HEAD check and fallback if S3 is missing layers #66
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The test bucket we have is a one-off sync and cannot be guaranteed to have all layers present.
This caused issues with our test job right after implementing redirect-to-s3 when kops started using an image we didn't have synced into the test s3 bucket.
https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-grid-gcr-mirror-canary/1517823558204526592
... so for the sake of development, I implemented checking if the layer actually exists.
Each AWS bucket can handle 5,500s HEAD RPS without sharding the bucket key prefix, if we need more we can implement key prefix, or we can institute caching in the OCI proxy. There appears to be no client rate limit, just the bucket scaling.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/optimizing-performance.html
If for any reason we can't verify that the blob is available, we simply fall back to redirecting GCR.
This logic only impacts the AWS-client serving path, and AWS clients already get the benefit of moving to being served a local copy when we roll this out, which should be a net-win.