During kubelet prestart, skip pause image pull if image exist #2587
Conversation
| @@ -148,9 +155,15 @@ func App() *cli.App { | |||
| Usage: "path to image registry configuration", | |||
| Destination: ®istryConfig, | |||
| }, | |||
| &cli.BoolFlag{ | |||
| Name: "skip-if-image-exist", | |||
There was a problem hiding this comment.
nit: maybe "skip-if-image-exists"
| @@ -495,16 +508,15 @@ func pullImageOnly(containerdSocket string, namespace string, source string, reg | |||
|
|
|||
| // Parse the source ref if it looks like an ECR ref. | |||
| isECRImage := ecrRegex.MatchString(source) | |||
| ref := source | |||
There was a problem hiding this comment.
This change makes sense to me: ref is a copy of the source string which is redundant. Instead, the change to just use source seems more simple without introducing an additional variable.
There was a problem hiding this comment.
Yeah, this is a vestige of some preprocessing I did with the ECR image source to convert it to a ECR resolver compatible image reference. Now it's redundant to make a copy of the variable.
There was a problem hiding this comment.
Lemme capture this in a separate commit, the comment there is also inaccurate now
| // fetchImage returns a `containerd.Image` given an image source. | ||
| func fetchImage(ctx context.Context, source string, client *containerd.Client, registryConfigPath string, fetchCachedImageIfExist bool) (containerd.Image, error) { |
There was a problem hiding this comment.
nit: it might be better to reuse the useCachedImage parameter name everywhere.
it could be a bit confusing to see that skipIfExist = true (implying that any action would be skipped) and then see "Image exists, fetching cached image from image store" get logged (implying that something was fetched).
etungsten
force-pushed
the
check-before-pull
branch
2 times, most recently
from
46c12d4
to
069280a
Compare
|
Pushes above addresses @bcressey 's comments:
Repeated testing and the results are the same as described in the PR description. |
|
Woops, i mixed up one of the commits. fixing |
This adds a new flag to both `run` and `pull-image` subcommands to skip image pull and the associated registry authentications if a local cached copy of the image exists.
This makes it so that if the pause container image already exists in containerd's image store, host-ctr won't try to authenticate and pull the pause image and let kubelet use the cached image copy.
This removes a redundant copy of the image source and rewords the comment above matching the image against the ECR image source regex.
etungsten
force-pushed
the
check-before-pull
branch
from
069280a
to
4ca408f
Compare
|
Push above has no changes, just moves changes to their appropriate commits. |
Issue number:
Resolves #2567
Description of changes:
Testing done:
Testing locally:
Pull image when it doesn't exist locally
After, pulling the same image with
--skip-if-image-exist=trueTesting on aws-k8s-1.22 built from this branch:
Launched with
settings.kubernetes.standalone-mode=true, kubelet is running fine initally:Then I removed network egress from the instance's security group. Restarted kubelet and it comes up fine:
bash-5.1# systemctl status kubelet ● kubelet.service - Kubelet Loaded: loaded (/aarch64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/kubelet.service.d └─exec-start.conf /aarch64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/kubelet.service.d └─load-ipvs-modules.conf, make-kubelet-dirs.conf, prestart-pull-pause-ctr.conf Active: active (running) since Thu 2022-11-17 00:17:50 UTC; 3s ago ...Then I manually tried pulling the pause container image and it skips the image pull as expected.
Testing
host-ctr run --use-cached-imageand it works as expected. If the image is already there, start the host-container task without pulling the image again:Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.