Deployment Notes

[dioguerra]

Just adding some deployment considerations. The service works quite well and we are happy with the result. I would like to add that:

• It is a bit cumbersome for the user to setup this on their side as a per project webhook and the service could use an integration similar to what trivy has currently
• We where sad to know that you cannot replace the image being converted with the resulting estargz(ed) image as the 'drop_suffic' does not accept a BLANK input. Not sure there are some concurrency aspects to why this is this way, but this would be a very usefull addition

Lastly, leaving my procedure down here for someone following at home:

1. Compile the accelerator image from the project

git clone https://github.com/goharbor/acceleration-service
cd acceleration-service && make release-image

2. Setup the cluster deployment

cat charts/cci-container-infra/templates/acceleration-service.yaml 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: harbor-acceleration-config
  namespace: staging
  labels:
    app: harbor-acceleration-service
data:
  config.yaml: |
    # http related config
    server:
      name: API
      # listened host for http
      host: 0.0.0.0
      # port for http
      port: 2077
    
    metric:
      # export metrics on `/metrics` endpoint
      enabled: true
    
    provider:
      source:
        # hostname of harbor service
        registry-staging.foo.bar:
          # base64 encoded `<robot-name>:<robot-secret>` for robot
          # account created in harbor
          auth: SOME_AUTH
          # use http registry communication
          insecure: false
          webhook:
            # webhook request auth header configured in harbor
            auth_header: header
      containerd:
        # ensure containerd service listening on this address
        address: /run/containerd/containerd.sock
        snapshotter: overlayfs
    
    converter:
      # number of worker for executing conversion task
      worker: 1 
      # enable to add harbor specified annotations to converted image for tracking.
      harbor_annotation: true
      driver:
        # accelerator driver type: `estargz`
        type: estargz
        config:
          docker2oci: true
      rules:
        # add suffix to tag of source image reference as target image reference
        - tag_suffix: -esgz

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor-acceleration-service
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  selector:
    matchLabels:
      app: harbor-acceleration-service
  template:
    metadata:
      labels:
        app: harbor-acceleration-service
    spec:
      containers:
      - name: acceleration-service
        image: registry.foo.bar/dtomasgu/harbor-acceld:latest
        args:
        - ./misc/config/config.yaml
        volumeMounts:
        - name: harbor-acceleration-config
          mountPath: /misc/config
      volumes:
      - name: harbor-acceleration-config
        configMap:
          name: harbor-acceleration-config
          defaultMode: 0555

---
apiVersion: v1
kind: Service
metadata:
  name: harbor-acceleration
  namespace: staging
  labels:
    app: harbor-acceleration-service
spec:
  ports:
  - port: 2077
    targetPort: 2077
    name: https
  selector:
    app: harbor-acceleration-service

3. Configure webhook on the project that wants to have accelerated images:
   
   Pay attention to the endpoint url! http://harbor-acceleration.staging.svc.cluster.local:2077/api/v1/conversions

4. Push a test image and profit:

[imeoer]

Sorry for the late reply, great notes! We are working on a production-level release, have you met any other issues?