-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CC: Nydus-snapshotter trigger enablement cached? #8337
Comments
\cc @fidencio @jiangliu @ChengyuZhu6 - you might be interested in this, or have some ideas |
What I met is: if I remove the images on host, I can get it worked as expected:Like:
Log
If there is
|
Thanks for the information. That's not ideal for managed kubernetes, but good to know |
Agreed, we definitely have the case that images already existing on host, for example:
|
I am seeing similar behavior on my node btw. In fact I had forgotten to add the annotation to my yaml files but since I had already pulled the images when running the tests I did not notice. |
Switch the nydus test to use alpine over nginx to avoid hitting annotation caching issues as reported in: kata-containers/kata-containers#8337 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Switch the nydus test to use alpine over nginx to avoid hitting annotation caching issues as reported in: kata-containers/kata-containers#8337 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman I reproduce the problem in my local machine with runtimeclass Container runtimes identify container images only by their image name (or image reference) and/or image digest (a SHA256 hash of the content). Therefore, containerd should use a pair of (imageName, runtimeclass) to identify images. There is an issue on containerd to track it. I expect the issue to be resolved once the related work is done. I hope these information helps you understand:
|
BTW, I believe the work is satisfactory for us to use snapshotters in CoCo, and the annotation about cri-handler will be deprecated soon. Therefore, if we want to use the feature of runtime-level snapshotter in containerd, we may need to assign one snapshotter per runtimeclass instead of using multiple snapshotters in the same runtimeclass. That's the comments in the containerd code:
|
Use busybox image to verify the cached issues, created a new peer-pod env for every case:
|
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
- add test cases for guest pull images - need revist after we use container2.0 with 'image pull per runtime class' feature for kata-containers#8337 and kata-containers#8407 Signed-off-by: Da Li Liu <liudali@cn.ibm.com>
I'm not sure if this is the correct repo for this issue, but we can migrate it later. I've been trying to automate the nydus snapshotter pull-on-guest for the peer pods tests and as part of that hit some strange findings. I think this is an accurate write up of what I've done, but I was doing a lot of debugging before I found this pattern:
io.containerd.cri.runtime-handler
annotation is set to the kata-cc runtime class.e.g.
results in the pull being done on the guest via nydus snapshotter, as can be seen from the cloud-api-adaptor logs:
vs.
which leads to:
(Not that the CRI-O fallback of calling
PullImage
is used as there is nodriver:image_guest_pull
storage mount_point)This is as we expected and matches the findings that @fidencio originally saw, which lead to us needing to use the annotation.
Subsequent usage of the same images are where is gets confusing as it appears to be ignoring the annotation, suggesting that either the annotation is cached, or the effect of the annotation is cached.:
I updated the busybox pod spec to remove the annotation:
so would expect that nydus-snapshotter code path to not be activated, but it is:
then updating the alpine image to include the annotation:
which seemed to have not effect and it didn't have the
driver:image_guest_pull
stillIt seems that whatever nydus-snapshotter enablement we use the first time we pull the image is used for all subsequent pulls meaning that if a user accidentally misses the cri-runtime annotation the first time, then they can't do pull on guest again. It might be that there is some file on the worker that I can remove that will reset this, but I'm not sure that's a great plan. I achieved this with the kata-remote runtime and cloud-api-adaptor, but I don't think that's it's related to that runtime class.
The text was updated successfully, but these errors were encountered: