Caching images for faster workspace start

This section describes installing the Image Puller on a Che cluster to cache images on cluster nodes.

Image Puller overview

Slow starts of Eclipse Che workspaces may be caused by waiting for the underlying cluster to pull images used in workspaces from remote registries. As such, pre-pulling images can improve start times significantly. The Image Puller can be used to pre-pull images and shorten workspace start times.

The Image Puller is an additional deployment that runs alongside Eclipse Che. Given a list of images to pre-pull, the application runs inside a cluster and creates a DaemonSet that pulls the images on each node.

The minimal requirement for an image to be pre-pulled is the availability of the sleep command, which means that FROM scratch images (for example, 'che-machine-exec') are currently not supported. Also, images that mount volumes in the dockerfile are not supported for pre-pulling on OpenShift.

The application can be deployed:

The image puller loads its configuration from a ConfigMap with the following available parameters:

Table 1. Image Puller default parameters
Parameter Usage Default

CACHING_INTERVAL_HOURS

Interval, in hours, between checking health of DaemonSets

"1"

CACHING_MEMORY_REQUEST

The memory request for each cached image when the puller is running

10Mi

CACHING_MEMORY_LIMIT

The memory limit for each cached image when the puller is running

20Mi

CACHING_CPU_REQUEST

The CPU request for each cached image when the puller is running

.05

CACHING_CPU_LIMIT

The CPU limit for each cached image when the puller is running

.2

DAEMONSET_NAME

Name of DaemonSet to be created

kubernetes-image-puller

NAMESPACE

Namespace where DaemonSet is to be created

k8s-image-puller

IMAGES

List of images to be cached, in the format <name>=<image>;…​

Contains a default list of images. Before deploying, fill this with the images that fit the current requirements

NODE_SELECTOR

Node selector applied to the Pods created by the DaemonSet

'{}'

The default memory requests and limits ensure that the container has enough memory to start. When changing CACHING_MEMORY_REQUEST or CACHING_MEMORY_LIMIT, you will need to consider the total memory allocated to the DaemonSet Pods in the cluster:

(memory limit) * (number of images) * (number of nodes in the cluster)

For example, running the image puller that caches 5 images on 20 nodes, with a container memory limit of 20Mi requires 2000Mi of memory.

Deploying Image Puller using the Operator

The recommended way to deploy the Image Puller is through the Operator.

Installing the Image Puller on OpenShift using OperatorHub

Prerequisites
  • A namespace in your cluster to host the image puller. This document uses the namespace image-puller as an example.

Procedure
  1. Navigate to your OpenShift cluster console, navigate to OperatorsOperatorHub.

  2. Use the Filter by keyword box to search for Kubernetes Image Puller Operator. Click the Kubernetes Image Puller Operator.

  3. Read the description of the Operator. Click ContinueInstall.

  4. Select A specific namespace on the cluster for the Installation Mode. In the drop-down find the namespace you created to install the image puller. Click Subscribe.

  5. Wait for the Image Puller Operator to install. Click the KubernetesImagePullerCreate instance.

  6. In a redirected window with a YAML editor, make modifications to the KubernetesImagePuller Custom Resource and click Create.

  7. Navigate to the Workloads and Pods menu in the namespace and verify that the image puller is installed.

Installing the Image Puller on Kubernetes using the Operator

Create a namespace to host the kubernetes image puller, and apply the following manifests from the GitHub repository:

export NAMESPACE=<namespace you created to host the image puller>
kubectl apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/crds/che.eclipse.org_kubernetesimagepullers_crd.yaml -n $NAMESPACE
kubectl apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/role.yaml -n $NAMESPACE
kubectl apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/role_binding.yaml -n $NAMESPACE
kubectl apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/service_account.yaml -n $NAMESPACE
kubectl apply -f https://raw.githubusercontent.com/che-incubator/kubernetes-image-puller-operator/master/deploy/operator.yaml -n $NAMESPACE

Then create a KubernetesImagePuller Custom Resource:

apiVersion: che.eclipse.org/v1alpha1
kind: KubernetesImagePuller
metadata:
  name: image-puller
  namespace: <namespace you installed the image puller in>
spec:
  configMapName: k8s-image-puller
  daemonsetName: k8s-image-puller
  deploymentName: kubernetes-image-puller
  images: >-
    java11-maven=quay.io/eclipse/che-java11-maven:nightly;che-theia=quay.io/eclipse/che-theia:next

Deploying Image Puller using OpenShift templates

The Image Puller repository contains OpenShift templates for deploying on OpenShift.

Alternatively, you can use Deploying Image Puller using Helm.

Prerequisites
  • A running OpenShift cluster.

  • The oc tool is available.

The following parameters are available to further configure the OpenShift templates:

Table 2. Parameters for installing with OpenShift templates
Value Usage Default

DAEMONSET_NAME

The value of DAEMONSET_NAME to set in the ConfigMap

kubernetes-image-puller

IMAGE

Image used for the kubernetes-image-puller deployment

quay.io/eclipse/kubernetes-image-puller

IMAGE_TAG

The image tag to pull

latest

SERVICEACCOUNT_NAME

The name of the ServiceAccount used by the deployment (created as part of installation)

k8s-image-puller

CACHING_INTERVAL_HOURS

The value of CACHING_INTERVAL_HOURS to set in the ConfigMap

"1"

CACHING_INTERVAL_REQUEST

The value of CACHING_MEMORY_REQUEST to set in the ConfigMap

"10Mi"

CACHING_INTERVAL_LIMIT

The value of CACHING_MEMORY_LIMIT to set in the ConfigMap

"20Mi"`

CACHING_CPU_REQUEST

The value of CACHING_CPU_REQUEST to set in the ConfigMap

.05

CACHING_CPU_LIMIT

The value of CACHING_CPU_LIMIT to set in the ConfigMap

.2

NODE_SELECTOR

The value of NODE_SELECTOR to set in the ConfigMap

"{}"

See Image Puller default parameters for more information about configuration values, such as DAEMONSET_NAME, CACHING_INTERVAL_HOURS, and CACHING_MEMORY_REQUEST.

Procedure

Installing

  1. Clone the kubernetes-image-puller repository:

    $ git clone https://github.com/che-incubator/kubernetes-image-puller
    $ cd kubernetes-image-puller
  2. Create a new OpenShift project to deploy the puller into:

    $ oc new-project k8s-image-puller
  3. Process and apply the templates to deploy the puller:

    $ oc process -f deploy/openshift/serviceaccount.yaml | oc apply -f -
    $ oc process -f deploy/openshift/configmap.yaml | oc apply -f -
    $ oc process -f deploy/openshift/app.yaml | oc apply -f -

Verifying the installation

  1. Confirm that a new deployment, kubernetes-image-puller, and a DaemonSet (named based on the value of the DAEMONSET_NAME parameter) exist. The DaemonSet needs to have a Pod for each node in the cluster:

    $ oc get deployment,daemonset,pod --namespace k8s-image-puller
    deployment.extensions/kubernetes-image-puller   1/1       1            1           2m19s
    
    NAME                                           DESIRED   CURRENT   READY     UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
    daemonset.extensions/kubernetes-image-puller   1         1         1         1            1           <none>          2m10s
    
    NAME                                           READY     STATUS    RESTARTS   AGE
    pod/kubernetes-image-puller-5495f46497-mkd4p   1/1       Running   0          2m18s
    pod/kubernetes-image-puller-n8bmf              3/3       Running   0          2m10s
  2. Check that the ConfigMap named k8s-image-puller has the values you specified in your parameter substitution, or that they contain the default values:

    $ oc get configmap k8s-image-puller --output yaml
    apiVersion: v1
    data:
      CACHING_INTERVAL_HOURS: "1"
      CACHING_MEMORY_LIMIT: 20Mi
      CACHING_MEMORY_REQUEST: 10Mi
      DAEMONSET_NAME: kubernetes-image-puller
      IMAGES: |
        java11-maven=quay.io/eclipse/che-java11-maven:nightly; che-theia=eclipse/che-theia:next; java-plugin-runner=eclipse/che-remote-plugin-runner-java8:latest;
      NAMESPACE: k8s-image-puller
      NODE_SELECTOR: '{}'
    kind: ConfigMap
    metadata:
      annotations:
        kubectl.kubernetes.io/last-applied-configuration: |
          {"apiVersion":"v1","data":{"CACHING_INTERVAL_HOURS":"1","CACHING_MEMORY_LIMIT":"20Mi","CACHING_MEMORY_REQUEST":"10Mi","DAEMONSET_NAME":"kubernetes-image-puller","IMAGES":"java11-maven=quay.io/eclipse/che-java11-maven:nightly; che-th
    eia=eclipse/che-theia:next; java-plugin-runner=eclipse/che-remote-plugin-runner-java8:latest;\n","NAMESPACE":"k8s-image-puller","NODE_SELECTOR":"{}"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"k8s-image-puller","namespace":"k
    8s-image-puller"},"type":"Opaque"}
      creationTimestamp: 2020-02-17T22:40:13Z
      name: k8s-image-puller
      namespace: k8s-image-puller
      resourceVersion: "72250"
      selfLink: /api/v1/namespaces/k8s-image-puller/configmaps/k8s-image-puller
      uid: 76430ed6-51d6-11ea-9c19-52fdfc072182

Deploying Image Puller using Helm

This section describes how to install the Image Puller using Helm.

Prerequisites
  • The helm tool is available.

  • A running OpenShift or Kubernetes cluster.

  • The oc or the kubectl tool is available.

    In the instructions later in this section, use the oc command when installing on OpenShift and the kubectl command for installing on Kubernetes.

The following parameters are available for configuring the installation with Helm:

Table 3. Parameters for installing with Helm
Value Usage Default

appName

The value of DAEMONSET_NAME to be set in the ConfigMap

quay.io/eclipse/kubernetes-image-puller

image.repository

The repository to pull the image from

latest

image.tag

The image tag to pull

latest

serviceAccount.name

The name of the ServiceAccount to create

k8s-image-puller

configMap.name

The name of the ConfigMap to create

k8s-image-puller

configMap.cachingIntervalHours

The value of CACHING_INTERVAL_HOURS to be set in the ConfigMap

"1"

configMap.cachingMemoryRequest

The value of CACHING_MEMORY_REQUEST to be set in the ConfigMap

"10Mi"

configMap.cachingMemoryLimit

The value of CACHING_MEMORY_LIMIT to be set in the ConfigMap

"20Mi"`

configMap.cachingCpuRequest

The value of CACHING_CPU_REQUEST to be set in the ConfigMap

.05

configMap.cachingCpuLimit

The value of CACHING_CPU_LIMIT to be set in the ConfigMap

.2

configMap.nodeSelector

The value of NODE_SELECTOR to be set in the ConfigMap

"{}"

Procedure

Installing

  1. Clone the kubernetes-image-puller repository:

    $ git clone https://github.com/che-incubator/kubernetes-image-puller
    $ cd kubernetes-image-puller
  2. Create a namespace to deploy the puller into:

    $ oc create namespace k8s-image-puller
  3. Run helm install:

    $ helm install kubernetes-image-puller --namespace k8s-image-puller deploy/helm

    To set values, edit the deploy/helm/values.yaml file, or use the --set property.name=<value> parameter.

Verifying the installation

  1. Confirm that a new deployment, kubernetes-image-puller, and a DaemonSet (named based on the value of the DAEMONSET_NAME parameter) exist. The DaemonSet needs to have a Pod for each node in the cluster:

    $ oc get deployment,daemonset,pod --namespace k8s-image-puller
    NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/kubernetes-image-puller   1/1     1            1           4m21s
    
    NAME                                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
    daemonset.apps/kubernetes-image-puller   3         3         3       3            3           <none>          3m40s
    
    NAME                                          READY   STATUS    RESTARTS   AGE
    pod/kubernetes-image-puller-b556c8bd4-qxwwl   1/1     Running   0          4m21s
    pod/kubernetes-image-puller-glh87             3/3     Running   0          3m40s
    pod/kubernetes-image-puller-h7lxf             3/3     Running   0          3m40s
    pod/kubernetes-image-puller-nrt6p             3/3     Running   0          3m40s
  2. Check that the ConfigMap named k8s-image-puller has the values specified in the Helm configuration, or that they contain the default values:

    $ oc get configmap k8s-image-puller --output yaml
    apiVersion: v1
    data:
      CACHING_INTERVAL_HOURS: "1"
      CACHING_MEMORY_LIMIT: 20Mi
      CACHING_MEMORY_REQUEST: 10Mi
      DAEMONSET_NAME: kubernetes-image-puller
      IMAGES: java11-maven=quay.io/eclipse/che-java11-maven:nightly; che-theia=eclipse/che-theia:next;
        java-plugin-runner=eclipse/che-remote-plugin-runner-java8:latest;
      NAMESPACE: k8s-image-puller
      NODE_SELECTOR: '{}'
    kind: ConfigMap
    metadata:
      creationTimestamp: "2020-02-17T22:15:22Z"
      name: k8s-image-puller
      namespace: k8s-image-puller
      resourceVersion: "3078"
      selfLink: /api/v1/namespaces/k8s-image-puller/configmaps/k8s-image-puller
      uid: 71bc5ce4-d095-468e-ab7b-23c1e0a36638