-
Notifications
You must be signed in to change notification settings - Fork 137
Expand file tree
/
Copy pathmemorypullcache.go
More file actions
245 lines (217 loc) · 8 KB
/
Copy pathmemorypullcache.go
File metadata and controls
245 lines (217 loc) · 8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
// Copyright 2026 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package memorypullcache
import (
"bytes"
"context"
"fmt"
"io"
"log/slog"
"net"
"runtime"
"strings"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/mutate"
"github.com/google/go-containerregistry/pkg/v1/remote"
"k8s.io/utils/lru"
)
// maxCacheableImageBytes bounds which images are held in the in-memory pull
// cache, compared against the image's total compressed (download) size.
//
// Why compressed size and not the extracted (uncompressed) size that is what we
// actually hold in memory: the extracted size is not recorded anywhere in the
// image metadata (neither the manifest nor the config carries it), so the only
// way to learn it is to download and decompress every layer — exactly the work
// this guard exists to avoid for large images. The compressed layer sizes, by
// contrast, are listed in the manifest and readable with a single small
// request. Compressed size is always <= extracted size, so it is a
// conservative lower bound: anything we reject as too large is definitely too
// large uncompressed too. The threshold may be revisited later.
const maxCacheableImageBytes = 100 * 1024 * 1024
type MemoryPullCache struct {
gcpAuthenticator authn.Authenticator
localhostRegistryReplacement string
// Map from hexadecimal sha256 hash of image to byte contents of composed
// tarball
cache *lru.Cache
}
func NewMemoryPullCache(ctx context.Context, gcpAuthenticator authn.Authenticator, localhostRegistryReplacement string) (*MemoryPullCache, error) {
c := &MemoryPullCache{
// TODO: Need a smarter cache with bounds on total consumed size, not
// just number of entries. Potentially also try to share the cache
// across ateoms on the same machine.
//
// It would have to be a directory with files named after the sha256
// hash. The benefit would be that a read might be found in the
// filesystem cache, or perhaps the folder could be on SSD.
//
// From the perspective of stable operation, without hidden kernel
// caches that could fill up or have weird behavior, it might be better
// to just have two levels. Store some images in ateom memory, and the
// rest are kept in a shared GCS cache.
cache: lru.New(256),
localhostRegistryReplacement: localhostRegistryReplacement,
}
c.gcpAuthenticator = gcpAuthenticator
return c, nil
}
func (c *MemoryPullCache) Fetch(ctx context.Context, ref string) (io.ReadCloser, error) {
// when running in kind we need to rewrite the registry endpoint similar to the
// containerd mirror config used in https://kind.sigs.k8s.io/docs/user/local-registry/
// for now we have simple opt-in support to rewrite local registries
rewritten := false
if c.localhostRegistryReplacement != "" {
newRef := c.rewriteLocalRegistry(ref)
if newRef != ref {
ref = newRef
rewritten = true
}
}
var nameOpts []name.Option
// match docker behavior, permit http image pulls for local registries
// this avoids needing to distribute TLS certs all around for local development
if rewritten || isLocalRegistry(ref) {
nameOpts = append(nameOpts, name.Insecure)
}
parsedRef, err := name.ParseReference(ref, nameOpts...)
if err != nil {
return nil, fmt.Errorf("while parsing reference: %w", err)
}
// If the image ref included a digest, check for a hit in the pull cache.
requestedDigest, digestWasIncluded := parsedRef.(name.Digest)
if digestWasIncluded {
slog.InfoContext(
ctx,
"Ref includes digest, checking for cache hit",
slog.String("ref", ref),
slog.String("digest", requestedDigest.DigestStr()),
)
if vAny, ok := c.cache.Get(requestedDigest.DigestStr()); ok {
slog.InfoContext(
ctx,
"Cache hit",
slog.String("ref", ref),
slog.String("digest", requestedDigest.DigestStr()),
)
return io.NopCloser(bytes.NewReader(vAny.([]byte))), nil
}
}
slog.InfoContext(
ctx,
"Cache miss",
slog.String("ref", ref),
)
// If we didn't have a cache hit, we are on the slow path of pulling the
// image from the registry. This is a chatty process, with multiple round
// trips to the registry.
var remoteOptions []remote.Option
remoteOptions = append(remoteOptions,
// Propagate caller ctx into go-containerregistry so cancellation tears
// down in-flight layer-blob HTTP requests instead of letting them run
// to completion in background goroutines (which retain partial-blob
// buffers and amplify atelet RSS during ResumeActor death loops).
remote.WithContext(ctx),
remote.WithPlatform(v1.Platform{
Architecture: runtime.GOARCH,
OS: "linux",
}),
)
registry := parsedRef.Context().Registry.RegistryStr()
if registry == "gcr.io" || strings.HasSuffix(registry, ".gcr.io") || registry == "pkg.dev" || strings.HasSuffix(registry, ".pkg.dev") {
if c.gcpAuthenticator != nil {
remoteOptions = append(remoteOptions, remote.WithAuth(c.gcpAuthenticator))
}
}
img, err := remote.Image(parsedRef, remoteOptions...)
if err != nil {
return nil, fmt.Errorf("in remote.Image: %w", err)
}
// Guard the in-memory cache against large images. NOTE: img.Size() returns
// the size of the *manifest* (a few KB), not the image, so it must NOT be
// used here — it never exceeds the threshold and the guard would be a no-op.
// Sum the compressed layer sizes from the manifest instead (see
// maxCacheableImageBytes for why compressed, not extracted, size). Images
// over the threshold are streamed through without caching.
manifest, err := img.Manifest()
if err != nil {
return nil, fmt.Errorf("in img.Manifest(): %w", err)
}
var compressedSize int64
for _, layer := range manifest.Layers {
compressedSize += layer.Size
}
if compressedSize > maxCacheableImageBytes {
slog.InfoContext(ctx,
"Image is too large to cache",
slog.String("ref", ref),
slog.Int64("compressed_size", compressedSize),
)
return mutate.Extract(img), nil
}
tarData := mutate.Extract(img)
defer tarData.Close()
memData, err := io.ReadAll(tarData)
if err != nil {
return nil, fmt.Errorf("while reading image: %w", err)
}
if digestWasIncluded {
// If the user requested multi-arch image, the digest they request will
// not be the same as the digest of the image we actually downloaded
// from the registry. We need to place the cache entry under the digest
// they requested.
c.cache.Add(requestedDigest.DigestStr(), memData)
slog.InfoContext(
ctx,
"Populated image cache",
slog.String("ref", ref),
slog.String("digest", requestedDigest.DigestStr()),
)
}
return io.NopCloser(bytes.NewReader(memData)), nil
}
func registryHost(ref string) string {
parts := strings.SplitN(ref, "/", 2)
reg, err := name.NewRegistry(parts[0], name.Insecure)
if err != nil {
return ""
}
hostPart := reg.Name()
if h, _, err := net.SplitHostPort(hostPart); err == nil {
return h
}
return hostPart
}
func isLocalhostOrLoopback(host string) bool {
if host == "localhost" {
return true
}
if ip := net.ParseIP(host); ip != nil && ip.IsLoopback() {
return true
}
return false
}
func isLocalRegistry(ref string) bool {
// by default docker permits localhost and 127.0.0.0/8
// we also permit IPv6 loopback here
return isLocalhostOrLoopback(registryHost(ref))
}
func (c *MemoryPullCache) rewriteLocalRegistry(ref string) string {
if isLocalRegistry(ref) {
parts := strings.SplitN(ref, "/", 2)
return c.localhostRegistryReplacement + "/" + parts[1]
}
return ref
}