Comments (11)
The project and the infrastructure is maintained by volunteers at the moment. we should not provide SLAs for the public workloads we host.
I agree with the proposal.
from registry.k8s.io.
What if we define a notification mechanism and send notice 2 weeks (or 30 days or something) before we add a new backend?
is the notification mechanism not going to have the same problem of understaffing? if that happens, having a notification channel that doesn't work is worse than not having nothing IMHO
from registry.k8s.io.
It seems that an availability guarantee for "backend" endpoint is an anti-feature as:
- We don't want end-consumers to start depending directly on a specific endpoint. The odds are if a deployment is using a specific endpoint, the dependency will have a life time of weeks to years.
- It ties our hands operationally for doing load shedding or even taking a misbehaving endpoint offline.
- In the case where a client has spent minutes to hours trying to pull down a layer because of a poor connection, the end-user should already have strong tolerance to downloads timing out.
from registry.k8s.io.
/cc
from registry.k8s.io.
End users get to pull images off the internet for free. For the 0.1% of our users who run K8s on networks with restricted egress, we will share the endpoints from which our images will be served for a particular source IP and 30 days (some other arbitrary window) notice if they change. If that doesn't work for customer X, then they should run mirrors at their own cost. You shouldn't be complaining about services offered for free.
We can make some uptime guarantees (99.5%) with the tradeoff that we can serve the images from wherever we want and we provide a pre-agreed notice period.
from registry.k8s.io.
I don't think we should make any timing guarantees or uptime guarantees. This is free and barely staffed or funded.
At any point if we're ready to take advantage of new infra, we should be free to do so.
Users that are sensitive to these changes due to enterprise compliance etc should simply host their own, with guaranteed uptime and stable implementation details and API endpoints.
Even IP addresses we simply may not be able to guarantee. If users need to have extremely tight restrictions on this, they need to sort that out themselves going forward.
I don't think other free OSS package hosts commit to guarantees like this.
from registry.k8s.io.
cc @dims @ameukam @spiffxp @thockin (k8s infra chairs + leads)
from registry.k8s.io.
I agree Ben.
from registry.k8s.io.
I think this is the only reasonable stance we can take. That said, I like the idea of "giving notice". We can't reach every user or fix it for them, but we CAN give warning.
What if we define a notification mechanism and send notice 2 weeks (or 30 days or something) before we add a new backend? Could be a mailing list or a git repo or a static URL or something that can be monitored. For users who need to know the full set, they can pay attention.
This shifts most of the onus back to those users who know best what they specifically need.
It doesn't need to be IPs (can't be), just the set of hostnames that the proxy might redirect them to for blob backends.
What think?
from registry.k8s.io.
What if we define a notification mechanism and send notice 2 weeks (or 30 days or something) before we add a new backend? Could be a mailing list or a git repo or a static URL or something that can be monitored. For users who need to know the full set, they can pay attention.
Maybe, however ...
I can't find any precedence for this (other than the implicit, undocumented expectation we unintentionally created around k8s.gcr.io / gcr.io/google-containers).
Dockerhub, pypi, crates.io, the go module proxy, .... none of them appear to do anything remotely like documenting the required endpoints and waiting some period of time before rolling out new ones.
I'm not sure we should go out of our way, to create a new precedent, which then restricts our ability to roll out optimizations (and not just cost, also things like serving out of new regions to both limit cross-region traffic and to reduce latency), and adds additional work for maintaining the registry. We've already added and removed regions multiple times as we've built this out.
from registry.k8s.io.
Drafted something here: #124
from registry.k8s.io.
Related Issues (20)
- Can't pull images from k8s.io in eu-west region over IPv6 HOT 10
- Not able to install K8s Cluster using kubeadm init command due to x509: certificate signed by unknown authority. HOT 3
- Unable to download docker images from registry.k8s.io due to x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com HOT 2
- Unable to download docker images from registry.k8s.io due to x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com HOT 1
- kubeadm init clone project to local compilation error HOT 11
- TLS handshake timeout pulling registry.k8s.io/kube-apiserver:v1.25.4 HOT 8
- Unable to pull registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2 HOT 5
- Error response from daemon: Head "https://europe-west3-docker.pkg.dev/v2/k8s-artifacts-prod/images/sig-storage/csi-provisioner/manifests/v4.0.0": Forbidden HOT 3
- regional outage due to GCP us-west1 incident HOT 17
- Consider blocking some invalid requests at the edge HOT 1
- enable outlier detection HOT 5
- K8's registry block server IP HOT 4
- investigate switching to signed URLs HOT 4
- how to configure kubernetes registry to pull images i am getting image pull back issue HOT 1
- PULL REQUEST FAIL WHEN TRYING TO PULL IMAGE FROM registry.k8s.io HOT 4
- Disconnected Environments and "mirroring to a location you control" HOT 1
- Unable to access the registry when a specific User-Agent header is set HOT 13
- Handle missing referrers API HOT 4
- switch to aws-sdk-go-v2 HOT 3
- Please use subdomains for wildcard dns entries instead of path substitution HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from registry.k8s.io.