目录
main
分支8
标签29
+ 疑修
Web IDE
Xing Ma
cache: support single manifest cache images


Remote cache handling assumes that every cache image root is either a
Docker manifest list or an OCI image index.  That is not true for
single-platform cache images.  A cache image with only one platform can
be stored as a normal image manifest, and registries may return
application/vnd.oci.image.manifest.v1+json as the resolved root media
type.


When such a cache image is used by a later conversion, Fetch rejects the
resolved descriptor before importing any cache records.  The conversion
then fails while updating and pushing the cache with an unsupported
media type error, even though the cache manifest itself contains valid
Nydus cache layer records.


Accept Docker schema2 manifests and OCI image manifests as cache image
roots.  Store the fetched manifest in the local content store and import
its layer records directly.  Share that import path with manifests that
are selected from an index so version checks, source digest validation,
source descriptor lookup, and cache record population stay consistent
between both layouts.


Push the descriptor returned by update instead of always constructing an
image index.  New single-platform cache images remain image manifests,
existing single-manifest cache images are updated in place, and existing
index or multi-platform cache images keep the index layout.  This keeps
the cache image shape aligned with the number of platforms and avoids a
synthetic index for the single-manifest case.


Add unit coverage for importing a single-manifest cache image, creating
a new single-platform manifest cache, and updating an existing single
manifest cache without converting it into an index.


Signed-off-by: Xing Ma maxing.lan@bytedance.com
9天前416次提交
README.md

Acceleration Service

Acceleration Service provides a general service to Harbor with the ability to automatically convert user images to accelerated images. When a user does something such as artifact push, Harbor will request the service to complete the corresponding image conversion through its integrated Nydus, eStargz, zstdchunked etc. drivers.

Release Version Docker Pulls Integration Test Concurrent Test Webhook Test

See more details in the design doc.

Quickstart

GETTING STARTED

Get Harbor

Deploy a local harbor service if you don’t have one, please refer to the harbor documentation.

Get binaries from release page

Currently, Acceleration Service includes the following tools:

  • An acceld daemon to work as an HTTP service to handle image conversion requests from harbor or accelctl.
  • An accelctl CLI tool to manage acceleration service (acceld) and can do image conversion in one-time mode.

Get accelctl and acceld binaries from acceleration-service release.

Configuration

Configure Habor

  1. Login to the Harbor web interface.

  2. Select one project and add a new Webhook configuration with the following fields:

    • Notify Type: choose HTTP
    • Event Type: Enable artifact pushed
    • Endpoint URL: <acceleration service address>/api/v1/conversions
    • Auth Header: <configured in acceleration service>

      Note: The webhook can help to convert images automatically by acceleration service. Also you can trigger an image conversion task by sending an HTTP request manually or using accelctl.

  3. Create a system robot account with following fields:

    • Expiration time: <by your choice>
    • Reset permissions: select Push Artifact, Pull Artifact, Create Tag

    When you get the robot account robot

    lt;robot-name>, please copy the secret and generate a base64 encoded auth string like this:

    $ echo -n '<robot-name>:<robot-secret>' | base64

    Note: the encoded auth string will be used in configuring acceleration service on the next step.

Configure Acceleration Service

  1. Copy the template config file.
  2. Modify the config file.
    • Change provider.source with your own harbor service hostname, the auth and webhook.auth_header should also be configured as the one generated by the above step.
    • Change settings in the converter.driver filed according to your requirements.

      Please follow the comments in the template config file.

Convert Image with Acceleration Service

Convert by acceld service

  1. Boot acceld daemon in config file directory
    $ ./acceld --config ./config.yaml
  2. Trigger image conversion
    • Push an image to trigger webhook.
      $ docker push <harbor-service-address>/library/nginx:latest
    • Convert manually by accelctl CLI tool.

      Please make sure the source OCI v1 images exist in your harbor registry.

      $ ./accelctl task create <harbor-service-address>/library/nginx:latest
      Or you can create a conversion task over the HTTP API by curl. Please refer to the development document.
      $ curl --location 'http://<acceleration-service-address>/api/v1/conversions?sync=$snyc' \
  --header 'Content-Type: application/json' \
  --data '{
      "type": "PUSH_ARTIFACT",
      "event_data": {
          "resources": [
              {
                  "resource_url": "<harbor-service-address>/dfns/alpine:latest"
              }
          ]
      }
  }
  '

One-time mode

One-time mode allows to do a conversion without starting the acceld service, using accelctl like this:

$ ./accelctl convert --config ./config.yaml 192.168.1.1/library/nginx:latest

INFO[2022-01-28T03:39:28.039029557Z] pulling image 192.168.1.1/library/nginx:latest     module=converter
INFO[2022-01-28T03:39:28.075375146Z] pulled image 192.168.1.1/library/nginx:latest      module=converter
INFO[2022-01-28T03:39:28.075530522Z] converting image 192.168.1.1/library/nginx:latest  module=converter
INFO[2022-01-28T03:39:29.561103924Z] converted image 192.168.1.1/library/nginx:latest-nydus  module=converter
INFO[2022-01-28T03:39:29.561197593Z] pushing image 192.168.1.1/library/nginx:latest-nydus  module=converter
INFO[2022-01-28T03:39:29.587585066Z] pushed image 192.168.1.1/library/nginx:latest-nydus  module=converter

Check Converted Image

You can see the converted image and source oci image in the some repo, they have different tag suffix.

Documentation

关于
goshellmakefile
README.md
1.8 MB
邀请码
    Gitlink(确实开源)
  • 加入我们
  • 官网邮箱:gitlink@ccf.org.cn
    • QQ群
  • QQ群
    • 公众号
  • 公众号

版权所有:中国计算机学会技术支持:开源发展技术委员会
京ICP备13000930号-9 京公网安备 11010802047560号