-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cascadeDelete
option to the Image
and Build
objects
#1742
base: main
Are you sure you want to change the base?
Add cascadeDelete
option to the Image
and Build
objects
#1742
Conversation
cascadeDelete
option to the Image and Build objectscascadeDelete
option to the Image
and Build
objects
return err | ||
} | ||
|
||
if err := c.RegistryClient.Delete(keychain, build.Status.LatestImage); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We would also need to delete all of the additional tags as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was under the assumption that a Build
object produces exactly one image, while Image
can produce multiple Build
's. If each Build
cleans up it's own image, would there be any leftovers? Or the assumption is incorrect?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A build can push multiple images (see additionalTags). There is also the signed images and image attestations but that might be too much to try to delete and we probably don’t want to delete the attestations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to docs, the status.latestImage
field contain the image's digest. It should be enough to delete just this (no necessity to delete all tags individually): https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-manifests.
Once deleted, a GET to /v2//manifests/ and any tag pointing to that digest will return a 404.
pkg/reconciler/build/build.go
Outdated
} | ||
|
||
if err := c.RegistryClient.Delete(keychain, build.Status.LatestImage); err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Returning error might mean that builds get stuck if the finalized can't delete the image due to immutability rules in the registry. I think this should be a best effort cleanup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it fair to keep the build if the desired outcome is not reached? The solution is not to enable the cleanup when the registry forbids objects deletion is used. If I set the cleanup to true
but the image is still present, it should be considered an error, not a warning message
} | ||
|
||
if err := c.RegistryClient.Delete(keychain, build.Status.LatestImage); err != nil { | ||
//logger.Printf(errors.Wrapf(err, "Could not delete image %q", build.Status.LatestImage)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How should we handle the error in that case? It seems like error logging is not supposed to happen at the reconciliation stage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can log and it will print to the controller logs
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #1742 +/- ##
==========================================
- Coverage 67.34% 66.97% -0.38%
==========================================
Files 140 144 +4
Lines 8886 9104 +218
==========================================
+ Hits 5984 6097 +113
- Misses 2393 2482 +89
- Partials 509 525 +16 ☔ View full report in Codecov by Sentry. |
Co-authored-by: Pavel Busko <[email protected]>
Co-authored-by: Nicolas Bender <[email protected]>
e4f074b
to
6ee3a13
Compare
When
cascadeDelete
is set totrue
on aBuild
object, the produced image by the build will be removed from the registry upon object deletion. If thecascadeDelete
is set on theImage
object, it will be propagated toBuild
s