Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kube play snubs save-loaded image #19801

Closed
edsantiago opened this issue Aug 29, 2023 · 7 comments · Fixed by #19805
Closed

kube play snubs save-loaded image #19801

edsantiago opened this issue Aug 29, 2023 · 7 comments · Fixed by #19805
Assignees
@vrothberg
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@edsantiago
Copy link
Collaborator

Take an image, podman save it, then podman load it, and it works fine for purposes of podman run. As in, instantaneous with no registry checks.

podman kube play, however, turns up its nose at it and wants to re-fetch it from the registry, causing unnecessary wear and tear on network electrons.

Too complicated to explain, so here's a reproducer. Sample output:

...
Podman run - does not re-pull
Tue Aug 29 18:53:46 UTC 2023


**** Podman kube play - why does it re-pull?
Trying to pull quay.io/libpod/testimage:20221018...
Getting image source signatures
Copying blob a3ed95caeb02 skipped: already exists  
Copying blob 578f06cc66c5 skipped: already exists  
Copying config f5a99120db done  
Writing manifest to image destination

DO NOT RUN REPRODUCER ON A SYSTEM YOU CARE ABOUT!

It runs podman system reset because I wanted to eliminate variables. It'll probably work safely without the system reset but I haven't tested that.
@edsantiago edsantiago mentioned this issue Aug 29, 2023
Merged
@mheon
Copy link
Member

mheon commented Aug 29, 2023

@umohnani8 Is this deliberate to match Kubernetes more closely?

@edsantiago
Copy link
Collaborator Author

The podman save + podman load is a key part of the (what I consider) buggy behavior. Without save/load, kube play happily uses the existing image without pinging the registry.

(In other words: I'm no Kubernetes expert, but I have trouble seeing how that could be a compatibility feature)

@vrothberg
Copy link
Member

That is somehow expected. save + load changes the digest of the image and kube play uses --pull=newer. With the changed digest, podman will consider the image on the registry to be newer and pull it.

@vrothberg
Copy link
Member

The code in question is here: https://github.com/containers/podman/blob/main/pkg/domain/infra/abi/play.go#L995-L1000

I think this can be made smarter and only use --newer if the image has the latest tag or is on localhost/.

@vrothberg
Copy link
Member

Another thing: the integration tests cache the images as tarballs. I'd expect caching them in the dir: transport to be 1) much faster and 2) not run into the digest issue.

@vrothberg
Copy link
Member

Actually, we could use the oci:... transport instead. While testing, I noticed a bug and a short coming when pulling from oci:... which is now fixed in containers/common#1630.

@vrothberg vrothberg self-assigned this Aug 30, 2023
vrothberg added a commit to vrothberg/libpod that referenced this issue Aug 30, 2023
@vrothberg
kube play: fix pull policy
43472c6 
Use the `newer` pull policy only for the "latest" tag and default to
using `missing` otherwise.  This speeds up `kube play` as it'll skip
reaching out to the registry and also fixes other side-effects described
in containers#19801.

Fixes: containers#19801
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@vrothberg vrothberg mentioned this issue Aug 30, 2023
Merged
@vrothberg
Copy link
Member

vrothberg commented Aug 30, 2023
edited

Another thing: the integration tests cache the images as tarballs. I'd expect caching them in the dir: transport to be 1) much faster and 2) not run into the digest issue.

Tested it and found that 1) is not correct; pulling from docker-archive is faster than pulling from oci or dir.

vrothberg added a commit to vrothberg/libpod that referenced this issue Aug 30, 2023
@vrothberg
kube play: fix pull policy
ea7e701 
Use the `newer` pull policy only for the "latest" tag and default to
using `missing` otherwise.  This speeds up `kube play` as it'll skip
reaching out to the registry and also fixes other side-effects described
in containers#19801.

Fixes: containers#19801
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
vrothberg added a commit to vrothberg/libpod that referenced this issue Aug 30, 2023
@vrothberg
kube play: fix pull policy
d20b586 
Use the `newer` pull policy only for the "latest" tag and default to
using `missing` otherwise.  This speeds up `kube play` as it'll skip
reaching out to the registry and also fixes other side-effects described
in containers#19801.

Fixes: containers#19801
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Nov 30, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vrothberg vrothberg

Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kube play: fix pull policy vrothberg/libpod
3 participants
@edsantiago @mheon @vrothberg