-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update CRI to optionally use transfer service for image pull #8515
base: main
Are you sure you want to change the base?
Conversation
Hi @fangn2. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
a62e6ed
to
ed26de0
Compare
/ok-to-test |
ed26de0
to
3ed06cd
Compare
3ed06cd
to
88d975b
Compare
pkg/cri/server/image_pull.go
Outdated
return nil, fmt.Errorf("failed to pull and unpack image %q: %w", ref, err) | ||
} | ||
|
||
return &runtime.PullImageResponse{ImageRef: ref}, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need to update the image store.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for review! Will address it in the coming changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Just curious CRI currently maintain an in-memory image cache(there could be situations that the CRI image store and containerd image store are out of sync, like other clients e.g. ctr removed an image). Can we get rid of it by directly using contained image store?
fd0d0c3
to
113293b
Compare
45eaa5d
to
88e6abe
Compare
88e6abe
to
b47bf45
Compare
b47bf45
to
95e3822
Compare
CRI test failures seem related to the new (optional) image verifier service merged in #8493; the image verifier plugin is a required plugin for transfer plugin now and the error seems to be related to that? Seems you rebased, so I'm not sure what else has to change to make that work properly? Error:
|
95e3822
to
3faa50c
Compare
919d22b
to
97fd85e
Compare
f284191
to
9d693b1
Compare
cdd0772
to
cc07653
Compare
@@ -130,6 +130,11 @@ func init() { | |||
return nil, fmt.Errorf("no matching diff plugins: %w", errdefs.ErrNotFound) | |||
} | |||
|
|||
// If CheckPlatformSupported is false, we will match all platforms | |||
if !config.CheckPlatformSupported { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dmcgowan I added this config to transfer plugin to optionally not enforcing strict platform matching in unpackConfiguration platform, snapshotter
due to cri-tools pull test that pulls an image digest which is arm64 arch based.
This test failed on the CI with the default platform(amd64) and snapshotter combination.
Does it make sense to have such config here? or should we update containerd config file to pass the test in this case?
My understanding is with the defaultUnpackConfiguration, i.e. amd64,overlayfs
, transfer service doesn't allow unpacking different arch(arm64) of image other than the running platform unless we explicitly add that UnpackConfiguration arm64, overlayfs
to the supported platform. This is different with the client.pull approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We really need a better platform matcher for that case. For unpack configuration it should really be able to just match OS, the architecture does not matter too much for unpacker. Where is it enforcing this check today, if the image itself is pulled by digest.
ping @fangn2 ~ any update here? |
cc07653
to
173942a
Compare
173942a
to
de5e7fe
Compare
@fangn2 Are you still working on this? If not, I can help push this forward. |
bad8d2c
to
cbad8e6
Compare
Test are passing now.
|
/retest-required |
Signed-off-by: Tony Fang <nhfang@amazon.com>
Signed-off-by: Swagat Bora <sbora@amazon.com>
cbad8e6
to
ff50560
Compare
@@ -48,6 +48,7 @@ type registryOpts struct { | |||
creds CredentialHelper | |||
hostDir string | |||
defaultScheme string | |||
resolver remotes.Resolver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resolver is not serializable, what are the equivalent settings it needs to initialize it? It doesn't need to share resolvers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing this out @dmcgowan. I can modify the implementation to ensure the necessary settings are provided directly to initialize the registry.
I ran into issue with one setting where a pull request reporter was passed to the resolver in order to wrap the underlying http client and track active requests and bytes read. This is used to implement image pull progress timeout. I think I should be able to handle this using transfer.Progress. I can give that a try but let me know if you have any suggestion.
This PR is to update CRI to optionally use transfer service for image pull.
Part of #8227
ImagePullWithTransferService
to specify whether to use transfer service for image pullThe PR is still in progress, put out to for early review and utilize CI for integration tests.