Add option to push images sequentially in push-all #1658
Conversation
|
I am worried that this change might negatively affect existing use cases (i.e. make them slower). |
That's a reasonable concern. In my experience, pushing 178 relatively small images sequentially, from source uploaded to and built in GCB to GCR, took only a minute or two longer than pushing in parallel. I talked with @jonjohnsonjr and he mentioned it could actually be somewhat faster to push sequentially, since blob existence checks could get more hits. This is especially true if the images tend to share layers, which in my case they do, and even moreso if the layers are large (mine generally aren't). Weigh this against the not-entirely-well-known issue that manifests when "too many" (How many? Not empirically known) images are pushed, caused by the |
smukherj1
requested review from
eytankidron
and removed request for
smukherj1 and
alex1545
|
You might be right about sequential pushes being faster in some cases. That sounds reasonable, but honestly, I don't know, and I'd rather not make this change which might affect existing users in unforeseeable ways. |
I did revert the commit, since I wanted to plead my case for sequential-by-default first. Existing users are already affected in unforeseeable ways -- at some point they can add too many images, and push-all will fail in mysterious and hard to debug ways. This change removes that unspecified hard-to-debug behavior at the cost of some latency. Some users might be negatively affected by that increase in latency, but push-all never specified parallel pushes to users, and since it's turning out to be unsafe, I think it's safe to do from a user-surprise perspective. I'm separately working on some changes in go-containerregistry to efficiently (and safely!) push multiple images in parallel, and if that lands I expect it could be very useful in this scenario. |
|
I'm honestly not sure how most users use push-all. Do they mostly use it to push <50 images and may be negatively affected by slowness? Maybe, maybe not. So how about adding a sequential/parallel flag and have it default to sequential. Then if anyone notices a hit in performance, they can always switch back to parallel. Additionally, once your changes to container registry land, we can switch to using that. |
|
The main reason I don't want to add a flag, whatever its default, is that we fully expect to remove it in the future, and that seems like a hairy breaking change to manage. Meanwhile I just want to successfully push my 100+ images using Bazel 😄 If the behavior of push-all remains "unspecified", we have flexibility to say that, sure, it was in parallel, but now it's sequential for safety. If a user is unsatsified with the additional latency after this change (which we're not even sure they'll notice), they can use an older version of rules_docker until some future change supports safe parallel pushing without unspecified random failures. |
|
I'm okay with paying the price of the eventual deprecation of the sequential/parallel flag. I don't think it needs to be a breaking change. The way I see it, once the efficient and correct parallel push is rolled out, we just declare this flag as deprecated and allow users to set whatever value for this flag, while documenting that we are now ignoring it. I think this is a reasonable price to pay for the ability to have users be able to choose the best solution that works for them until this better push lands. I am saying this with the full understanding that we have no way of knowing (nor do we plan to try and figure out) what the best solution is for users or what the users think the best solution for them is. I just don't want to be in a situation where a customer wants to go back to the the old way of pushing but for some other reason can't use the older version. |
If you're comfortable managing the removal of the flag that's fine with me. I'll ping this PR when I have the FYI I just landed |
imjasonh
force-pushed
the
push-all
branch
2 times, most recently
from
153d199
to
1ce0288
Compare
imjasonh
changed the title
|
Confirmed that this PR works to push distroless images sequentially, and that removing |
|
Looks like buidifier is failing because of lexicographical order.
|
There seems to be a bug with pushing many images (50+) related to the async+wait behavior previously used, and this new option will give users who have lots of images to push a safer option.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: eytankidron, ImJasonH The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/gcbrun |
Is there interest in migrating push behavior into Go code from Bash? We're hitting some rate limits with AWS when pushing hundreds of images in parallel, and we may be able to remedy that by pushing sequentially, but if there's interest/alignment in moving the parallelism into a Go binary, I could explore the concept in a pull request. |
There seems to be a bug with pushing many images (50+) related to the
async+wait behavior previously used, and this new option will give users
who have lots of images to push a safer option.
Fixes #525