Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

P2P not working with harbor #326

Open
1 task done
fengwang-db opened this issue Apr 26, 2024 · 8 comments
Open
1 task done

P2P not working with harbor #326

fengwang-db opened this issue Apr 26, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@fengwang-db
Copy link

What happened in your environment?

This is more like a question than a bug.
We deploy harbor using azure blob store as the backend storage. During image pull, harbor returns a signed URL to Azure blob store. When we turn on the P2PConfig to route the overlaybd blob download requests to a local server, we found the overlaybd requests are Azure URLs, e.g.

/registryfs/registryfs.cpp:132|GET:p2p_url: 127.0.0.1:8081/https://abced.blob.core.windows.net/harbor//docker/registry/v2/blobs/sha256/fc/fc830920cdbfd4bbb850c2c11a7932c2371f3916ed7709ecf168729d13326d01/data?se=2024-04-26T06%3A18%3A35Z&sig=zAFnql%2BX%2FJcDREL2tuiA%2FRuShaRQz5zSr8UDbf205W0%3D&sp=r&sr=b&sv=2016-05-31

What did you expect to happen?

Ideally we would like the request to be harbor, something like:
/v2/main/hello/test/blobs/sha256:ba81c3880903ca64f19e7dd0a6f7e52e90b68c2e8e0e3e63d143b1c6d4d60221?ns=harbor.test.com
So we can use something like Kraken and reduce the harbor load. It also seems inefficient for overlaybd to fetch a signed-url from harbor for each request.

Is this an expected behavior? How difficult is it to change the behavior to the above?

How can we reproduce it?

enable P2P in overlaybd.json:

      "p2pConfig": {
          "enable": true,
          "address": "127.0.0.1:8081"
      },

What is the version of your Overlaybd?

0.6.17

What is your OS environment?

Ubuntu 20.04

Are you willing to submit PRs to fix it?

  • Yes, I am willing to fix it.
@fengwang-db fengwang-db added the bug Something isn't working label Apr 26, 2024
@BigVan
Copy link
Member

BigVan commented Apr 26, 2024

Did you mean that you want overlaybd send http(s) request through http proxy during the entire lazy-loading progress

@fengwang-db
Copy link
Author

@BigVan That would also work. Is it something supported?

@fengwang-db
Copy link
Author

Another question, what's the difference between registryfs and registryfs_v2? Is there a preference which one should be used?

@fengwang-db
Copy link
Author

https://github.com/containerd/overlaybd/blob/v0.6.17/src/overlaybd/registryfs/registryfs.cpp#L125-L126
Basically we would prefer not to set the url to the re-direct url.

@fengwang-db fengwang-db mentioned this issue Apr 26, 2024
Draft
4 tasks
@fengwang-db
Copy link
Author

Is something like #327 acceptable? Or any better ideas?

@BigVan
Copy link
Member

BigVan commented Apr 29, 2024

So we can use something like Kraken and reduce the harbor load. It also seems inefficient for overlaybd to fetch a signed-url from harbor for each request.

So Kraken didn't work for the blob-signed URL?

@fengwang-db
Copy link
Author

@BigVan correct. kraken doesn't work with pre-signed url. it expects the request to be registry API compliant.

@BigVan
Copy link
Member

BigVan commented May 11, 2024

I think maybe setting an HTTP proxy is better than 'ignore redirect URL'?

It there any possible?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BigVan @fengwang-db