-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better UX for using local registry #1213
Comments
We're still designing this, there are some tradeoffs that depend on how the networking changes to fix #148 The obvious "registry" role route has some downsides, including that you'll need to push to each cluster. |
I choose not to run a local registry in-cluster. It is not great for testing against multiple versions and/or clusters. That is an adopted solution back from |
thanks for the input!
you can do this at boot time now, xref: https://kind.sigs.k8s.io/docs/user/local-registry/
That's a neat approach, thanks :-) |
Yeah, that |
Hooray! I've just realized that The workflow is like this:
There are @BenTheElder Thanks again! |
Hi! I work on Tilt! We care so much about good local registry support that if you're not using a local registry, we emit a warning that you should be. We currently point people at this script to set it up: I think the main things that are important to us (from a UX perspective) are (in order):
So I think our ideal CLI UX would be something like:
where |
still on my radar! we've mostly landed the host reboot work which includes using a docker network w/ embeded DNS, but had to spend time on a number of other critical fixes. we still need some follow up to that, but once we settle down the new networking a bit we should have a better idea what we can build the registry integration against. |
I think instead of a "create registry" w/ ordering issues (and presumably failing if it already exists etc.) the ux from k3d is closer to what people need, ie. |
(and I've just filed what I hope is the last major fix related to the DNS stuff, we neglected to update the NO_PROXY logic to handle it properly) |
@diafour, I'm using Docker for Windows running on WSL 2, Ubuntu 18.04. When I run kind-with-registry.sh, I can push/pull from my host at localhost:5000, however, k8s fails to pull images from the registry from that endpoint. I've tried substituting "host.docker.internal", but container pulls still fail to resolve the endpoint. Am I missing some specific guidance for Docker on WSL2? Thanks! EDIT: Somewhere along the line either I wasn't running 'docker network connect...' or I wasn't annotating the node with "kind.x-k8s.io/registry=localhost:5000". My image pulls are resolving now. |
/remove-kind design |
Consider using a different port than 5000 since its used by Apple MacOS Monterrey |
That is wildly unfortunate, 5000 is a commonly used development port and docker special cases allowing Reconfiguring dockerd is not something kind ought to be doing and will introduce user friction. Not excited to make the experience worse on other platforms because Apple decided to suddenly start binding to a commonly used port OOTB :/ |
Just for the record, there is no special case localhost:5000. dockerd trusts all local IPs despite the port:
|
Well I stand corrected 🙃 , thank you for sharing @diafour 🙏 If someone wants to update the port in the sample script, that should be a trivial change then 🙃 |
Hello! Thank you! |
I’m sorry but we’re prioritizing bug fixes like fixing reboot support and keeping up with Kubernetes, and user support, it doesn’t leave much time for designing / reviewing / implementing new features at the moment. |
That is fair. Hopefully that changes in the near future. |
Thanks, the core maintainers work primarily on Kubernetes but we're trying 😅 Smaller updates:
|
With or without using a local registry, would it be possible to create a configuration setting to "proxy" container images automagically through the local docker host? That way, bringing up or taking down kind clusters we'd still have the images locally. This would mitigate useless downloads that waste bandwidth, time, and energy. As a bonus it would be nice if the image didn't have to be duplicated between kind and the local docker store. |
Long story short: not readily, but it should be technically feasible if someone wished to invest in it. Currently the KIND maintainers are pretty focused on bug-fixes and maintenance when we're working on KIND (and not say, Kubernetes core). Containerd does have a way to configure * host to a mirror, except they changed the mirroring config (#2875, #2952) in a way that may not permit that anymore?, and you'd need a registry that implemented a recent-ish OCI distribution header (containerd/containerd#3734) to detect the real target host in the pull and mirror all hosts. I'm not aware of such an implementation yet, previously this wasn't feasible because the server didn't know what original host the target image was being mirror-pulled from.
Docker does not document or expose the local docker image storage except through pull/push/save/load, all of which do not match registries in that they are single-architecture (IE no manifest lists, which docker can do, but only through a special subcommand with different storage, awkwardly). We also support podman, and nominally support remote dockerd. |
FWIW, there's work actively under way to switch Docker's image store to use containerd, though it's still in beta - https://www.docker.com/blog/extending-docker-integration-with-containerd/ Docker has talked a little bit about how we might make it possible to auto-magically make the images appear in Kind. As Ben said, it's theoretically possible but there are a lot of devils hiding in the details. Might have to try a few different approaches. |
That's neat but it still won't be the node level containerd, most of that metadata is in a boltdb that you can't share between instances. (Also we can't just read files from the kind binary POV since they may be on different machines) not to mention podman which has its own storage. The only approach I see here as semi-feasible is if docker and podman etc (see also requests for nerdctl) get a special image pull proxy that reads the above header and then checks local storage but that's kinda fraught with nasty details (like how do you force pulling a new version of a tag) If you're willing to pay the cost and just want to cache between runs without knowing the images and explicitly storing / loading / mirroring them, you can use an extraMount and mount the containerd storage through to a directory on the host. However this will grow unbounded as for other reasons we have no image GC enabled in kind (which has it's own pile of issues that I won't dive into here) |
One thing that should at least be added to the page https://kind.sigs.k8s.io/docs/user/local-registry/ is how to handle proxy setting. If you have set the http_proxy environment variable, you have to add kind-registry to no_proxy variable. If you don't then it will try to use the proxy to find it. Not the easiest to find because I for example got ErrImagePull forbidden in Kubernetes. |
We're using that registry container image in our example docs. The issue is about the user experience around making it accessible to the nodes and the host. |
What would you like to be added:
Add a special node to the Kind cluster with 'registry' role. This node can run docker registry without the user having to run any extra scripts to configure Kind cluster
Why is this needed:
This can be an alternative to 'kind load docker-image' and naturally integrates with 'docker push' CI workflows.
Also, the registry storage can be mounted from the host and kind load can be avoided for easier setup.
The text was updated successfully, but these errors were encountered: