Skip to content

Commit 19f548a

Browse files
porridgeclaude
porridge
and
claude
committed
fix: pin images after CRI pull to prevent kubelet GC
After each successful CRI PullImage, use the containerd native client API to set io.cri-containerd.pinned=pinned on the image. This tells kubelet's image GC to skip the image. The CRI API doesn't support setting image labels, so we connect to containerd directly (same socket) using the containerd client library in the k8s.io namespace. The pinning happens immediately after each successful pull, before GC has a chance to evict the image. This is a proof-of-concept to test if pinning at pull time (via the containerd API) works better than post-hoc pinning via ctr CLI, which has known bugs (containerd#9328, #10270). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 5b59a9d commit 19f548a

File tree

3 files changed

+283
-14
lines changed

3 files changed

+283
-14
lines changed

go.mod

Lines changed: 46 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ go 1.25.0
44

55
require (
66
github.com/cenkalti/backoff/v4 v4.3.0
7+
github.com/containerd/containerd/v2 v2.2.1
78
github.com/google/uuid v1.6.0
89
github.com/neilotoole/slogt v1.1.0
910
github.com/spf13/cobra v1.10.2
@@ -19,31 +20,72 @@ require (
1920
)
2021

2122
require (
22-
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
23-
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
23+
github.com/Microsoft/go-winio v0.6.2 // indirect
24+
github.com/Microsoft/hcsshim v0.14.0-rc.1 // indirect
25+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
26+
github.com/containerd/cgroups/v3 v3.1.2 // indirect
27+
github.com/containerd/containerd/api v1.10.0 // indirect
28+
github.com/containerd/continuity v0.4.5 // indirect
29+
github.com/containerd/errdefs v1.0.0 // indirect
30+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
31+
github.com/containerd/fifo v1.1.0 // indirect
32+
github.com/containerd/log v0.1.0 // indirect
33+
github.com/containerd/platforms v1.0.0-rc.2 // indirect
34+
github.com/containerd/plugin v1.0.0 // indirect
35+
github.com/containerd/ttrpc v1.2.7 // indirect
36+
github.com/containerd/typeurl/v2 v2.2.3 // indirect
37+
github.com/cyphar/filepath-securejoin v0.5.1 // indirect
38+
github.com/davecgh/go-spew v1.1.1 // indirect
39+
github.com/distribution/reference v0.6.0 // indirect
40+
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
41+
github.com/felixge/httpsnoop v1.0.4 // indirect
2442
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
2543
github.com/go-logr/logr v1.4.3 // indirect
44+
github.com/go-logr/stdr v1.2.2 // indirect
2645
github.com/go-openapi/jsonpointer v0.21.0 // indirect
2746
github.com/go-openapi/jsonreference v0.20.2 // indirect
2847
github.com/go-openapi/swag v0.23.0 // indirect
48+
github.com/gogo/protobuf v1.3.2 // indirect
49+
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
2950
github.com/google/gnostic-models v0.7.0 // indirect
51+
github.com/google/go-cmp v0.7.0 // indirect
3052
github.com/inconshreveable/mousetrap v1.1.0 // indirect
3153
github.com/josharian/intern v1.0.0 // indirect
3254
github.com/json-iterator/go v1.1.12 // indirect
55+
github.com/klauspost/compress v1.18.1 // indirect
3356
github.com/mailru/easyjson v0.7.7 // indirect
57+
github.com/moby/locker v1.0.1 // indirect
58+
github.com/moby/sys/mountinfo v0.7.2 // indirect
59+
github.com/moby/sys/sequential v0.6.0 // indirect
60+
github.com/moby/sys/signal v0.7.1 // indirect
61+
github.com/moby/sys/user v0.4.0 // indirect
62+
github.com/moby/sys/userns v0.1.0 // indirect
3463
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
3564
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
3665
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
37-
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
66+
github.com/opencontainers/go-digest v1.0.0 // indirect
67+
github.com/opencontainers/image-spec v1.1.1 // indirect
68+
github.com/opencontainers/runtime-spec v1.3.0 // indirect
69+
github.com/opencontainers/selinux v1.13.1 // indirect
70+
github.com/pkg/errors v0.9.1 // indirect
71+
github.com/pmezard/go-difflib v1.0.0 // indirect
72+
github.com/sirupsen/logrus v1.9.3 // indirect
3873
github.com/x448/float16 v0.8.4 // indirect
74+
go.opencensus.io v0.24.0 // indirect
75+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
76+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
77+
go.opentelemetry.io/otel v1.39.0 // indirect
78+
go.opentelemetry.io/otel/metric v1.39.0 // indirect
79+
go.opentelemetry.io/otel/trace v1.39.0 // indirect
3980
go.yaml.in/yaml/v2 v2.4.3 // indirect
4081
go.yaml.in/yaml/v3 v3.0.4 // indirect
4182
golang.org/x/net v0.48.0 // indirect
4283
golang.org/x/oauth2 v0.34.0 // indirect
84+
golang.org/x/sync v0.19.0 // indirect
4385
golang.org/x/sys v0.39.0 // indirect
4486
golang.org/x/term v0.38.0 // indirect
4587
golang.org/x/text v0.32.0 // indirect
46-
golang.org/x/time v0.9.0 // indirect
88+
golang.org/x/time v0.14.0 // indirect
4789
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
4890
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
4991
gopkg.in/inf.v0 v0.9.1 // indirect

0 commit comments

Comments
 (0)