Skip to content

Commit f60efde

Browse files
saschagrunertsaschagrunert
committed
Change wrt review
Signed-off-by: Sascha Grunert <[email protected]>
1 parent 01a2798 commit f60efde

File tree

1 file changed

+7
-5
lines changed
  • keps/sig-node/4639-oci-volume-source

1 file changed

+7
-5
lines changed

keps/sig-node/4639-oci-volume-source/README.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,7 @@ which go beyond running particular images.
198198
- Mounting thousands of images in a single pod.
199199
- The enhancement leaves single file use case out for now and restrict the mount
200200
output to directories.
201-
- The runtimes (CRI-O, containerd, others) will have to agree on the
201+
- Out of scope: The runtimes (CRI-O, containerd, others) will have to agree on the
202202
implementation of how images are manifested as directories. We don't want
203203
to over-spec on selecting based on media types or other attributes now and can
204204
consider that for later.
@@ -577,7 +577,7 @@ sequenceDiagram
577577

578578
8. **Security and Performance Optimization**:
579579
- Implement thorough security checks to mitigate risks such as path traversal attacks.
580-
- Optimize performance for handling large OCI images, including caching strategies and efficient retrieval methods.
580+
- Optimize performance for handling large OCI image volume sources, including caching strategies and efficient retrieval methods.
581581

582582
#### Container Runtimes
583583

@@ -865,7 +865,7 @@ in back-to-back releases.
865865
[`Mount`](https://github.com/kubernetes/cri-api/blob/010fdf8/pkg/apis/runtime/v1/api.proto#L221)
866866
message. Alternatively it would be possible to re-use the existing
867867
[`Mount.host_path`] field which is empty right now if an image volume is
868-
being used.
868+
being used (preferred).
869869
- If the sub path does not exist in the image, then runtimes should fail and
870870
return an error.
871871
- Expand unit and e2e tests.
@@ -923,12 +923,14 @@ Same as above: all the components must have support for it to work.
923923
Specifically, kube-apiserver will filter this field if it doesn't recognize/support it.
924924
If the kubelet doesn't support the field, it will not pull the image, and the path will not be present for the volume manager
925925
to mount it in, and the pod will fail.
926-
if the CRI implementation doesn't support it, then the PullImage request will fail and the pod creation will fail.
927926

928927
If the kubelet does not support the feature because it's too old, then the
929928
container creation will fail because the volume manager is unable to mount the
930929
volume because no volume plugin is available for the provided source.
931930

931+
If the CRI implementation doesn't support it, then the PullImage request will
932+
fail and the pod creation will fail.
933+
932934
## Production Readiness Review Questionnaire
933935

934936
<!--
@@ -1164,7 +1166,7 @@ Pick one more of these and delete the rest.
11641166

11651167
Note: the pod's start SLI may be affected if the image that is being pulled is large. An accurate comparison in pod start time is
11661168
if the contents of the image mount are stored in the container's image, rather than present on a different volume type, as the
1167-
cost of pulling from a registry needs to be controlled for.
1169+
cost of pulling from a registry needs to be accounted for.
11681170

11691171
###### Are there any missing metrics that would be useful to have to improve observability of this feature?
11701172

0 commit comments

Comments
 (0)