feat: add oci pull capabilities #5075
Conversation
ricardomaraschini
force-pushed
the
adds-download-from-oras-function
branch
2 times, most recently
from
dabdb5a
to
b6c3686
Compare
ricardomaraschini
force-pushed
the
adds-download-from-oras-function
branch
from
b6c3686
to
2998a01
Compare
implement logic to download artifacts from a registry using oras. these are not yet in use but will soon be. Signed-off-by: Ricardo Maraschini <[email protected]>
ricardomaraschini
force-pushed
the
adds-download-from-oras-function
branch
from
2998a01
to
b5e2955
Compare
Co-authored-by: Andrew Lavery <[email protected]> Signed-off-by: Ricardo Maraschini <[email protected]>
rename package from oras to oci. Signed-off-by: Ricardo Maraschini <[email protected]>
using DownloadOption and downloadOptions instead. Signed-off-by: Ricardo Maraschini <[email protected]>
makes the test code better. Signed-off-by: Ricardo Maraschini <[email protected]>
remove some references to oras from some code comments. Signed-off-by: Ricardo Maraschini <[email protected]>
ricardomaraschini
changed the title
|
Not directly related to this PR, but something that came to my mind while reviewing this: Do we want to support plain HTTP OCI registries? We didn't specify this in the ADR, but it seems like a reasonable thing to do. Especially given that OCI artifacts are content-addressed, specifying artifacts by their hash is probably secure enough, even when not using TLS. Moreover, we're not disallowing plain HTTP downloads either. The main question is: How to switch? Do we want to have our own custom scheme in the URL, à la |
|
Are multi-arch artifacts a thing? If yes, we should probably add some test cases for those. |
this commit changes the oci downloader in some aspects: - stops downloading the artifact into a temporary location. - does not fail if multiple artifacts are present. - allow users to specify the artifact they desire to download. - if multiple artifacts are present and no artifact name is provided downloads the first one. this commit also adds a test to verify the new behavior. Signed-off-by: Ricardo Maraschini <[email protected]>
ricardomaraschini
force-pushed
the
adds-download-from-oras-function
branch
from
77470f5
to
efc3f72
Compare
Apparently yes, do we want to support them immediately or this is something we can implement as a follow up PR ? It involves ManifestList / ImageIndex IIUC and implementing THAT is going go get nasty real quick. |
allows pulling oci artifacts from plain http endpoints. Signed-off-by: Ricardo Maraschini <[email protected]>
Implemented here, please take a look. |
Sure, I was already okay with the previous version of this PR. Letz move on. |
| func findArtifactDescriptor(all []ocispec.Descriptor, opts downloadOptions) (ocispec.Descriptor, error) { | ||
| for _, desc := range all { | ||
| if desc.MediaType == ocispec.MediaTypeEmptyJSON { | ||
| continue | ||
| } | ||
| // if no artifact name is specified, we use the first one. | ||
| fname := opts.artifactName | ||
| if fname == "" || fname == desc.Annotations[ocispec.AnnotationTitle] { | ||
| return desc, nil | ||
| } | ||
| } | ||
| if opts.artifactName == "" { | ||
| return ocispec.Descriptor{}, fmt.Errorf("no artifacts found") | ||
| } | ||
| return ocispec.Descriptor{}, fmt.Errorf("artifact %q not found", opts.artifactName) | ||
| } |
There was a problem hiding this comment.
When having a look at our implementation, I realize that the ADR just says: "We'll download via OCI", but not at all what's meant by this. As far as I understand, there's no common understanding of what it means to download an artifact via OCI, i.e. it is very much implementation dependent.
I think we should augment the ADR with a spec what k0s means/expects when it tries to download files from OCI registries. WDYT?
There was a problem hiding this comment.
Oh yes, this is what we mention in the ADR:
Implement support in Autopilot for pulling artifacts, such as k0s binaries and image bundles
So we at least know what we expect to find in the registry. We should at least write down what we expect when it comes to file names and formats.
Description
implement logic to download artifacts from a registry using oras. these are not yet in use but will soon be. this is part of the implementation for this adr.
Type of change
How Has This Been Tested?
Checklist: