Pull Policies

Learn how to control pulling images in your pipeline.

Vela provides the ability to define how and when the images for secrets, steps, and services will be retrieved at runtime.


Below are the options for pull policies for container images

alwaysAlways attempt to pull image from registry, even if it exists locally. Best used when leveraging a mutable tag, such as latest
not_presentOnly attempt to pull image from registry if it does not already exist locally. This is the default behavior and is recommended for immutably tagged images.
on_startPull image from registry right before the step is to be executed. Can speed up build times if the step or service does not run on every build (e.g. failed build notifying plugins), can be leveraged when dealing with password rotation mid-build (e.g. Vault plugin), or can be used to pull an image that was created and published earlier in the build.
neverOnly use images that exist locally.


version: "1"
  - name: redis
    image: redis:latest
+   pull: always

  - name: check status
    image: alpine:latest
+   pull: not_present
      # you can use bash commands in-line to set or override variables
      - export EXAMPLE="Hello World From Vela Team"
      - echo ${EXAMPLE}

  - origin:
      name: private vault
      image: target/secret-vault:latest
+     pull: on_start
      secrets: [ vault_token ]
        addr: vault.example.com
        auth_method: token
        username: octocat
          - source: secret/docker
            path: docker


The following pipeline concepts are being used in the pipeline below: