Git Product home page Git Product logo

acceleration-service's Introduction

Acceleration Service

Acceleration Service provides a general service to Harbor with the ability to automatically convert user images to accelerated images. When a user does something such as artifact push, Harbor will request the service to complete the corresponding image conversion through its integrated Nydus, eStargz, etc. drivers.

Release Version Docker Pulls Integration Test Concurrent Test Webhook Test

See more details in the design doc.

Quickstart

GETTING STARTED

Get Harbor

Deploy a local harbor service if you don't have one, please refer to the harbor documentation.

Get binaries from release page

Currently, Acceleration Service includes the following tools:

  • An acceld daemon to work as an HTTP service to handle image conversion requests from harbor or accelctl.
  • An accelctl CLI tool to manage acceleration service (acceld) and can do image conversion in one-time mode.

Get accelctl and acceld binaries from acceleration-service release.

Configuration

Configure Habor

  1. Login to the Harbor web interface.

  2. Select one project and add a new Webhook configuration with the following fields:

    • Notify Type: choose HTTP
    • Event Type: Enable artifact pushed
    • Endpoint URL: <acceleration service address>/api/v1/conversions
    • Auth Header: <configured in acceleration service>

    Note: The webhook can help to convert images automatically by acceleration service. Also you can trigger an image conversion task by sending an HTTP request manually or using accelctl.

  3. Create a system robot account with following fields:

    • Expiration time: <by your choice>
    • Reset permissions: select Push Artifact, Pull Artifact, Create Tag

    When you get the robot account robot$<robot-name>, please copy the secret and generate a base64 encoded auth string like this:

    $ echo -n '<robot-name>:<robot-secret>' | base64

    Note: the encoded auth string will be used in configuring acceleration service on the next step.

Configure Acceleration Service

  1. Copy the template config file.
  2. Modify the config file.
    • Change provider.source with your own harbor service hostname, the auth and webhook.auth_header should also be configured as the one generated by the above step.
    • Change settings in the converter.driver filed according to your requirements.

    Please follow the comments in the template config file.

Convert Image with Acceleration Service

Convert by acceld service

  1. Boot acceld daemon in config file directory 
    $ ./acceld --config ./config.yaml
  2. Trigger image conversion
    • Push an image to trigger webhook.
    $ docker push <harbor-service-address>/library/nginx:latest
    • Convert manually by accelctl CLI tool.

    Please make sure the source OCI v1 images exist in your harbor registry.

    $ ./accelctl task create <harbor-service-address>/library/nginx:latest
    Or you can create a conversion task over the HTTP API by curl. Please refer to the development document. 
    $ curl --location 'http://<acceleration-service-address>/api/v1/conversions?sync=$snyc' \
    --header 'Content-Type: application/json' \
    --data '{
        "type": "PUSH_ARTIFACT",
        "event_data": {
            "resources": [
                {
                    "resource_url": "<harbor-service-address>/dfns/alpine:latest"
                }
            ]
        }
    }
    '

One-time mode

One-time mode allows to do a conversion without starting the acceld service, using accelctl like this:

$ ./accelctl convert --config ./config.yaml 192.168.1.1/library/nginx:latest

INFO[2022-01-28T03:39:28.039029557Z] pulling image 192.168.1.1/library/nginx:latest     module=converter
INFO[2022-01-28T03:39:28.075375146Z] pulled image 192.168.1.1/library/nginx:latest      module=converter
INFO[2022-01-28T03:39:28.075530522Z] converting image 192.168.1.1/library/nginx:latest  module=converter
INFO[2022-01-28T03:39:29.561103924Z] converted image 192.168.1.1/library/nginx:latest-nydus  module=converter
INFO[2022-01-28T03:39:29.561197593Z] pushing image 192.168.1.1/library/nginx:latest-nydus  module=converter
INFO[2022-01-28T03:39:29.587585066Z] pushed image 192.168.1.1/library/nginx:latest-nydus  module=converter

Check Converted Image

You can see the converted image and source oci image in the some repo, they have different tag suffix.

Documentation

acceleration-service's People

Contributors

changweige avatar dependabot[bot] avatar desiki-high avatar gawsoftpl avatar hsiangkao avatar imeoer avatar ktock avatar liubin avatar liubogithub avatar loheagn avatar perseidmeteor avatar rajpratik71 avatar steven-zou avatar taoohong avatar yawqi avatar zyfjeff avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ekmixon imeoer isgasho ktock liubin yawqi zyfjeff changweige power-more container-projects loheagn sctb512 desiki-high taoohong perseidmeteor mofishzz hyy0322 lijianfeng1993 web-logs2 cheril oliverbaehler gawsoftpl zhonglin6666 ravikantcool2023

acceleration-service's Issues

Handle highly concurrent conversion tasks

These errors are likely to be thrown when acceld is handling highly concurrent conversion tasks:

convert in worker: convert image: failed commit on ref "converter-write-json-sha256:xxx": commit failed: rename /var/root/io.containerd.content.v1.content/ingest/yyy/data /var/root/io.containerd.content.v1.content/blobs/sha256/xxx: no such file or directory: unknown

convert in worker: push image: content digest sha256:zzz: not found

And containerd get locks slows down each task, containerd logs:

ERRO[2022-07-11T10:28:16.564583960Z] (*service).Write failed                       error="rpc error: code = Unavailable desc = ref default/1/convert-estargz-from-sha256:xxx locked for 5.41890936s (since 2022-07-11 10:28:10.633991309 +0000 UTC m=+98.894109053): unavailable" ref="convert-estargz-from-sha256:xxx"

Reproduciable steps:

  1. acceld --config ./misc/config.yaml.estargz.tmpl
  2. create a batch of conversion tasks:
for i in (seq 1 50)                                                                                                                                                                                                             
   accelctl task create localhost/busybox:latest
end

Task status and worker persistent

  • Persistent task worker queues, for failure recovery.
  • Add the ability to query the status of conversion tasks.
  • How we can get notification of conversion completion?

[Feature] Add integration testing to github action

Add a complete integration test to test the workflow from webhook trigger to image conversion completion, as follow:

  • Boot harbor service and configure the webhook (to simplify the test, we can also build a webhook request manually).
  • Boot containerd service.
  • Boot acceleration service.
  • Trigger a webhook request and wait for the image conversion to complete.
  • Use a checker tool provided by the driver to ensure the correctness of the acceleration image.

[Feature] Provide a CLI tool to trigger image conversion

Provides a CLI tool that allows the user to manually trigger image conversion.

  • Trigger the conversion of one or more specified source images.
  • Allow waiting until an image conversion is complete.
  • Query the queue of conversion tasks and the status of a task.

[Feature] Support daemonless mode

Some users want to do a one-time image conversion without starting acceld service, so we can provide a daemonless mode that allows accelctl to convert images locally:

accelctl convert --config /path/to/config.yaml localhost/library/nginx:latest

Add annotation for acceleration image

Add annotations to the converted image manifest/index:

{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "digest": "sha256:563fad1f51cec2ee4c972af4bfd7275914061e2f73770585cfb04309cb5e0d6b",
    "size": 523
  },
  "layers": [
    {
      "mediaType": "...",
      "digest": "sha256:b413839e4ee5248697ef30fe9a84b659fa744d69bbc9b7754113adc2b2b6bc90",
      "size": 40712206
    },
    {
      "mediaType": "...",
      "digest": "sha256:b6a85be8248b0d3c2f0565ef71d549f404f8edcee1ab666c9871a8e6d9384860",
      "size": 441
    }
  ],
  annotation:{
    "io.goharbor.artifact.v1alpha1.acceleration.type": "nydus"
    "io.goharbor.artifact.v1alpha1.acceleration.source.digest": "sha256:dbad66bcfe29ef383157a3e122acbd08cd2ebd40f5658afa2ae62c52ffe26e9f"
  }
}

"io.goharbor.artifact.v1alpha1.acceleration.type": "nydus"

The type annotation is used to identify different accelerated image formats in harbor.

  • "io.goharbor.artifact.v1alpha1.acceleration.source.digest": "sha256:dbad66bcfe29ef383157a3e122acbd08cd2ebd40f5658afa2ae62c52ffe26e9f"

The digest annotation is used to reference the source image, which can be used to avoid duplicate conversion.

These two annotations can also be used to display icons of acceleration images on the harbor portal, and to track the relationship between source image and acceleration image.

support remote cache for driver

Image layers that have already been converted should be cached to avoid being converted twice to speed up acceleration.

We can implement an LRU hash table that records the relationship from the digest of the source image layer to the digest of
acceleration image layer, and store that hash table at some location (for example image manifest).

crash when trying to convert image manually

./acceleration-service/accelctl task create anonymous/hub.docker.com/library/nginx

2024-01-15T14:17:52.105500000Z time="2024-01-15T14:17:52.103805662Z" level=info msg="POST /api/v1/conversions 200 9.432762ms 587>5bytes 172.23.0.1" module=api
2024-01-15T14:17:52.105670000Z time="2024-01-15T14:17:52.104344145Z" level=info msg="pulling image anonymous/hub.docker.com/library/nginx@sha256:35a707bebd92e639a71fec1d5b344a4eb00f113123e38c54a5b84962928f5d08" module=converter
2024-01-15T14:17:52.139351000Z time="2024-01-15T14:17:52.139156808Z" level=info msg="received webhook request from 172.23.0.1:39324" module=api
2024-01-15T14:17:52.168598000Z time="2024-01-15T14:17:52.168251079Z" level=info msg="POST /api/v1/conversions 200 29.081074ms 587>5bytes 172.23.0.1" module=api
2024-01-15T14:17:52.208599000Z time="2024-01-15T14:17:52.208307144Z" level=info msg="received webhook request from 172.23.0.1:39336" module=api
2024-01-15T14:17:52.245770000Z time="2024-01-15T14:17:52.245372522Z" level=info msg="POST /api/v1/conversions 200 37.047493ms 587>5bytes 172.23.0.1" module=api
2024-01-15T14:17:52.276090000Z time="2024-01-15T14:17:52.275572672Z" level=info msg="received webhook request from 172.23.0.1:39340" module=api
2024-01-15T14:17:52.288114000Z time="2024-01-15T14:17:52.287599582Z" level=warning msg="reference for unknown type: application/vnd.in-toto+json" digest="sha256:6a977dec78ebd58b02ad596d5b14c68ace7c3989c944a63ea601082399ff215b" mediatype=application/vnd.in-toto+json size=30079
2024-01-15T14:17:52.288294000Z time="2024-01-15T14:17:52.287710912Z" level=warning msg="reference for unknown type: application/vnd.in-toto+json" digest="sha256:b5c71c53363f4930c0c81a63d5e5e4aa4681e7f3c9b5f24771065f4aef5dbe24" mediatype=application/vnd.in-toto+json size=2552722
2024-01-15T14:17:52.293492000Z time="2024-01-15T14:17:52.292947803Z" level=info msg="POST /api/v1/conversions 200 17.353913ms 587>5bytes 172.23.0.1" module=api
2024-01-15T14:17:52.300763000Z time="2024-01-15T14:17:52.300587106Z" level=info msg="GET /api/v1/conversions 200 1.047785ms 0>3366bytes 127.0.0.1" module=api
2024-01-15T14:17:52.313416000Z time="2024-01-15T14:17:52.313054485Z" level=warning msg="reference for unknown type: application/vnd.in-toto+json" digest="sha256:b4667fb61a2a6ef3fed1bcdfd9dbffa022ed66416bf918fbb01f276e17ff96f5" mediatype=application/vnd.in-toto+json size=30166
2024-01-15T14:17:52.313651000Z time="2024-01-15T14:17:52.313259913Z" level=warning msg="reference for unknown type: application/vnd.in-toto+json" digest="sha256:0aee1be3dc624ed7f544d15327ad2e15b3f261028f95ba6e813182a2f90295bb" mediatype=application/vnd.in-toto+json size=2563209
2024-01-15T14:17:52.438790000Z time="2024-01-15T14:17:52.438478099Z" level=warning msg="reference for unknown type: application/vnd.in-toto+json" digest="sha256:f240738a2112072c68bee74bbebb78259b42bdf846b9d9e367e304f2107adde6" mediatype=application/vnd.in-toto+json size=29954
2024-01-15T14:17:52.552566000Z time="2024-01-15T14:17:52.551780936Z" level=info msg="pulled image anonymous/hub.docker.com/library/nginx@sha256:3bd66d9f2dde2fef40a4e8957a06fb42976137eb337e7496cdc3957220ca2c5a , elapse 505.835195ms" module=converter
2024-01-15T14:17:52.552715000Z time="2024-01-15T14:17:52.551823497Z" level=info msg="converting image anonymous/hub.docker.com/library/nginx@sha256:3bd66d9f2dde2fef40a4e8957a06fb42976137eb337e7496cdc3957220ca2c5a" module=converter
2024-01-15T14:17:52.565620000Z time="2024-01-15T14:17:52.565151773Z" level=info msg="pulled image anonymous/hub.docker.com/library/nginx@sha256:ef7877a6114bccf081ac21439438b699779fbe111940fb1352cabee5b5e92b38 , elapse 483.398754ms" module=converter
2024-01-15T14:17:52.565767000Z time="2024-01-15T14:17:52.565203265Z" level=info msg="converting image anonymous/hub.docker.com/library/nginx@sha256:ef7877a6114bccf081ac21439438b699779fbe111940fb1352cabee5b5e92b38" module=converter
2024-01-15T14:17:52.621251000Z time="2024-01-15T14:17:52.620945645Z" level=info msg="pulled image anonymous/hub.docker.com/library/nginx@sha256:35a707bebd92e639a71fec1d5b344a4eb00f113123e38c54a5b84962928f5d08 , elapse 477.061265ms" module=converter
2024-01-15T14:17:52.621424000Z time="2024-01-15T14:17:52.620993021Z" level=info msg="converting image anonymous/hub.docker.com/library/nginx@sha256:35a707bebd92e639a71fec1d5b344a4eb00f113123e38c54a5b84962928f5d08" module=converter
2024-01-15T14:17:52.638219000Z panic: runtime error: invalid memory address or nil pointer dereference
2024-01-15T14:17:52.638558000Z
2024-01-15T14:17:52.638653000Z runtime/debug.Stack()
2024-01-15T14:17:52.638711000Z /usr/lib/golang/src/runtime/debug/stack.go:24 +0x7a
2024-01-15T14:17:52.638785000Z golang.org/x/sync/singleflight.newPanicError({0x2044c60, 0x2aadcd0})
2024-01-15T14:17:52.638857000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:44 +0x45
2024-01-15T14:17:52.638943000Z golang.org/x/sync/singleflight.(*Group).doCall.func2.1()
2024-01-15T14:17:52.639099000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:193 +0x5b
2024-01-15T14:17:52.639187000Z panic({0x2044c60, 0x2aadcd0})
2024-01-15T14:17:52.639252000Z /usr/lib/golang/src/runtime/panic.go:890 +0x262
2024-01-15T14:17:52.639311000Z github.com/goharbor/acceleration-service/pkg/converter.(*Metric).imageSize(0xc00053b3b0, {0x2313be8, 0xc000657d10}, {0x2318aa0, 0xc000100460}, 0x0, {0x2310cb0, 0x2b7aee0})
2024-01-15T14:17:52.639417000Z /root/acceleration-service/pkg/converter/metric.go:61 +0x92
2024-01-15T14:17:52.639515000Z github.com/goharbor/acceleration-service/pkg/converter.(*Metric).SetTargetImageSize(0xc00053b3b0, {0x2313be8, 0xc000657d10}, 0xc000135740, 0x0)
2024-01-15T14:17:52.639570000Z /root/acceleration-service/pkg/converter/metric.go:44 +0xd8
2024-01-15T14:17:52.639777000Z github.com/goharbor/acceleration-service/pkg/converter.(*Converter).Convert(0xc000135740, {0x2313be8, 0xc000657d10}, {0xc002724c80, 0x7f}, {0xc00031b0e0, 0x43}, {0x0, 0x0})
2024-01-15T14:17:52.639884000Z /root/acceleration-service/pkg/converter/converter.go:163 +0x15aa
2024-01-15T14:17:52.639962000Z github.com/goharbor/acceleration-service/pkg/adapter.(*LocalAdapter).Convert(0xc0003ad2f0, {0x2313be8, 0xc000657d10}, {0xc00085e580, 0x7f})
2024-01-15T14:17:52.640045000Z /root/acceleration-service/pkg/adapter/adapter.go:130 +0x69a
2024-01-15T14:17:52.640119000Z github.com/goharbor/acceleration-service/pkg/adapter.(*LocalAdapter).Dispatch.func2.1.1()
2024-01-15T14:17:52.640227000Z /root/acceleration-service/pkg/adapter/adapter.go:164 +0xbc
2024-01-15T14:17:52.640360000Z github.com/goharbor/acceleration-service/pkg/metrics.(*OpWrapper).OpWrap(0xc0001250b0, 0xc00230db88, {0xc000725b50, 0x1, 0x1})
2024-01-15T14:17:52.640423000Z /root/acceleration-service/pkg/metrics/metrics.go:82 +0x9c
2024-01-15T14:17:52.640475000Z github.com/goharbor/acceleration-service/pkg/adapter.(*LocalAdapter).Dispatch.func2.1()
2024-01-15T14:17:52.640517000Z /root/acceleration-service/pkg/adapter/adapter.go:163 +0x133
2024-01-15T14:17:52.640569000Z golang.org/x/sync/singleflight.(*Group).doCall.func2(0xc000725c97, 0xc000101040, 0xc00230df08)
2024-01-15T14:17:52.640616000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:198 +0xc8
2024-01-15T14:17:52.640690000Z golang.org/x/sync/singleflight.(*Group).doCall(0x2b3e430, 0xc000101040, {0xc00085e580, 0x7f}, 0xc00230df08)
2024-01-15T14:17:52.640849000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:200 +0x15c
2024-01-15T14:17:52.640900000Z golang.org/x/sync/singleflight.(*Group).Do(0x2b3e430, {0xc00085e580, 0x7f}, 0xc00230df08)
2024-01-15T14:17:52.640971000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:113 +0x385
2024-01-15T14:17:52.641087000Z github.com/goharbor/acceleration-service/pkg/adapter.(*LocalAdapter).Dispatch.func2()
2024-01-15T14:17:52.641154000Z /root/acceleration-service/pkg/adapter/adapter.go:162 +0xe5
2024-01-15T14:17:52.641207000Z github.com/goharbor/acceleration-service/pkg/adapter.NewWorker.func1()
2024-01-15T14:17:52.641356000Z /root/acceleration-service/pkg/adapter/worker.go:44 +0x5d
2024-01-15T14:17:52.641414000Z created by github.com/goharbor/acceleration-service/pkg/adapter.NewWorker
2024-01-15T14:17:52.641502000Z /root/acceleration-service/pkg/adapter/worker.go:41 +0x13e
2024-01-15T14:17:52.641574000Z
2024-01-15T14:17:52.641618000Z
2024-01-15T14:17:52.641666000Z goroutine 30 [running]:
2024-01-15T14:17:52.641714000Z golang.org/x/sync/singleflight.(*Group).doCall.func1()
2024-01-15T14:17:52.641797000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:170 +0x4b5
2024-01-15T14:17:52.641861000Z golang.org/x/sync/singleflight.(*Group).doCall(0x2b3e430, 0xc000101040, {0xc00085e580, 0x7f}, 0xc00230df08)
2024-01-15T14:17:52.641910000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:205 +0x173
2024-01-15T14:17:52.641957000Z golang.org/x/sync/singleflight.(*Group).Do(0x2b3e430, {0xc00085e580, 0x7f}, 0xc00230df08)
2024-01-15T14:17:52.642013000Z /root/go/pkg/mod/golang.org/x/[email protected]/singleflight/singleflight.go:113 +0x385
2024-01-15T14:17:52.642079000Z github.com/goharbor/acceleration-service/pkg/adapter.(*LocalAdapter).Dispatch.func2()
2024-01-15T14:17:52.642225000Z /root/acceleration-service/pkg/adapter/adapter.go:162 +0xe5
2024-01-15T14:17:52.642276000Z github.com/goharbor/acceleration-service/pkg/adapter.NewWorker.func1()
2024-01-15T14:17:52.642321000Z /root/acceleration-service/pkg/adapter/worker.go:44 +0x5d
2024-01-15T14:17:52.642378000Z created by github.com/goharbor/acceleration-service/pkg/adapter.NewWorker
2024-01-15T14:17:52.642425000Z /root/acceleration-service/pkg/adapter/worker.go:41 +0x13e
2024-01-15T14:17:53.917939000Z time="2024-01-15T14:17:53.917486234Z" level=info msg="Version: v0.0.10-36-gfb1bf94 fb1bf94.20240115.1201\n"
2024-01-15T14:17:54.043654000Z time="2024-01-15T14:17:54.043445176Z" level=info msg="[API] HTTP server started on 0.0.0.0:2077"

bug: gc clear blobs unexpeted

Background

Gc will clear blobs by lease manager, lease manager will clear lease by lease cache. Lease will be updated in commit and read of each blob.
When acceld work in multithread conversion with different jobs, some task can not find the blob locally.

time="2023-08-21T06:18:38.55829375Z" level=warning msg="failed to set containerd.io/uncompressed label for sha256:52d2b7f179e32b4cbd579ee3c4958027988f9a8274850ab0c7c24661e3adaac5" error="content digest sha256:52d2b7f179e32b4cbd579ee3c4958027988f9a8274850ab0c7c24661e3adaac5: not found"
time="2023-08-21T06:18:38.55838805Z" level=error msg="convert in worker: convert image: content digest sha256:fd9f026c631046113bd492f69761c3ba6042c791c35a60e7c7f3b8f254592daa: not found"

Reproduce

  1. boot acceld.
  2. prepare images.
  3. use accelctl create different tasks.
images=("nginx" "alpine" "busybox")
for image in ${images[@]}; do
   ./accelctl task create localhost/library/$image:latest
done

Reason

When acceld converts multiple images with large size differences, for example : alpine and WordPress. Obviously alpine will finish the task first, and WordPress is still in the pulling phase. If alpine triggers gc(decide by configuration), GC will clear the blobs of WordPress because the lease of WordPress blob had cached in lease and only used once(in commit).

content store wrapped incompletely

content store wrapped containerd Content Store. But unfortunately, if we use the provider. contentStore() method to obtain the store, it will call db. contentStore(), which is another layer of wrap on the containerd content Store.

Then the methods like Info(), Update() we called is not the the methods we wrapped in content store.

Enhance service robustness

  • Retry (network failed on pulling or pushing).
  • Support Multi-platform source images.
  • Worker concurrency limitation.
  • And more...

Multiple manifest handling

There might be multiple manifests within an image, and looks like acceld tries to convert every manifest in the manifest list of image index file.

acceleration-service/pkg/driver/nydus/nydus.go

Line 170 in a77d7f6

for _, srcDesc := range descs {

However, currently acceld only pulls the first manifest, as shown

acceleration-service/pkg/content/content.go

Line 91 in a77d7f6

func (pvd *LocalProvider) Pull(ctx context.Context, ref string) error {

IIUC, we just need to convert once as all manifests are supposed to refer to the exact same content, what do you think?

Harbor - Integrate to demo.goharbor.io

Add acceleration service to demo.goharbor.io, allowing users to experience the entire workflow of the harbor acceleration service and Nydus or eStargz, etc.

Deployment Notes

Just adding some deployment considerations. The service works quite well and we are happy with the result. I would like to add that:

  • It is a bit cumbersome for the user to setup this on their side as a per project webhook and the service could use an integration similar to what trivy has currently
  • We where sad to know that you cannot replace the image being converted with the resulting estargz(ed) image as the 'drop_suffic' does not accept a BLANK input. Not sure there are some concurrency aspects to why this is this way, but this would be a very usefull addition

Lastly, leaving my procedure down here for someone following at home:

  1. Compile the accelerator image from the project
git clone https://github.com/goharbor/acceleration-service
cd acceleration-service && make release-image
  1. Setup the cluster deployment
cat charts/cci-container-infra/templates/acceleration-service.yaml 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: harbor-acceleration-config
  namespace: staging
  labels:
    app: harbor-acceleration-service
data:
  config.yaml: |
    # http related config
    server:
      name: API
      # listened host for http
      host: 0.0.0.0
      # port for http
      port: 2077
    
    metric:
      # export metrics on `/metrics` endpoint
      enabled: true
    
    provider:
      source:
        # hostname of harbor service
        registry-staging.foo.bar:
          # base64 encoded `<robot-name>:<robot-secret>` for robot
          # account created in harbor
          auth: SOME_AUTH
          # use http registry communication
          insecure: false
          webhook:
            # webhook request auth header configured in harbor
            auth_header: header
      containerd:
        # ensure containerd service listening on this address
        address: /run/containerd/containerd.sock
        snapshotter: overlayfs
    
    converter:
      # number of worker for executing conversion task
      worker: 1 
      # enable to add harbor specified annotations to converted image for tracking.
      harbor_annotation: true
      driver:
        # accelerator driver type: `estargz`
        type: estargz
        config:
          docker2oci: true
      rules:
        # add suffix to tag of source image reference as target image reference
        - tag_suffix: -esgz

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor-acceleration-service
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  selector:
    matchLabels:
      app: harbor-acceleration-service
  template:
    metadata:
      labels:
        app: harbor-acceleration-service
    spec:
      containers:
      - name: acceleration-service
        image: registry.foo.bar/dtomasgu/harbor-acceld:latest
        args:
        - ./misc/config/config.yaml
        volumeMounts:
        - name: harbor-acceleration-config
          mountPath: /misc/config
      volumes:
      - name: harbor-acceleration-config
        configMap:
          name: harbor-acceleration-config
          defaultMode: 0555

---
apiVersion: v1
kind: Service
metadata:
  name: harbor-acceleration
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  ports:
  - port: 2077
    targetPort: 2077
    name: https
  selector:
    app: harbor-acceleration-service

  1. Configure webhook on the project that wants to have accelerated images:
    image
    Pay attention to the endpoint url! http://harbor-acceleration.staging.svc.cluster.local:2077/api/v1/conversions

  2. Push a test image and profit:

image

Conform nydus cache image to OCI spec

  1. Using nerdctl pull --snapshotter nydus localhost/busybox:nydus-cache to pull the nydus cache image will result in the error number of layers and diffIDs don't match: 2!=0.
  2. If the source image has only one platform, generate the nydus cache image as a manifest instead of a manifest list.

While we don't usually pull the nydus cache image, it's preferred that cache images conform to the OCI spec wherever possible.

Harbor - webhook enhancement

  • Allow users to configure in harbor which image's push artifact events should be triggered.
  • How are failed webhook requests re-scheduled in harbor?

Can deamonless accelctl parse parameter directly?

Can the parameters of deamonless accelctl be passed directly on the
command line instead of through the configuration file?

For example, referring to the practice of crictl, the auth parameter
is made into the following form:
crictl pull --auth "xxxx" image-name

deamonless accelctl also adds a "--auth" parameter, and other
parameters are similar.

Can i convert proxyfied registries ?

I mean, i tried with estargz, it didn't work, but i was somehow expecting it to work.
Not sure if
it's not supported at all and i am doing something wrong.
Maybe i need a different setup, like an actual proxy project and an accelerated copy of that project.
It's not working and its not supposed to work.
It doesn't work right now, but maybe it will in a future release.

Nydus: temp mount leak if accelctl exits in advance

Reproduce:

$ accelctl convert --config misc/config/config.yaml localhost:5000/nginx:latest
# `Ctrl + C` to exit accelctl if the conversion still in progress.

$ mount | grep overlay
# Will see some temp mounts leak.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.