fix: default imagePullPolicy to IfNotPresent for air-gapped environments

[hippoley]

Summary

Fixes #94 — Pods fail to start in air-gapped / enterprise environments because Kubernetes defaults imagePullPolicy to Always for images tagged :latest.

Root Cause

defaultSystemImageSettings["openclaw"] resolves to ghcr.io/yuan-lab-llm/clawmanager-openclaw-image/openclaw:latest. When no explicit imagePullPolicy is set on the container spec, Kubernetes applies its default rule: :latest tag → Always. Nodes in air-gapped networks cannot reach ghcr.io, so the pod stays in ImagePullBackOff.

Changes

File	Change
pod_service.go	Add ImagePullPolicy field to PodConfig; default to IfNotPresent in CreatePod
instance_runtime.go	Add defaultImagePullPolicy() — reads IMAGE_PULL_POLICY env var, falls back to IfNotPresent
instance_service.go	Pass ImagePullPolicy in both CreateInstance and StartInstance pod config paths
instance_runtime_test.go	5 new tests: default value, env var override (Always/Never/IfNotPresent), whitespace fallback

Operator Configuration

Set the IMAGE_PULL_POLICY environment variable on the backend deployment to override the default:

Impact

• Air-gapped environments: pods now start successfully using locally cached images.
• Connected environments: behavior unchanged for non-:latest tags (K8s already defaults to IfNotPresent). For :latest tags, operators can set IMAGE_PULL_POLICY=Always to restore the previous behavior.
• Zero breaking changes: ImagePullPolicy is an additive struct field; callers that omit it get the safe default.

Testing

• All existing tests pass (zero regression)
• 5 new unit tests for defaultImagePullPolicy()
• Full build verified

[Iamlovingit]

/lgtm

[Iamlovingit]

@hippoley Thanks for your contributions !