imageprune

package
v3.11.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2018 License: Apache-2.0 Imports: 41 Imported by: 19

Documentation

Overview

Package prune contains logic for pruning images and interoperating with the integrated Docker registry.

Index

Constants

View Source
const (
	// ReferencedImageEdgeKind defines a "strong" edge where the tail is an
	// ImageNode, with strong indicating that the ImageNode tail is not a
	// candidate for pruning.
	ReferencedImageEdgeKind = "ReferencedImage"
	// WeakReferencedImageEdgeKind defines a "weak" edge where the tail is
	// an ImageNode, with weak indicating that this particular edge does
	// not keep an ImageNode from being a candidate for pruning.
	WeakReferencedImageEdgeKind = "WeakReferencedImage"

	// ReferencedImageConfigEdgeKind defines an edge from an ImageStreamNode or an
	// ImageNode to an ImageComponentNode.
	ReferencedImageConfigEdgeKind = "ReferencedImageConfig"

	// ReferencedImageLayerEdgeKind defines an edge from an ImageStreamNode or an
	// ImageNode to an ImageComponentNode.
	ReferencedImageLayerEdgeKind = "ReferencedImageLayer"

	// ReferencedImageManifestEdgeKind defines an edge from an ImageStreamNode or an
	// ImageNode to an ImageComponentNode.
	ReferencedImageManifestEdgeKind = "ReferencedImageManifest"
)

TODO these edges should probably have an `Add***Edges` method in images/graph and be moved there

Variables

This section is empty.

Functions

func DetermineRegistryHost

func DetermineRegistryHost(images *imagev1.ImageList, imageStreams *imagev1.ImageStreamList) (string, error)

DetermineRegistryHost returns registry host embedded in a pull-spec of the latest unmanaged image or the latest imagestream from the provided lists. If no such pull-spec is found, error is returned.

func FakeRegistryClientFactory

func FakeRegistryClientFactory() (*http.Client, error)

FakeRegistryClientFactory is a registry client factory creating no client at all. Useful for dry run.

func TryProtocolsWithRegistryURL

func TryProtocolsWithRegistryURL(registry string, allowInsecure bool, action func(registryURL url.URL) error) (*url.URL, error)

TryProtocolsWithRegistryURL runs given action with different protocols until no error is returned. The https protocol is the first attempt. If it fails and allowInsecure is true, http will be the next. Obtained errors will be concatenated and returned.

Types

type BlobDeleter

type BlobDeleter interface {
	// DeleteBlob uses registryClient to ask the registry at registryURL
	// to remove the blob.
	DeleteBlob(registryClient *http.Client, registryURL *url.URL, blob string) error
}

BlobDeleter knows how to delete a blob from the Docker registry.

func NewBlobDeleter

func NewBlobDeleter() BlobDeleter

NewBlobDeleter creates a new blobDeleter.

type ComponentRetention

type ComponentRetention struct {
	ReferencingStreams map[*imagegraph.ImageStreamNode]bool
	PrunableGlobally   bool
}

ComponentRetention knows all the places where image component needs to be pruned (e.g. global blob store and repositories).

type ComponentRetentions

type ComponentRetentions map[*imagegraph.ImageComponentNode]*ComponentRetention

ComponentRetentions contains prunable locations for all the components of an image.

func (ComponentRetentions) Add

func (cr ComponentRetentions) Add(
	comp *imagegraph.ImageComponentNode,
	globallyPrunable bool,
) *ComponentRetention

Add adds component marked as (not) prunable in the blob store.

func (ComponentRetentions) AddReferencingStreams

func (cr ComponentRetentions) AddReferencingStreams(
	comp *imagegraph.ImageComponentNode,
	prunable bool,
	streams ...*imagegraph.ImageStreamNode,
) *ComponentRetention

AddReferencingStreams adds a repository location as (not) prunable to the given component.

type DefaultRegistryPinger

type DefaultRegistryPinger struct {
	Client   *http.Client
	Insecure bool
}

DefaultRegistryPinger implements RegistryPinger.

func (*DefaultRegistryPinger) Ping

func (drp *DefaultRegistryPinger) Ping(registry string) (*url.URL, error)

Ping verifies that the integrated registry is ready, determines its transport protocol and returns its url or error.

type Deletion

type Deletion struct {
	Node   gonum.Node
	Parent gonum.Node
}

Deletion denotes a single deletion of a resource as a result of processing a job. If Parent is nil, the deletion occured in the global blob store. Otherwise the parent identities repository location.

type DryRunRegistryPinger

type DryRunRegistryPinger struct {
}

DryRunRegistryPinger implements RegistryPinger.

func (*DryRunRegistryPinger) Ping

func (*DryRunRegistryPinger) Ping(registry string) (*url.URL, error)

Ping implements Ping method.

type ErrBadReference

type ErrBadReference struct {
	// contains filtered or unexported fields
}

ErrBadReference denotes an invalid reference to image, imagestreamtag or imagestreamimage stored in a particular object. The object is identified by kind, namespace and name.

func (*ErrBadReference) Error

func (e *ErrBadReference) Error() string

func (*ErrBadReference) String

func (e *ErrBadReference) String() string

type Failure

type Failure struct {
	Node   gonum.Node
	Parent gonum.Node
	Err    error
}

Failure denotes a pruning failure of a single object.

func (*Failure) Error

func (pf *Failure) Error() string

func (*Failure) String

func (pf *Failure) String() string

type ImageDeleter

type ImageDeleter interface {
	// DeleteImage removes the image from OpenShift's storage.
	DeleteImage(image *imagev1.Image) error
}

ImageDeleter knows how to remove images from OpenShift.

func NewImageDeleter

func NewImageDeleter(images imagev1client.ImagesGetter) ImageDeleter

NewImageDeleter creates a new imageDeleter.

type ImagePrunerFactoryFunc

type ImagePrunerFactoryFunc func() (ImageDeleter, error)

ImagePrunerFactoryFunc is a factory function returning an image deleter for use in a worker.

type ImageStreamDeleter

type ImageStreamDeleter interface {
	// GetImageStream returns a fresh copy of an image stream.
	GetImageStream(stream *imagev1.ImageStream) (*imagev1.ImageStream, error)
	// UpdateImageStream removes all references to the image from the image
	// stream's status.tags. The updated image stream is returned.
	UpdateImageStream(stream *imagev1.ImageStream) (*imagev1.ImageStream, error)
	// NotifyImageStreamPrune shows notification about updated image stream.
	NotifyImageStreamPrune(stream *imagev1.ImageStream, updatedTags []string, deletedTags []string)
}

ImageStreamDeleter knows how to remove an image reference from an image stream.

func NewImageStreamDeleter

func NewImageStreamDeleter(streams imagev1client.ImageStreamsGetter) ImageStreamDeleter

NewImageStreamDeleter creates a new imageStreamDeleter.

type Job

type Job struct {
	Image      *imagegraph.ImageNode
	Components ComponentRetentions
}

Job is an image pruning job for the Worker. It contains information about single image and related components.

type JobResult

type JobResult struct {
	Job       *Job
	Deletions []Deletion
	Failures  []Failure
}

JobResult is a result of job's processing.

type LayerLinkDeleter

type LayerLinkDeleter interface {
	// DeleteLayerLink uses registryClient to ask the registry at registryURL to
	// delete the repository layer link.
	DeleteLayerLink(registryClient *http.Client, registryURL *url.URL, repo, linkName string) error
}

LayerLinkDeleter knows how to delete a repository layer link from the Docker registry.

func NewLayerLinkDeleter

func NewLayerLinkDeleter() LayerLinkDeleter

NewLayerLinkDeleter creates a new layerLinkDeleter.

type ManifestDeleter

type ManifestDeleter interface {
	// DeleteManifest uses registryClient to ask the registry at registryURL to
	// delete the repository's image manifest data.
	DeleteManifest(registryClient *http.Client, registryURL *url.URL, repo, manifest string) error
}

ManifestDeleter knows how to delete image manifest data for a repository from the Docker registry.

func NewManifestDeleter

func NewManifestDeleter() ManifestDeleter

NewManifestDeleter creates a new manifestDeleter.

type Pruner

type Pruner interface {
	// Prune uses imagePruner, streamPruner, layerLinkPruner, blobPruner, and
	// manifestPruner to remove images that have been identified as candidates
	// for pruning based on the Pruner's internal pruning algorithm.
	// Please see NewPruner for details on the algorithm.
	Prune(
		imagePrunerFactory ImagePrunerFactoryFunc,
		streamPruner ImageStreamDeleter,
		layerLinkPruner LayerLinkDeleter,
		blobPruner BlobDeleter,
		manifestPruner ManifestDeleter,
	) (deletions []Deletion, failures []Failure)
}

Pruner knows how to prune istags, images, manifest, layers, image configs and blobs.

func NewPruner

func NewPruner(options PrunerOptions) (Pruner, kerrors.Aggregate)

NewPruner creates a Pruner.

Images younger than keepYoungerThan and images referenced by image streams and/or pods younger than keepYoungerThan are preserved. All other images are candidates for pruning. For example, if keepYoungerThan is 60m, and an ImageStream is only 59 minutes old, none of the images it references are eligible for pruning.

keepTagRevisions is the number of revisions per tag in an image stream's status.tags that are preserved and ineligible for pruning. Any revision older than keepTagRevisions is eligible for pruning.

pruneOverSizeLimit is a boolean flag speyfing that all images exceeding limits defined in their namespace will be considered for pruning. Important to note is the fact that this flag does not work in any combination with the keep* flags.

images, streams, pods, rcs, bcs, builds, daemonsets and dcs are the resources used to run the pruning algorithm. These should be the full list for each type from the cluster; otherwise, the pruning algorithm might result in incorrect calculations and premature pruning.

The ImageDeleter performs the following logic:

remove any image that was created at least *n* minutes ago and is *not* currently referenced by:

- any pod created less than *n* minutes ago - any image stream created less than *n* minutes ago - any running pods - any pending pods - any replication controllers - any daemonsets - any kube deployments - any deployment configs - any replica sets - any build configs - any builds - the n most recent tag revisions in an image stream's status.tags

including only images with the annotation openshift.io/image.managed=true unless allImages is true.

When removing an image, remove all references to the image from all ImageStreams having a reference to the image in `status.tags`.

Also automatically remove any image layer that is no longer referenced by any images.

type PrunerOptions

type PrunerOptions struct {
	// KeepYoungerThan indicates the minimum age an Image must be to be a
	// candidate for pruning.
	KeepYoungerThan *time.Duration
	// KeepTagRevisions is the minimum number of tag revisions to preserve;
	// revisions older than this value are candidates for pruning.
	KeepTagRevisions *int
	// PruneOverSizeLimit indicates that images exceeding defined limits (openshift.io/Image)
	// will be considered as candidates for pruning.
	PruneOverSizeLimit *bool
	// AllImages considers all images for pruning, not just those pushed directly to the registry.
	AllImages *bool
	// PruneRegistry controls whether to both prune the API Objects in etcd and corresponding
	// data in the registry, or just prune the API Object and defer on the corresponding data in
	// the registry
	PruneRegistry *bool
	// Namespace to be pruned, if specified it should never remove Images.
	Namespace string
	// Images is the entire list of images in OpenShift. An image must be in this
	// list to be a candidate for pruning.
	Images *imagev1.ImageList
	// ImageWatcher watches for image changes.
	ImageWatcher watch.Interface
	// Streams is the entire list of image streams across all namespaces in the
	// cluster.
	Streams *imagev1.ImageStreamList
	// StreamWatcher watches for stream changes.
	StreamWatcher watch.Interface
	// Pods is the entire list of pods across all namespaces in the cluster.
	Pods *corev1.PodList
	// RCs is the entire list of replication controllers across all namespaces in
	// the cluster.
	RCs *corev1.ReplicationControllerList
	// BCs is the entire list of build configs across all namespaces in the
	// cluster.
	BCs *buildv1.BuildConfigList
	// Builds is the entire list of builds across all namespaces in the cluster.
	Builds *buildv1.BuildList
	// DSs is the entire list of daemon sets across all namespaces in the cluster.
	DSs *kappsv1.DaemonSetList
	// Deployments is the entire list of kube's deployments across all namespaces in the cluster.
	Deployments *kappsv1.DeploymentList
	// DCs is the entire list of deployment configs across all namespaces in the cluster.
	DCs *appsv1.DeploymentConfigList
	// RSs is the entire list of replica sets across all namespaces in the cluster.
	RSs *kappsv1.ReplicaSetList
	// LimitRanges is a map of LimitRanges across namespaces, being keys in this map.
	LimitRanges map[string][]*corev1.LimitRange
	// DryRun indicates that no changes will be made to the cluster and nothing
	// will be removed.
	DryRun bool
	// RegistryClient is the http.Client to use when contacting the registry.
	RegistryClientFactory RegistryClientFactoryFunc
	// RegistryURL is the URL of the integrated Docker registry.
	RegistryURL *url.URL
	// IgnoreInvalidRefs indicates that all invalid references should be ignored.
	IgnoreInvalidRefs bool
	// NumWorkers is a desired number of workers concurrently handling image prune jobs. If less than 1, the
	// default number of workers will be spawned.
	NumWorkers int
}

PrunerOptions contains the fields used to initialize a new Pruner.

type RegistryClientFactoryFunc

type RegistryClientFactoryFunc func() (*http.Client, error)

RegistryClientFactoryFunc is a factory function returning a registry client for use in a worker.

type RegistryPinger

type RegistryPinger interface {
	// Ping performs a health check against registry. It returns registry url qualified with schema unless an
	// error occurs.
	Ping(registry string) (*url.URL, error)
}

RegistryPinger performs a health check against a registry.

type Worker

type Worker interface {
	// Run is supposed to be run as a go-rutine. It terminates when nil is received through the in channel.
	Run(in <-chan *Job, out chan<- JobResult)
}

Worker knows how to prune image and its related components.

func NewWorker

func NewWorker(
	algorithm pruneAlgorithm,
	registryClientFactory RegistryClientFactoryFunc,
	registryURL *url.URL,
	imagePrunerFactory ImagePrunerFactoryFunc,
	streamPruner ImageStreamDeleter,
	layerLinkPruner LayerLinkDeleter,
	blobPruner BlobDeleter,
	manifestPruner ManifestDeleter,
) (Worker, error)

NewWorker creates a new pruning worker.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL