Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image pulling time and optimizations #65

Open
anakrish opened this issue Oct 21, 2022 · 4 comments
Open

image pulling time and optimizations #65

anakrish opened this issue Oct 21, 2022 · 4 comments

Comments

@anakrish
Copy link
Contributor

anakrish commented Oct 21, 2022
edited
Loading

We observed the following based on our experiments:

  • It takes about 15 seconds to 1 minutes to pull 1GB of image data into a kata-cc pod
  • Multiple pull operations on the same node gets throttled by some registries (e.g dockerhub)

In a typical Kubernetes workflow, multiple pods that run on the same node would share images, improving pod startup time.
This sharing is currently not possible with image-rs.

image-rs devel plan mentions:

Step3: Advanced features
Develop a snapshotter to support container image on demand pull/decrypt, for image layer caching or sharing, it is TBD depends on the security model.

 Define on demand pull/decrypt required manifest standard
 Snapshotter: support on demand pull
 Image layer sharing between containers (TBD)
  1. Is the above devel plan still good?
  2. Are there already efforts to write a snapshotter to cache image layers?
  3. Are there other thoughts about optimizing image pull?
@arronwy
Copy link
Member

arronwy commented Oct 25, 2022

Hi @anakrish , currently we are working on optimizing image pull with stream mode(async read) support, this will also reduce the memoy consumption during image pulling but it will require some API change in oci-distribution and ocicrypt-rs crate.

Next we may need support on demand pull. For image layer sharing support between pods, we may need save encrypted image layers in host, then we will support on demand decrypt in guest.

@anakrish
Copy link
Contributor Author

anakrish commented Oct 25, 2022
edited
Loading

For image-caching on host, were you thinking of

  • Using a containerd remote snapshotter to pull and cache images on the host and have image-rs look up the cache
  • Or have image-rs pull the image but cache it on the host

@anakrish anakrish mentioned this issue Nov 3, 2022
Open
@c3d
Copy link
Member

c3d commented Nov 4, 2022

Here is a design proposal on how to do image caching on the host at the block level.
https://docs.google.com/presentation/d/1ie4i6p17VEm5klQchjAVisMUQYFCO8rIQsT3GvGWHS4/edit#slide=id.g12878630eea_0_382

@anakrish
Copy link
Contributor Author

@arronwy You mention

Next we may need support on demand pull. For image layer sharing support between pods, we may need save encrypted image layers in host, then we will support on demand decrypt in guest.

Can you describe how you are planning to approach on demand pull and layer sharing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c3d @arronwy @anakrish