kapp-controller icon indicating copy to clipboard operation
kapp-controller copied to clipboard

Published 20 hours ago verified publisher icon carvel-dev

[vendir cache] Enable caching in vendir

Open joaopapereira opened this issue 3 years ago • 6 comments

Describe the problem/challenge you have Implementation of https://github.com/vmware-tanzu/carvel-kapp-controller/issues/664

Provide vendir with all the information needed to enable caching of images and bundles

Describe the solution you'd like kapp-controller will create a folder that will provide to vendir to store all the cached data as well as the maximum size of the contents that can be cacheable.

Implementation bits:

  • kapp-controller deployment can contain an emptyDir that will be used to store all the cached content
  • kapp-controller needs to create a folder in this directory per AppCR, to ensure other AppCR cannot use images they do not have access to.
  • The recommendation for the folder name could be "namespace+secretName". If we do this may be different AppCR could reuse caching because they have the same credentials which means the same access level to the registry. Keep in mind that having the folders per secret if we remove the folder when a particular AppCR is deleted, this will cause other AppCRs to refetch the contents

Anything else you would like to add: Open questions:

  • What should be the maximum size that kapp-controller should allow to be cached?

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

joaopapereira avatar May 13 '22 17:05 joaopapereira

The recommendation for the folder name could be "namespace+secretName"

which secret are we talking about here?

cppforlife avatar May 13 '22 18:05 cppforlife

The recommendation for the folder name could be "namespace+secretName"

which secret are we talking about here?

The secret name used to retrieve the image.

joaopapereira avatar May 13 '22 20:05 joaopapereira

The recommendation for the folder name could be "namespace+secretName". If we do this may be different AppCR could reuse caching because they have the same credentials which means the same access level to the registry. Keep in mind that having the folders per secret if we remove the folder when a particular AppCR is deleted, this will cause other AppCRs to refetch the contents

there could be multiple secrets in play since vendir can fetch several things. additionally same secret could be used for fetching different types of images/content. to me the most non-problematic/easy naming is something along these lines:

<some-location>/apps/<AppCR-metadata.uid>/.vendir-cache/fetcher/imgpkgBundle/<bundle digest>/<contents>
  • AppCR-metadata.uid is unique per creation of App CR so avoid problems with somehow reusing cache per new App CR created
  • .vendir-cache is similar in name to already used .vendir-tmp

cppforlife avatar May 16 '22 22:05 cppforlife

I think you have a good point saying that the same secret could be used to fetch different types of content, resulting in some overcrowding of the folder. About your recommendation for the folder name, not sure if we need a hidden folder or even if we need the fetcher folder. Maybe it could be as simple as <some-location>/apps-cache/<AppCR-metadata.uid>/imgpkgBundle/<bundle digest>/<contents>

joaopapereira avatar May 23 '22 20:05 joaopapereira

since vendir could be used standalone (caching feature included) my rationale for <some-location>/apps/<AppCR-metadata.uid>/.vendir-cache/fetcher/imgpkgBundle/<bundle digest>/<contents> location was:

  • <some-location>/apps/<AppCR-metadata.uid>/ is something that kapp-controller is responsible for configuring per App
  • .vendir-cache/fetcher/imgpkgBundle/<bundle digest>/<contents> is a structure that vendir would be responsible for. i like explicitness of fetcher since vendir down the line could be doing some other type of caching -- like how it builds entire directories. ive suggested .vendir-cache since it might make sense for vendir to reuse some common directory as its cache (i think other tools typically created something like .x/ directory in shared locations).

cppforlife avatar May 23 '22 23:05 cppforlife

After making the change to use AppCR uid I realized that in some cases it is not present. When we are dealing with package repositories we copy the AppCR but not the UID of it so when we are doing the fetch phase we do not have any UID, which becomes a problem. Due to this, I think we will have to revert to the idea of <some-location>/apps/{AppCR-Namespace}/{AppCR-name} being the folder that will be passed to vendir.

joaopapereira avatar Aug 25 '22 14:08 joaopapereira