Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container canary POC #194

Open
olevski opened this issue Aug 9, 2022 · 3 comments · May be fixed by #239
Open

Container canary POC #194

olevski opened this issue Aug 9, 2022 · 3 comments · May be fixed by #239
Assignees
@Panaetius
Labels
roadmap Large "epic-like" issues that add important capabilities and are on the future development roadmap

Comments

@olevski
Copy link
Member

olevski commented Aug 9, 2022
edited
Loading

See: https://github.com/NVIDIA/container-canary

Can run checks on a session image to determine if it is compatible with Amalthea.

This POC should simply answer the question of whether we can test the following things for an image:

  • which ports are exposed
  • what is the entrypoint of the image
  • is there a workspace mounted at a specific location

In addition we should check how long such a check takes. I believe that in order to do this the whole image has to be downloaded and run in docker. And this can take a while. Especially when it comes to starting sessions the slowest part is usually downloading the image.
@olevski olevski added the roadmap Large "epic-like" issues that add important capabilities and are on the future development roadmap label Aug 9, 2022
@olevski olevski moved this to Backlog in renku-python Aug 9, 2022
@olevski
Copy link
Member Author

olevski commented Aug 31, 2022

...or even better examine running container canary as admission webhook or something like that every time a jupyter server is created.

@olevski
Copy link
Member Author

olevski commented Aug 31, 2022
edited
Loading

Discussion points during sprint planning.

We have a few ways to implement this:

  • do it in the notebook service (i.e. the notebook service does it on every session launch and exposes it as an endpoint so that any docker image can be checked)
  • doing the canary checks on every session launch will result in slow response times, the response times for launching a server from the notebook service are already not great because a lot of things that need to be checked (i.e. does gitlab project exist, does image exist, does the branch exist, etc)
  • do it in amalthea as a validating admission webhook server (see https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#write-an-admission-webhook-server)
  • ideally the notebook service exposes this as an endpoint and amalthea does an admission webhook, and if possible the admission webhook and the notebook service use and call the same underlying service or code

@olevski olevski changed the title Container canary Container canary POC Aug 31, 2022
@Panaetius
Copy link
Member

Timeboxed to 2 days

@Panaetius Panaetius moved this from Backlog to Ready in renku-python Sep 2, 2022
@Panaetius Panaetius self-assigned this Sep 7, 2022
@Panaetius Panaetius moved this from Ready to In Progress in renku-python Sep 7, 2022
@Panaetius Panaetius linked a pull request Sep 8, 2022 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Panaetius Panaetius

Labels
roadmap Large "epic-like" issues that add important capabilities and are on the future development roadmap
Projects
renku-python
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: test images before creating sessions SwissDataScienceCenter/amalthea
2 participants
@Panaetius @olevski