Allow tag-based ActorTemplate images#226
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Eitan Yarmush (EItanya)
force-pushed
the
relax-actortemplate-image-digests
branch
from
24345a3 to
0fcddb6
Compare
Eitan Yarmush (EItanya)
force-pushed
the
relax-actortemplate-image-digests
branch
from
0fcddb6 to
4937c62
Compare
To ensure OCI image immutability, ActorTemplate currently requires an explicit full SHA256. Using labels instead would jeopardize resume operations for SUSPENDED actors if the OCI image associated with that label changes. As part of #119, a "homedir" snapshot concept is being introduced to allow resume operations to persist even when an OCI image does not match. Additionally, the proposal in #16 addresses an upgrade mode intended to support surviving OCI image transitions. I recommend finalizing the upgrade flow first. This will clarify whether ActorTemplate should be treated as a mutable or immutable object before we implement further behavioral changes. |
FWIW this doesn't actually get rid of that contract, it just sets that SHA256 into the contract on first pull rather than requiring the user to set it. It makes the system lock it rather than requiring the user search out that information. I understand the technical limitation, I was just trying to make the user workflow a tiny bit easier. I have found for myself that this adds friction.
I haven't read through #119 yet, but I will try to do so today. Using a homedir approach for flexible snapshots make sense, especially for agents who rely mostly on filesystems that way. |
Yeah, the only downside is this might be surprising, since you specified a tag but it gets locked in. Right now it's explicit that you must use an immutable reference which is annoying but should have unsurprising behavior. Would we re-resolve on a new goldensnapshot? If we were going full KRM, I would probably reflect the resolved image in the actortemplate status for visibility. We could instead offer tooling to create actortemplates which does the resolve on creation of the actortemplate. |
|
I'm just thinking about how many times I've seen users trip over I think a lot of users do not have a good grasp on tag lifecycle so while I'm not opposed in general we should think about how to make the behavior least-surprising. Requiring tag resolution be done explicitly up front is annoying but has ~unsurprising runtime behavior. |
3 participants
Summary
Fixes #223.
snapshot-manifest.jsonpauseat the API level because atelet uses it for sandbox infrastructureTesting
go test ./cmd/atelet ./internal/memorypullcache ./pkg/api/v1alpha1GOCACHE=$PWD/.cache/gocache hack/update/go-generate.shhack/verify/crd-chart.shgit diff --checkFull
go test ./...was not clean in this sandbox: default run hitNO_COLOR-sensitive color tests; rerun withNO_COLORunset andGOCACHE=/tmp/substrate-go-cachethen failed on sandbox-restricted local TCP listeners (socket: operation not permitted) andsetup-envtest.