Skip to content

Add namespace query parameter for mirrors #3451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add namespace query parameter for mirrors #3451

wants to merge 1 commit into from

Conversation

@dmcgowan
Copy link
Member

@dmcgowan dmcgowan commented Jul 25, 2019

Mirrored registries are design to serve content from upstreams. However, the mirror hostname will usually not match the hostname of the upstream, requiring the mirror to only use a single upstream or use its own pattern matching to determine the upstream. To solve this issue, the client will pass along the namespace which is being used for the request, allowing mirrors to easily map to multiple upstreams. This query parameter can safely be ignored if multiple upstreams are not supported.

Marking as draft to move along conversation in opencontainers/distribution-spec#12

@dmcgowan dmcgowan requested a review from stevvooe July 25, 2019 01:00
@theopenlab-ci
Copy link

theopenlab-ci bot commented Jul 25, 2019

Build succeeded.

@codecov-io
Copy link

codecov-io commented Jul 25, 2019
edited
Loading

Codecov Report

Merging #3451 into master will increase coverage by <.01%.
The diff coverage is 53.65%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3451      +/-   ##
==========================================
+ Coverage   44.11%   44.11%   +<.01%     
==========================================
  Files         124      124              
  Lines       13760    13794      +34     
==========================================
+ Hits         6070     6085      +15     
- Misses       6759     6774      +15     
- Partials      931      935       +4
Flag Coverage Δ
#linux 47.87% <56.25%> (ø) ⬆️
#windows 39.77% <53.65%> (+0.01%) ⬆️
Impacted Files Coverage Δ
remotes/docker/registry.go 61.33% <100%> (+1.05%) ⬆️
remotes/docker/fetcher.go 47.54% <25%> (-2.46%) ⬇️
remotes/docker/resolver.go 53.29% <58.06%> (-0.24%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fdab4f4...7538d45. Read the comment docs.

@dmcgowan
Add namespace query parameter for mirrors
078c2b2 
Mirrored registries are design to serve content from upstreams.
However, the mirror hostname will usually not match the hostname
of the upstream, requiring the mirror to only use a single
upstream or use its own pattern matching to determine the upstream.
To solve this issue, the client will pass along the namespace which
is being used for the request, allowing mirrors to easily map
to multiple upstreams. This query parameter can safely be ignored
if multiple upstreams are not supported.

Signed-off-by: Derek McGowan <[email protected]>
@theopenlab-ci
Copy link

theopenlab-ci bot commented Jul 25, 2019

Build succeeded.

@dmcgowan dmcgowan mentioned this pull request Jul 26, 2019
Closed
@Random-Liu
Copy link
Member

Random-Liu commented Aug 6, 2019
edited
Loading

@dmcgowan With today's containerd, the client is configured to talk with a specific registry MirrorHost, and resolving the original image ref UpstreamHost/library/busybox.

In this model, the mirror will get the original image ref, thus it will know whatever the upstream is, right?

I guess you don't like the regexp match of UpstreamHost/library/busybox on the mirror server?

@dmcgowan
Copy link
Member Author

dmcgowan commented Aug 7, 2019

The problem with UpstreamHost/library/busybox is that no mirror supports it and there is no way today for the client to know whether the registry would understand that. The path to get that working would be to re-introduce the ping before every pull along with a defined configuration to figure out how the registry wants the client to interpret the "path" component. This would reintroduce the extra latency for ping, make the whole process more complicated, and fragment the registry ecosystem as now registries would need to be able to handle multiple types of clients to offer content on multiple URLs.

In this model, the mirror will get the upstream host information via a query parameter, which can be safely ignored if the mirror does not support arbitrary or multiple upstreams. (A path component cannot be ignored 😄 )

@Random-Liu
Copy link
Member

Random-Liu commented Aug 7, 2019
edited
Loading

With today's containerd, the client is configured to talk with a specific registry MirrorHost, and resolving the original image ref UpstreamHost/library/busybox.

@dmcgowan Hm, my bad. I didn't pay attention to the protocol before. I thought that we are just talking to different mirrors, and request UpstreamHost/library/busybox (as a parameter or sub-path), so that mirrors should know the upstream.

However, as you said (and based on the log and code), it seems that todays implementation is https://MirrorHost/v2/library/busybox. :)

Then adding UpstreamHost as a parameter of the request makes sense to me. :)

@dmcgowan
Copy link
Member Author

dmcgowan commented Aug 8, 2019

@Random-Liu I see in your mirror PR on CRI you don't add the push capability to the hosts. This code would see that and add the query parameter on all requests from CRI. While it is harmless I am not sure if that is ideal

@Random-Liu
Copy link
Member

Random-Liu commented Aug 9, 2019
edited
Loading

@dmcgowan Kubernetes/CRI doesn't need the push capability from the client side.

If we want to add push capability, I think we can only add it to the default host.

@dmcgowan dmcgowan mentioned this pull request Aug 13, 2019
Open
7 tasks
@dmcgowan dmcgowan added this to the 1.3 milestone Aug 19, 2019
@dmcgowan dmcgowan marked this pull request as ready for review August 23, 2019 22:56
fuweid
fuweid reviewed Sep 17, 2019
View reviewed changes
remotes/docker/resolver.go
var q url.Values
// Parse query
if i := strings.IndexByte(r.path, '?'); i > 0 {
r.path = r.path[:i+1]
Copy link
Member

@fuweid fuweid Sep 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should parse first and then truncate the path

@dmcgowan dmcgowan modified the milestones: 1.3, 1.4 Sep 24, 2019
@dmcgowan
Copy link
Member Author

dmcgowan commented Oct 8, 2019

Going to close this for now since it is not mergeable, changes need to be made for configurable and better logic for determining whether a registry is a global mirror.

@dmcgowan dmcgowan closed this Oct 8, 2019
@dmcgowan dmcgowan deleted the remote-mirror-ns branch March 23, 2022 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fuweid fuweid fuweid left review comments

@stevvooe stevvooe Awaiting requested review from stevvooe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.4

Development

Successfully merging this pull request may close these issues.

4 participants

@dmcgowan @codecov-io @Random-Liu @fuweid