ngageoint / seed-images

An Angular component for Seed image discovery
Apache License 2.0
3 stars 1 forks source link

Add ability to import via docker image #3

Closed emimaesmith closed 5 years ago

emimaesmith commented 5 years ago

If your image hasn't been scanned by silo yet, it would be useful to add the ability to pull the manifest from an image by giving the docker image URL.

cshamis commented 5 years ago

My $.02

1) SILO + SEEDVAULT are an inseparable part of SCALE now. 2) Like it or not, SEEDVAULT has become the "app-store" of possible SCALE jobs. 3) SILO/SEEDVAULT exist for the singular purpose of adding jobs into SCALE.

For starters, let's just add a command line in seed-cli to publish a SEED manifest directly to a SCALE/SILO instance and display a text status-message from the SILO.

This is why I think it's the right approach:

a) it directly addresses the pain point of eliminating the scraping delay. b) it's understandable to the users what is going on. Publish to REPO-A, notify SILO-B. Can now run in SCALE-C c) it's not a lot of code for us.

Risks: i) DoS on the SILO? ii) Poisoning the SILO? iii) if it doesn't work, we discontinue the command line option, and can put in the status-message explaining how it's discontinued and the new method to accomplish.

I think these risks can be mitigated with authentication. Since SILO is a part of SCALE, this means SILO and SCALE can share IdAM solutions.

Discuss?

On Thu, Oct 10, 2019 at 7:46 AM emimaesmith notifications@github.com wrote:

If your image hasn't been scanned by silo yet, it would be useful to add the ability to pull the manifest from an image by giving the docker image URL.

  • Add a button on the images panel to import an image via Docker URL
  • Call silo/images/manifest/docker_url to pull the manifest from the seed image
  • Continue as normal

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ngageoint/seed-images/issues/3?email_source=notifications&email_token=ADZJETCCT5GY4C4STJUU4FTQN4IYZA5CNFSM4I7LXW6KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HQ4722A, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADZJETED4K4IG6O3FVUWN5LQN4IYZANCNFSM4I7LXW6A .

gisjedi commented 5 years ago

After discussing this with Chris in person, we settled on the following approach:

  1. Add support to the UI to directly provide a Docker image address. (e.g., geoint/my-algo-1.0.0-seed:1.0.0 or my.registry.com/my-algo-1.0.0-seed:1.0.0) This will consume from the Silo API implemented under https://github.com/ngageoint/seed-silo/issues/32
  2. Create an issue for the CLI to allow synchronous push to Silo as images are added to a registry. This will also require updates to Silo to directly process a Docker image as opposed to traversing a whole registry during a scan.
gisjedi commented 5 years ago

Silo issue to accept notification of updates: https://github.com/ngageoint/seed-silo/issues/31 Seed issue for publish to Silo: https://github.com/ngageoint/seed-cli/issues/226