremental step toward that goal without introducing a breaking behavior change. Also add unit tests to verify that ensurePauseImageExists is only invoked for the "podsandbox" sandboxer and correctly skipped otherwise. Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>
