From 4796606432e4931da1401f3c954ed2fbb8195573 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 25 Apr 2026 23:30:20 +0000
Subject: [PATCH] fix: warm Rancher child images on all nodes

---
 .gitea/workflows/deploy.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index a5cc1fc..a0a888f 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -611,12 +611,49 @@ jobs:
             exit 1
           }
 
+          pull_image_on_node() {
+            local image="$1"
+            local host_ip="$2"
+            local attempts="$3"
+            local sleep_seconds="$4"
+            local pulled=false
+
+            for attempt in $(seq 1 "${attempts}"); do
+              echo "Pre-pulling ${image} on ${host_ip} (${attempt}/${attempts})"
+              if ssh -i "$HOME/.ssh/id_ed25519" -o StrictHostKeyChecking=no -o ConnectTimeout=10 "ubuntu@${host_ip}" \
+                "sudo k3s crictl inspecti '${image}' >/dev/null 2>&1 || (sudo k3s crictl pull '${image}' && sudo k3s crictl inspecti '${image}' >/dev/null 2>&1)"; then
+                pulled=true
+                break
+              fi
+              sleep "${sleep_seconds}"
+            done
+
+            if [ "${pulled}" != "true" ]; then
+              echo "Failed to pre-pull required Rancher image ${image} on ${host_ip}" >&2
+              exit 1
+            fi
+          }
+
+          pull_image_on_all_nodes() {
+            local image="$1"
+            local ips
+            ips="$(python3 -c 'import json; outputs=json.load(open("outputs/terraform_outputs.json")); print(" ".join(outputs["control_plane_ips"]["value"] + outputs["worker_ips"]["value"]))')"
+
+            for ip in ${ips}; do
+              pull_image_on_node "${image}" "${ip}" 45 10
+            done
+          }
+
           echo "Waiting for Rancher..."
           wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-rancher 600
           kubectl -n flux-system annotate kustomization/addon-rancher reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite
           wait_for_resource flux-system helmrelease.helm.toolkit.fluxcd.io/rancher 600
           reconcile_helmrelease rancher
           wait_for_helmchart_ready flux-system-rancher rancher 180s 5
+          pull_image_on_all_nodes rancher/rancher:v2.13.3
+          pull_image_on_all_nodes rancher/shell:v0.6.2
+          pull_image_on_all_nodes rancher/rancher-webhook:v0.9.3
+          pull_image_on_all_nodes rancher/system-upgrade-controller:v0.17.0
           wait_for_helmrelease_ready rancher cattle-system 900
           wait_for_resource "" namespace/cattle-system 600
           wait_for_resource cattle-system deployment/cattle-system-rancher 600