Define naming of docker images for packages + registry #375
Comments
|
@kuisathaverat Would be great to get your feedback / input on the above. |
It depends, 😄 What are the use cases for that tag? I think on the following
There are some questions about what we will release, or how we will release:
we can have several tags for the same version depending on the use, a date based tag is good for human usage, but again it depends on how we will release the versions it would be the latest version or something else. A tag
no doubt on that ISO-8601, it would be something like 20200423T121930Z |
Use cases for the tags are mainly around debugging: A user reports a problem and we want to reproduce the exact same setup locally. For this we need to be able to look at the current running contains and see what exact version is running. In the future there will also be a part around someone wants to deploy his own registry. But for this we could introduce a tag aligned with the Elastic Stack version. In the background, it would also have a tag like discussed before. Here probably also the "latest" comes into play. All the above also reminds me it would be nice to have some logs on "when" we rolled out a new version and which one. I assume we get this from the kubernetes logs? |
This make the
This makes the timestamp a unique tag for each version.
When you create/restart a pod it stores the timestamp in the metadata. |
|
I think I need to clarify my comment related to the registry and storage. If a new registry is released an no new packages come it, we could still do a release with the same storage of packages as a previous version of the registry. This only applies to the current one, but not any older. Agree that the timestamp is unique. I think the part I miss is how will a user tell based on the timestamp which version of the registry and package is packaged inside without having to either go into the container or check git logs on what exactly was there at the moment it was built? |
|
I understand that we will not release more than a version per day, the time stamp has the date and time of the release, so identified a release minute. We do not release older package-registry versions with new package-storage versions. Let's put an example.
as you can see the timestamp identifies a tuple of package-storage + package-registry |
|
I synced up with @kuisathaverat over zoom. Following conclusions.
A release will look as following:
@kuisathaverat Any opinion on the tag names?
|
For the relases we discussed in elastic#375 that we want to have the revisions for debugging purpose. This adds both and adjust the Dockerfile to rely on git clone instead of go get. Additional change is to adjust the not logging requests for /healthcheck as otherwise this gets spammed in the logs.
For the relases we discussed in #375 that we want to have the revisions for debugging purpose. This adds both and adjust the Dockerfile to rely on git clone instead of go get. Additional change is to adjust the not logging requests for /healthcheck as otherwise this gets spammed in the logs.
|
@kuisathaverat Just realised the above will work any tag / branch we have. To try out the above, could we already build it based on the |
|
I was thinking in something like this:
About to deploy master in some environment, this environment is an "edge" enviroment with latest changes, not sure if the staging is the correct one. |
|
The package-storage will have so many releases, the regular versioning would not work here. The nice part about using the tag as I proposed above, it can also be used to roll back. Having just 1 tag for each release type also removes logic on the CI to figure out what is newest. It only must bring the two equal tags together. I like the idea about promoting to prod. How would this work? Also in Jenkins? For staging: Yes, at the moment it is our testing environment and we will need to rename / a new one in the future. |
My only concert about reusing the same tag it is that you lose the pointer to the commit in the Git repo, even do you have it in the Docker image.
Promote a docker image to production can be as easy as creating a PR with the changes to the repo where the deploy live, we can make it in a job to grab all the metadata and standardized the PR format. Then you only have to review the PR and merge. |
|
When would it be a problem that we loose the pointer? My assumption is that debugging will always start with the container running and there we have only the commit ids anyway? The nice part about the "staging" release above is that we don't need the PR workflow and just an approval. Would be nice if we have something similar for prod. I'm getting back here to my previousl proposal with the tags. If we have a tag |
e.g you release the first version of the package registry 2 weeks ago, at that time you create the tag T that points to the commit C1, since this release you release two more times T -> C2 and T-> C3, so right now, the tag T point to the commit C3. In the case, we need to rebuild the first version, we have to go to the Docker image released on that time and grab the real commit, the same if we want to make a fix-branch for that versions.
Instead of a PR, we can make directly a commit to the repo with the changes (labels, tags, ...) |
|
I think we can simplify things if we decide there is never an option to roll back. On the package-storage side that is already the case. You can never change a package that was already added, only add a new version. On the registry I assume we would rather release again a newer version which reverts the old commits and is because of this also a new version. What the above means, going back in history or seeing what is actually running, is only for debugging purpose. Independent of the above, on the registry side we should have normal releases but these are for the collaboration with Kibana which uses the API not for releases. How would a commit be different from tagging directly a commit? Will ping you so we can chat live again, will make it easier. |
ruflin
added
the
Ingest Management:alpha1
|
I had again a conversation with @kuisathaverat . Few conclusions:
We need to follow up with the Infra team on how this works with their environment. |
|
I just filed elastic/package-storage#86 which I think has an effect on this discussion. What we still need is all the above discussed values around the commit hashes and time as part of the Dockerfile that is built as a label. But as the deployment of all environments happens fully automated, I think we can get rid of the complex naming. As we have staging and snapshot before the production release, I think we can also get rid of the approval flow. Now getting into the naming of the Docker images. There is also a need for having a package-registry without any packages. These containers look as following: The ones that contain the registry + package-storage (basically a certain distribution) are called as following: To also have some images which do not constantly change, we could have some distributions tied to a specific release: This would be a tag for the day where v7.9.0 was released so someone could pull this version locally. If we still need Docker images for each commit hash, we now have a naming scheme with |
|
Closing as with elastic/package-storage#86 we landed on #375 (comment) @kuisathaverat What we call the internal hash containers I would consider an implementation detail. As the package-storage as a fix registry version in each commit, we only have one hash left + a timestamp which might be informative. |
The Elastic Package Registry (epr.elastic.co) run a docker container that contains the packages + the registry service itself. Today the packages are in the same repository as the registry but this is changing. Packages will be moving to https://github.com/elastic/package-storage Also there is work ongoing to have a Dockerfile available that is independent of both repository.
This means the Docker image will contain data from two different sources. For debugging and support purpose I think it is important that we can identify what exactly went into this Docker image to potentially reproduce issues.
My proposal related to naming each Docker image is as following:
{date}-{package-storage-hash}-{package-registry-hash}hashin the above can be a commit hash but also a branch or a tag. Thedatepart is for human and sorting purpose to identify when exactly an image was built. Two examples of the above would look as following:202004231234-c890763-c1d2c2c202004231234-c890763-v0.3.0The package hash will change much more often than the registry one but it also the more important one for debugging purpose. That is why I think it should come first.
To build this image, both the
package-storagehash andpackage-registryhash are passed to the Dockerfile and then used to check out the correct version (https://github.com/elastic/package-registry/blob/master/dev/release/Dockerfile#L19).Questions
The text was updated successfully, but these errors were encountered: