From 63e42283cee3517c825c74fcd7b1a440b29026cb Mon Sep 17 00:00:00 2001
From: Rowan Smith <rowan@coder.com>
Date: Thu, 23 Oct 2025 15:28:58 +1100
Subject: [PATCH] chore: Update templates from Always to IfNotPresent for
 image_pull_policy (#501)

## Description

Change `image_pull_policy` from `Always` to `IfNotPresent` on Coder
owned templates. Given these are a reference point for users and
customers and they copy them into their own templates I think it makes
sense to encourage the use of caching of images.

## Type of Change

- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other

## Template Information

**Path:**


https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes-devcontainer

https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes-envbox

https://github.com/coder/registry/tree/main/registry/coder/templates/kubernetes

## Testing & Validation

- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally

## Related Issues

None
---
 registry/coder/templates/kubernetes-devcontainer/main.tf | 4 ++--
 registry/coder/templates/kubernetes-envbox/main.tf       | 4 ++--
 registry/coder/templates/kubernetes/main.tf              | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf
index 5e36226d..d391c75a 100644
--- a/registry/coder/templates/kubernetes-devcontainer/main.tf
+++ b/registry/coder/templates/kubernetes-devcontainer/main.tf
@@ -264,7 +264,7 @@ resource "kubernetes_deployment" "main" {
         container {
           name              = "dev"
           image             = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image
-          image_pull_policy = "Always"
+          image_pull_policy = "IfNotPresent"
           security_context {
             privileged = true
           }
@@ -455,4 +455,4 @@ resource "coder_metadata" "container_info" {
     key   = "cache repo"
     value = var.cache_repo == "" ? "not enabled" : var.cache_repo
   }
-}
\ No newline at end of file
+}
diff --git a/registry/coder/templates/kubernetes-envbox/main.tf b/registry/coder/templates/kubernetes-envbox/main.tf
index e70ad2a3..98543d9c 100644
--- a/registry/coder/templates/kubernetes-envbox/main.tf
+++ b/registry/coder/templates/kubernetes-envbox/main.tf
@@ -152,7 +152,7 @@ resource "kubernetes_pod" "main" {
       name = "dev"
       # We highly recommend pinning this to a specific release of envbox, as the latest tag may change.
       image             = "ghcr.io/coder/envbox:latest"
-      image_pull_policy = "Always"
+      image_pull_policy = "IfNotPresent"
       command           = ["/envbox", "docker"]
 
       security_context {
@@ -310,4 +310,4 @@ resource "kubernetes_pod" "main" {
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/registry/coder/templates/kubernetes/main.tf b/registry/coder/templates/kubernetes/main.tf
index c72316ff..7d7c0aa8 100644
--- a/registry/coder/templates/kubernetes/main.tf
+++ b/registry/coder/templates/kubernetes/main.tf
@@ -287,7 +287,7 @@ resource "kubernetes_deployment" "main" {
         container {
           name              = "dev"
           image             = "codercom/enterprise-base:ubuntu"
-          image_pull_policy = "Always"
+          image_pull_policy = "IfNotPresent"
           command           = ["sh", "-c", coder_agent.main.init_script]
           security_context {
             run_as_user = "1000"