KEP-3000: Image Promotion and Distribution Policy

[hh]

• One-line PR description: KEP-3000: Artifact Promotion and Distribution Policy
• Issue link: [KEP] Sharing the load of K8s Artifacts distribution between vendors to reduce the cost burden on the Kubernetes community infrastructure #3055

[hh]

/assign @justaugustus @dims

[ameukam]

artifacts

The title of the KEP implies artifacts are concerned by this KEP. We need more clarification about which type of artifacts are non-goals.

[ameukam]

Is it possible to consider non-cloud users ?

[BobyMCbobs]

The greatest percentage of cost comes from cloud customers, so we will focus on them for this KEP

[justaugustus]

(Mentioned on Slack first)

@hh -- I've left a few tweaks (which will also fix the presubmits) here: https://github.com/justaugustus/enhancements/tree/MST-3000

[hh]

/assign @spiffxp

[eddiezane]

/cc

[thockin]

I know there aare more questions I am forgetting to ask

[thockin]

I think we should break this into 2 major phases:

1. Container images
2. Other artifacts

We may even want to break it to 2 KEPs so we can "finish" one.

[BobyMCbobs]

Good thought! This KEP just focuses on container images now.

[thockin]

Let's document and consider two main approaches:

1. Push. Each mirror provider gives us a mechanism and credentials to push container images. As we promote images from staging to prod, we push to all mirrors. We need to consider credential security and rotation.

2. Pull. We publish a log (git repo?) of image changes and mirrors are expected to sync changes in a reasonable period of time (99p @ 10 mins?).

[BobyMCbobs]

Opted into a push based mechanism, where sig-k8s-infra manages the content of the buckets

[thockin]

We need to detail how to on-board a mirror. E.g.:

• provide some guarantees of service (e.g. a contract with CNCF) and point of contact
• provide an emergency contact in case of outage
• provide a mapping of client IPs to mirror (maybe through a git repo)

Then we can add the mirror and have the front-end server start redirecting traffic.

We will want to periodically healthcheck each mirror (e.g. pull a random blob, measure latency). If HC fails, remove mirror until it passes N times. We need a site or something indicating which mirrors are healthy, maybe stats.

We will want to log all redirects and set up a PII-anonymizing process so we can publish some aggregated information about how much traffic is going to each mirror, top images globally, etc.

[ameukam]

provide some guarantees of service (e.g. a contract with CNCF) and point of contact

Most of the managed services for Container registries have SLAs. We need to agree about minimum level of SLA. We now plan to usage object storage services

[BobyMCbobs]

Going off of what @ameukam says here, we are working closely with the providers who consume the most to bring up infra that we manage.

[thockin]

We will need to detail how we turn up the new DNS name and redirector and how we plan to convert users of old GCR name into the new name.

[BobyMCbobs]

Members of sig-k8s-infra have made PRs against projects like kops and Kubernetes to change the defaults.
There's also e2e testing through changing the domain for various jobs running in Prow.

[thockin]

We should also document that we're explicitly OK with a model where the management of the mirror is opaque to us as long as the other criteria are met.

[ameukam]

Suggested change

	approvers:
	- "@ameukam"
	- "@justaugustus"
	approvers:
	- "@ameukam"
	- "@dims"
	- "@justaugustus"
	- "@saschagrunert"

[BobyMCbobs]

updated in 6bfecc8

[ameukam]

We should not stick the user story to a cloud environment. We don't want to break the existing way of consuming those container images produced.

[BobyMCbobs]

Since the most of the spend is only cloud users, this should be fine to focus on for this KEP

[hh]

Pulled out User Stories for this merge

[ameukam]

we should be more clear about the meaning of "local":

Suggested change

	Then I will be redirected to a local CLOUD registry
	Then I will be redirected to the closest network endpoint of the registry

[BobyMCbobs]

resolved in f960d6f

[ameukam]

We should provide a link to the full report and not just a screenshot for better transparency.

[BobyMCbobs]

Update to show AWS involvement without exposing company specific usage patterns more context, in 7030358.

[ameukam]

We should provide a list of what exactly is needed in terms of infrastructure to ensure this KEP go to implementable.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: hh / name: Hippie Hacker (1919dc5, f15fdd6)
• ✅ login: justaugustus / name: Stephen Augustus (he/him) (467d84a, bfdee87)
• ✅ login: BobyMCbobs / name: Caleb Woodbine (300cc1d, b5ffc45, 6e68a6c, 35d575b, 6a1b9bf, f960d6f, 0e5fafb, f074245, 4a77099, 2abfc73, 6bfecc8, 7030358)

[hh]

(Mentioned on Slack first)

@hh -- I've left a few tweaks (which will also fix the presubmits) here: https://github.com/justaugustus/enhancements/tree/MST-3000

Thanks!

[dims]

@justaugustus @saschagrunert this is ready (all conversations resolved). Please take a look and approve if appropriate.

[saschagrunert]

/approve

[dims]

Let's merge and iterate thanks @BobyMCbobs

/approve
/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, hh, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• keps/sig-release/OWNERS [dims,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment