Chapter 9. Caching images for faster workspace start
This section describes installing the Image Puller on a CodeReady Workspaces cluster to cache images on cluster nodes.
9.1. Image Puller overview
Slow starts of Red Hat CodeReady Workspaces workspaces may be caused by waiting for the underlying cluster to pull images used in workspaces from remote registries. As such, pre-pulling images can improve start times significantly. The Image Puller can be used to pre-pull images and shorten workspace start times.
The Image Puller is an additional deployment that runs alongside Red Hat CodeReady Workspaces. Given a list of images to pre-pull, the application runs inside a cluster and creates a DaemonSet that pulls the images on each node.
The minimal requirement for an image to be pre-pulled is the availability of the sleep
command, which means that FROM scratch
images (for example, 'che-machine-exec') are currently not supported. Also, images that mount volumes in the dockerfile are not supported for pre-pulling on OpenShift.
The application can be deployed:
- using OperatorHub or installing the kubernetes image puller operator
- by processing and applying OpenShift templates.
The Image Puller pulls its configuration from a ConfigMap
with the following available parameters:
Parameter | Usage | Default |
---|---|---|
| Interval, in hours, between checking health of DaemonSets |
|
| The memory request for each cached image when the puller is running |
|
| The memory limit for each cached image when the puller is running |
|
| The CPU request for each cached image when the puller is running |
|
| The CPU limit for each cached image when the puller is running |
|
| Name of DaemonSet to be created |
|
| Namespace where DaemonSet is to be created |
|
|
List of images to be cached, in the format | Contains a default list of images. Before deploying, fill this with the images that fit the current requirements |
| Node selector applied to the Pods created by the DaemonSet |
|
The default memory requests and limits ensure that the container has enough memory to start. When changing CACHING_MEMORY_REQUEST
or CACHING_MEMORY_LIMIT
, you will need to consider the total memory allocated to the DaemonSet Pods in the cluster:
(memory limit) * (number of images) * (number of nodes in the cluster)
For example, running the image puller that caches 5 images on 20 nodes, with a container memory limit of 20Mi
requires 2000Mi
of memory.
9.2. Deploying Image Puller using the operator
The recommended way to deploy the Image Puller is through the operator.
9.2.1. Installing the Image Puller on OpenShift using OperatorHub
First, create a namespace in your cluster to host the image puller. Our example will use the namespace "image-puller".
Navigate to your OpenShift cluster’s console, and select Operators. Select OperatorHub and type "image puller" into the "Filter by keyword.." search bar. Click the OpenShift Image Puller Operator, click Continue and click Install. At the Installation Mode selection, choose A specific namespace on the cluster, and use the drop-down to find the namespace you created to install the image puller. Click Subscribe.
Wait for the OpenShift Image Puller Operator to install, and click the installation. Click the OpenShiftImagePuller tab, and then click Create instance. You will be taken to a screen with a YAML editor with a OpenShiftImagePuller
Custom Resource. Make any modifications to the Custom resource and click Create.
Navigate to the Workloads and Pods menu in the namespace that the image puller was installed, and you should see pods being created.
9.2.2. Installing the Image Puller on OpenShift using the Operator
Create a namespace to host the kubernetes image puller, and apply the following manifests from the GitHub repository:
export NAMESPACE=<namespace you created to host the image puller> oc apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/crds/che.eclipse.org_kubernetesimagepullers_crd.yaml -n $NAMESPACE oc apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/role.yaml -n $NAMESPACE oc apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/role_binding.yaml -n $NAMESPACE oc apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/service_account.yaml -n $NAMESPACE oc apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/operator.yaml -n $NAMESPACE
Then create a OpenShiftImagePuller
Custom Resource:
apiVersion: che.eclipse.org/v1alpha1 kind: KubernetesImagePuller metadata: name: image-puller namespace: <namespace you installed the image puller in> spec: configMapName: k8s-image-puller daemonsetName: k8s-image-puller deploymentName: kubernetes-image-puller images: >- java11-maven=quay.io/eclipse/che-java11-maven:nightly;che-theia=quay.io/eclipse/che-theia:next
9.3. Deploying Image Puller using OpenShift templates
The Image Puller repository contains OpenShift templates for deploying on OpenShift.
Prerequisites
- A running OpenShift cluster.
-
The
oc
binary file.
The following parameters are available to further configure the OpenShift templates:
Value | Usage | Default |
---|---|---|
|
The value of |
|
|
Image used for the |
|
| The image tag to pull |
|
| The name of the ServiceAccount used by the deployment (created as part of installation) |
|
|
The value of |
|
|
The value of |
|
|
The value of |
|
|
The value of |
|
See Table 9.1, “Image Puller default parameters” for more information about configuration values, such as DAEMONSET_NAME
, CACHING_INTERVAL_HOURS
, and CACHING_MEMORY_REQUEST
.
Image | URL | Tag |
---|---|---|
stacks-java-rhel8 | registry.access.redhat.com/codeready-workspaces/stacks-java-rhel8 | 2.1 |
theia-rhel8 | registry.access.redhat.com/codeready-workspaces/theia-rhel8 | 2.1 |
stacks-golang-rhel8 | registry.access.redhat.com/codeready-workspaces/stacks-golang-rhel8 | 2.1 |
stacks-node-rhel8 | registry.access.redhat.com/codeready-workspaces/stacks-node-rhel8 | 2.1 |
theia-endpoint-rhel8 | registry.access.redhat.com/codeready-workspaces/theia-rhel8 | 2.1 |
pluginbroker-metadata-rhel8 | registry.access.redhat.com/codeready-workspaces/pluginbroker-metadata-rhel8 | 2.1 |
pluginbroker-artifacts-rhel8 | registry.access.redhat.com/codeready-workspaces/pluginbroker-artifacts-rhel8 | 2.1 |
See Table 9.1, “Image Puller default parameters” for more information about configuration values, such as DAEMONSET_NAME
, CACHING_INTERVAL_HOURS
, and CACHING_MEMORY_REQUEST
.
Procedure
Installing
Clone the
kubernetes-image-puller
repository:$ git clone https://github.com/che-incubator/kubernetes-image-puller $ cd kubernetes-image-puller
Create a new OpenShift project to deploy the puller into:
$ oc new-project k8s-image-puller
Process and apply the templates to deploy the puller:
In CodeReady Workspaces you must use custom values to deploy the image puller. To set custom values, add to the
oc process
an option:-p <parameterName>=<value>
:$ oc process -f deploy/serviceaccount.yaml \ | oc apply -f - $ oc process -f deploy/configmap.yaml \ -p IMAGES='stacks-java-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-java-rhel8:2.1;\ theia-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1;\ stacks-golang-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-golang-rhel8:2.1;\ stacks-node-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-node-rhel8:2.1;\ theia-endpoint-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1;\ pluginbroker-metadata-rhel8=egistry.access.redhat.com/codeready-workspaces/pluginbroker-metadata-rhel8:2.1;\ pluginbroker-artifacts-rhel8=registry.access.redhat.com/codeready-workspaces/pluginbroker-artifacts-rhel8:2.1;' \ | oc apply -f - $ oc process -f deploy/app.yaml \ -p IMAGE=registry.redhat.io/codeready-workspaces/imagepuller-rhel8 \ -p IMAGE_TAG='2.1' \ | oc apply -f -
Verifying the installation
Confirm that a new deployment,
kubernetes-image-puller
, and a DaemonSet (named based on the value of theDAEMONSET_NAME
parameter) exist. The DaemonSet needs to have a Pod for each node in the cluster:$ oc get deployment,daemonset,pod --namespace k8s-image-puller deployment.extensions/kubernetes-image-puller 1/1 1 1 2m19s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.extensions/kubernetes-image-puller 1 1 1 1 1 <none> 2m10s NAME READY STATUS RESTARTS AGE pod/kubernetes-image-puller-5495f46497-mkd4p 1/1 Running 0 2m18s pod/kubernetes-image-puller-n8bmf 3/3 Running 0 2m10s
Check that the
ConfigMap
namedk8s-image-puller
has the values you specified in your parameter substitution, or that they contain the default values:$ oc get configmap k8s-image-puller --output yaml apiVersion: v1 data: CACHING_INTERVAL_HOURS: "1" CACHING_MEMORY_LIMIT: 20Mi CACHING_MEMORY_REQUEST: 10Mi DAEMONSET_NAME: kubernetes-image-puller IMAGES: | stacks-java-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-java-rhel8:2.1; theia-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1; stacks-golang-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-golang-rhel8:2.1; stacks-node-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-node-rhel8:2.1; theia-endpoint-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1; pluginbroker-metadata-rhel8=egistry.access.redhat.com/codeready-workspaces/pluginbroker-metadata-rhel8:2.1; pluginbroker-artifacts-rhel8=registry.access.redhat.com/codeready-workspaces/pluginbroker-artifacts-rhel8:2.1; NAMESPACE: k8s-image-puller NODE_SELECTOR: '{}' kind: ConfigMap metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{"CACHING_INTERVAL_HOURS":"1","CACHING_MEMORY_LIMIT":"20Mi","CACHING_MEMORY_REQUEST":"10Mi","DAEMONSET_NAME":"kubernetes-image-puller","IMAGES":"stacks-java-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-java-rhel8:2.1; theia-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1; stacks-golang-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-golang-rhel8:2.1; stacks-node-rhel8=registry.access.redhat.com/codeready-workspaces/stacks-node-rhel8:2.1; theia-endpoint-rhel8=registry.access.redhat.com/codeready-workspaces/theia-rhel8:2.1; pluginbroker-metadata-rhel8=egistry.access.redhat.com/codeready-workspaces/pluginbroker-metadata-rhel8:2.1; pluginbroker-artifacts-rhel8=registry.access.redhat.com/codeready-workspaces/pluginbroker-artifacts-rhel8:2.1;\n","NAMESPACE":"k8s-image-puller","NODE_SELECTOR":"{}"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"k8s-image-puller","namespace":"k8s-image-puller"},"type":"Opaque"} creationTimestamp: 2020-02-17T22:40:13Z name: k8s-image-puller namespace: k8s-image-puller resourceVersion: "72250" selfLink: /api/v1/namespaces/k8s-image-puller/configmaps/k8s-image-puller uid: 76430ed6-51d6-11ea-9c19-52fdfc072182