registry: Calculate schema 1 layer sizes in the registry #16776
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: miminar Assign the PR to them by writing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
openshift-ci-robot
added
the
size/XL
|
/test |
|
/retest |
| // fillImageMetadata fills metadata for image if needed. The metadata is filled by the master API if not | ||
| // already filled and if the maniest and config blobs are sent together with the image. The registry needs to | ||
| // fill the metadata only for schema 1 manifests that don't contain image sizes. Only the registry is capable | ||
| // of fetching and correcting blob sizes. |
There was a problem hiding this comment.
In general this is false, anybody with valid credentials can use HEAD to fetch blob sizes.
There was a problem hiding this comment.
Do you want to rephrase just the comment or do you suggest to make the master fetch the sizes from the registry?
I agree. We can't get rid of handling of the manifest on the master side though, As we are slowly moving to schema 2 and deprecating schema 1, we will be able to deprecate the latter in the future eventually. So only the parsing on the master will stay. |
Manifest V2 schema 1 lacks blob sizes in most cases. The registry is the only component that can fix the missing sizes. In case of schema 1, the registry must fill the image metadata and send it to the master API. Signed-off-by: Michal Minář <miminar@redhat.com>
miminar
force-pushed
the
get-schema1-blob-sizes
branch
from
15a3b53
to
a8bdcd5
Compare
|
@miminar: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
The extended test suite now secures the registry. This patch allows for secure connection to the registry. Mark few registry tests as serial. Prevent them from being run parallel with some other registry tests. Write registry log to file on re-deployment. The registry log is essential for externded test debugging. Without writing it to a file, this information will be lost. Skip image signature workflow test until we figure out, how to make `oadm verify-image-signature` work with secured integrated Docker registry. Issue openshift#16344. Temporarily skip limitrange_admission test. The image size counting is still broken for schema 1 - the layer sizes need to be filled on registry side. Will be fixed by openshift#16776. Signed-off-by: Michal Minář <miminar@redhat.com>
|
Please don't !!!
It will happen after few years at best. |
Sure, it won't happen any time soon, but eventually... 😄 Btw, our image sync will ignore schema 1 #14471, which is another step to deprecating it. |
| @@ -219,6 +230,56 @@ var manifestInflight = make(map[digest.Digest]struct{}) | |||
| // manifestInflightSync protects manifestInflight | |||
| var manifestInflightSync sync.Mutex | |||
|
|
|||
| // fillImageMetadata fills metadata for image if needed. The metadata is filled by the master API if not | |||
| // already filled and if the maniest and config blobs are sent together with the image. The registry needs to | |||
|
/unassign @mfojtik |
That's right. Closing. |
Manifest V2 schema 1 lacks blob sizes in most cases. The registry is the only component that can fix the missing sizes. In case of schema 1, the registry must fill the image metadata and send it to the master API.
Resolves bz#1491589