Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: solution of docker image for Pod without public registry #315

Open
metrue opened this issue Oct 13, 2019 · 0 comments
Open

Proposal: solution of docker image for Pod without public registry #315

metrue opened this issue Oct 13, 2019 · 0 comments
Assignees
@metrue
Labels
RFC idea, design, and tasks.

Comments

@metrue
Copy link
Owner

metrue commented Oct 13, 2019
edited
Loading

Related discussion threads on Kubernetes repo:

Problem:

The workflow of the current solution of fx deploy a function to be a service,

fx-on-k8s

You can see that Pod pulls Docker images from the public registry (hub.docker.com) during the Deployment creation and that's why current fx requires DOCKER_USERNAME and DOCKER_PASSWORD since it pushed Docker image to public registry first to make sure the Docker image is ready during the Pod creation.

There are problems in the current solution,

  • Requires DOCKER_USERNAME and DOCKER_PASSWORD is bad and inconvenient
  • Push Docker image to and Pull Docker image from the public registry is not just because the request from the public registry takes an amount of time but also because the code (Docker image) is private for a user.
  • It requires network connected with outside, the deploy process should be able to happen only inside of fx network (Docker environment or Kubernetes environment)

Proposal

To fix the above issue, we should be able to build Docker image inside Kubernetes cluster.

the workflow of a service deployment of fx will be like,

k8s-1 (1)

Why this solution works?

  • How the source code of function's Docker project passed into InitiContainer

The source code of function's Docker project will be store into ConfigMap, then the InitContainer can read it from ConfigMap.

  • Why the InitContainer can build the docker image?

The InitContainer is run Docker container (https://hub.docker.com/_/docker), and mount the /var/run/docker.sock of node into it, then we can invoke docker against the node's Docker daemon, and the image built is store in node.

  • The Docker image has to be able accessed on the node the Pod is running on.

Since the InitContiainer (image build) and Container (functional running) is running on same node, so the image built by InitContainer is available for Container.

  • The Docker image has to be built before Kubernetes start the functional container (the container of our function is to run on).
    The image is built in InitContainer (it runs at the initializing stage of the Pod) so the image will be ready before the Kubernetes start the functional container.

Limitation

  • ConfigMap has limited on data storage, so the source code function's Docker project could be too big
@metrue metrue self-assigned this Oct 13, 2019
@metrue metrue changed the title setup local docker registry Proposal: solution of docker image for Pod without public registry Oct 14, 2019
@metrue metrue added the RFC idea, design, and tasks. label Oct 14, 2019
This was referenced Oct 16, 2019
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@metrue metrue

Labels
RFC idea, design, and tasks.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@metrue