search

containerd / containerd

An open and reliable container runtime
https://containerd.io
Apache License 2.0
17.58k stars 3.48k forks source link

Export image config through GRPC service #10780

Open phillebaba opened 1 month ago

phillebaba commented 1 month ago

What is the problem you're trying to solve

In Containerd v1.7 the CRI service status exposed CRI config loaded by Containerd.

https://github.com/containerd/containerd/blob/7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c/pkg/cri/server/status.go#L68

This config included the registry configuration.

https://github.com/containerd/containerd/blob/7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c/pkg/cri/config/config.go#L279

During the changes made in #9152 this information was removed to decouple the dependency to the image service.

This has removed the ability to verify the configuration currently loaded by Containerd through the CRI API.

Describe the solution you'd like

I would like to find a away to expose the information either through some other API or to consider adding this information back to the current API. Having a look at the current CRI, there is no obvious endpoint where this information could be included. If we were to find another API we would have to find a new endpoint where this would be accessible.

Additional context

Spegel has depended on the ability to check the configuration to be able to verify that Containerd. The latest release of Containerd v2.0.0-rc.4 has stopped Spegel to work, because it requires configuration verification to work. Details about the issue is covered in https://github.com/spegel-org/spegel/issues/579. Short term we can disable the verification specifically for Containerd v2 but long term it would be nice to find a solution.

djdongjin commented 1 month ago

I think this can be done by:

  1. Add a Config() criconfig.ImageServiceConfig method (or ImageServiceConfig to avoid conflict with RuntimeService.Config) to ImageService interface (RuntimeService interface has a similar Config() criconfig.Config method) [1]
  2. In criService.Status method, call criService.ImageService.Config() and save the config in resp.Info["imageserviceconfig"] [2]

Then the imageservice related config can be returned from the same API as before (though under a different key).

@dmcgowan does the above change make sense? (looks like a follow up for the PR https://github.com/containerd/containerd/pull/9152/files#r1445475051). If it sounds good I can make a change for it. thanks.

[1] https://github.com/containerd/containerd/blob/bc3ce87c8475e67572ab14b96501acefb9799307/internal/cri/server/service.go#L97

[2] https://github.com/containerd/containerd/blob/bc3ce87c8475e67572ab14b96501acefb9799307/internal/cri/server/status.go#L69