Comments (6)
phillebaba
commented on June 26, 2024
1
I think that either solution would work. Right now Spegel will write the Containerd mirror configuration before starting, by mounting the host path. An API would work just as well but I would guess that it would be just more complicated. I have had requests to specifically support OpenShift which would also add a lot of other complexity in regards to security constraints that I have not looked at yet. I also know of vanilla Kubernetes users who are running cri-o on some or all nodes.
from cri-o.
haircommander
commented on June 26, 2024
1
Intersting idea! setting an inotify on the registry paths could work. Something to note: in the past, I have heard hesitation about updating registries without a drain/reboot because it hides potential misconfiguration in future pull image failures. Not opposed, just mentioning there may be cases where even if we do this, we still want to drain/reboot between updates to make sure misconfiguration is identified easier
from cri-o.
kwilczynski
commented on June 26, 2024
@phillebaba, thank you for getting in touch!
Just so we understand better. The ideal scenario would be when spegel drops a newly generated mirror configuration drop-in in a dot-d directory, and then CRI-O picks it up and reloads its internal state, correct? Or do you want to have an API of sorts to call?
Theoretically, we could have a directory watch and even support the current approach that containerd employs. I suppose this would be hidden behind some option to enable this feature.
from cri-o.
kwilczynski
commented on June 26, 2024
/kind feature
from cri-o.
phillebaba
commented on June 26, 2024
I do agree that debugging may become more challenging, I have at times had issues with mirror configurations in Containerd. We can divide misconfiguration into two categories, formatting errors, and incorrect values. Formatting errors would probably be the most common. When it occurs it could be ignored, with the mirror configuration not taking effect and the original registry being used and the error logged. Incorrect values would have the same behavior as it has today, the only difference being that the changes would take effect immediately instead of waiting for a restart.
from cri-o.
haircommander
commented on June 26, 2024
@phillebaba agreed! I think the delayed failure on incorrect value is the trouble. That said, it would end up being delayed with a reboot and IfNotPresent or Never pull policies anyway, so there's only so much we can do.
All that is to say, I'm interested in helping support this case. Do you have any interest adding support in cri-o for inotify based configuration reload @phillebaba ?
from cri-o.
Related Issues (20)
- Report the use of components with vulnerabilities cri-o HOT 1
- [Failing Test] [sig-network] DNS HostNetwork spec.Hostname field is silently ignored and the node hostname is used when hostNetwork is set to true for a Pod HOT 3
- add documentation for using cri-o with flatcar HOT 2
- [packit] Propose downstream failed for release v1.30.1 HOT 2
- crio v1.29.4 config reload does not update removed pinned_images HOT 7
- Failed to start the crio service with error message: " parse conmon version: No Major.Minor.Patch elements found" HOT 6
- Containers runs as a member of group should have its gid in /etc/group inside container HOT 6
- Can't install 1.28 HOT 4
- Add support for Supplemental Groups Policy HOT 3
- [packit] Propose downstream failed for release v1.30.2 HOT 2
- "Fix CVE-2024-3154" shows up in release notes for v1.29.5 and v1.29.4 HOT 10
- unable to run pod sandbox, sandbox container stopped immediately after creation for no apparent reason HOT 4
- RFC: how to support the use of encrypted containers in Confidential Containers HOT 9
- Consider using GitHub's native Arm-based Linux and Windows runners for GitHub Actions HOT 4
- KubeProxy test failing HOT 30
- Pod cannot be deleted due to missing container startup command HOT 2
- Enable OpenSSF Scorecard to enhance security practices across the project HOT 2
- Memory Growth Discrepancy: CRIO vs. Containerd handled Workloads 🐳🔍 HOT 4
- crictl -D image failed -> choosing image instance: no image found in manifest list for architecture arm64 ,variant "v8", OS linux HOT 14
- Refactor sandbox creation function arguments
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cri-o.