Skip to content

Deployment Notes #55

New issue
New issue
Open
Open
Deployment Notes#55
@dioguerra

Description

@dioguerra
dioguerra
opened on Sep 20, 2022

Just adding some deployment considerations. The service works quite well and we are happy with the result. I would like to add that:

  • It is a bit cumbersome for the user to setup this on their side as a per project webhook and the service could use an integration similar to what trivy has currently
  • We where sad to know that you cannot replace the image being converted with the resulting estargz(ed) image as the 'drop_suffic' does not accept a BLANK input. Not sure there are some concurrency aspects to why this is this way, but this would be a very usefull addition

Lastly, leaving my procedure down here for someone following at home:

  1. Compile the accelerator image from the project
git clone https://github.com/goharbor/acceleration-service
cd acceleration-service && make release-image
  1. Setup the cluster deployment
cat charts/cci-container-infra/templates/acceleration-service.yaml 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: harbor-acceleration-config
  namespace: staging
  labels:
    app: harbor-acceleration-service
data:
  config.yaml: |
    # http related config
    server:
      name: API
      # listened host for http
      host: 0.0.0.0
      # port for http
      port: 2077
    
    metric:
      # export metrics on `/metrics` endpoint
      enabled: true
    
    provider:
      source:
        # hostname of harbor service
        registry-staging.foo.bar:
          # base64 encoded `<robot-name>:<robot-secret>` for robot
          # account created in harbor
          auth: SOME_AUTH
          # use http registry communication
          insecure: false
          webhook:
            # webhook request auth header configured in harbor
            auth_header: header
      containerd:
        # ensure containerd service listening on this address
        address: /run/containerd/containerd.sock
        snapshotter: overlayfs
    
    converter:
      # number of worker for executing conversion task
      worker: 1 
      # enable to add harbor specified annotations to converted image for tracking.
      harbor_annotation: true
      driver:
        # accelerator driver type: `estargz`
        type: estargz
        config:
          docker2oci: true
      rules:
        # add suffix to tag of source image reference as target image reference
        - tag_suffix: -esgz

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor-acceleration-service
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  selector:
    matchLabels:
      app: harbor-acceleration-service
  template:
    metadata:
      labels:
        app: harbor-acceleration-service
    spec:
      containers:
      - name: acceleration-service
        image: registry.foo.bar/dtomasgu/harbor-acceld:latest
        args:
        - ./misc/config/config.yaml
        volumeMounts:
        - name: harbor-acceleration-config
          mountPath: /misc/config
      volumes:
      - name: harbor-acceleration-config
        configMap:
          name: harbor-acceleration-config
          defaultMode: 0555

---
apiVersion: v1
kind: Service
metadata:
  name: harbor-acceleration
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  ports:
  - port: 2077
    targetPort: 2077
    name: https
  selector:
    app: harbor-acceleration-service

  1. Configure webhook on the project that wants to have accelerated images:
    image
    Pay attention to the endpoint url! http://harbor-acceleration.staging.svc.cluster.local:2077/api/v1/conversions

  2. Push a test image and profit:

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions