Acceleration Service provides a general service to Harbor with the ability to automatically convert user images to accelerated images. When a user does something such as artifact push, Harbor will request the service to complete the corresponding image conversion through its integrated Nydus, eStargz, etc. drivers.
See more details in the design doc.
Deploy a local harbor service if you don't have one, please refer to the harbor documentation.
Currently, Acceleration Service includes the following tools:
- An
accelddaemon to work as an HTTP service to handle image conversion requests from harbor oraccelctl. - An
accelctlCLI tool to manage acceleration service (acceld) and can do image conversion in one-time mode.
Get accelctl and acceld binaries from acceleration-service release.
-
Login to the Harbor web interface.
-
Select one project and add a new Webhook configuration with the following fields:
- Notify Type: choose HTTP
- Event Type: Enable artifact pushed
- Endpoint URL:
<acceleration service address>/api/v1/conversions - Auth Header:
<configured in acceleration service>
Note: The webhook can help to convert images automatically by acceleration service. Also you can trigger an image conversion task by sending an HTTP request manually or using accelctl.
-
Create a system robot account with following fields:
- Expiration time:
<by your choice> - Reset permissions: select Push Artifact, Pull Artifact, Create Tag
When you get the robot account
robot$<robot-name>, please copy the secret and generate a base64 encoded auth string like this:$ echo -n '<robot-name>:<robot-secret>' | base64
Note: the encoded auth string will be used in configuring acceleration service on the next step.
- Expiration time:
- Copy the template config file.
- Modify the config file.
- Change
provider.sourcewith your own harbor service hostname, theauthandwebhook.auth_headershould also be configured as the one generated by the above step. - Change settings in the
converter.driverfiled according to your requirements.
Please follow the comments in the template config file.
- Change
- Boot acceld daemon in config file directory
$ ./acceld --config ./config.yaml
- Trigger image conversion
- Push an image to trigger webhook.
$ docker push <harbor-service-address>/library/nginx:latest
- Convert manually by
accelctlCLI tool.
Please make sure the source OCI v1 images exist in your harbor registry.
Or you can create a conversion task over the HTTP API by$ ./accelctl task create <harbor-service-address>/library/nginx:latest
curl. Please refer to the development document.$ curl --location 'http://<acceleration-service-address>/api/v1/conversions?sync=$snyc' \ --header 'Content-Type: application/json' \ --data '{ "type": "PUSH_ARTIFACT", "event_data": { "resources": [ { "resource_url": "<harbor-service-address>/dfns/alpine:latest" } ] } } '
One-time mode allows to do a conversion without starting the acceld service, using accelctl like this:
$ ./accelctl convert --config ./config.yaml 192.168.1.1/library/nginx:latest
INFO[2022-01-28T03:39:28.039029557Z] pulling image 192.168.1.1/library/nginx:latest module=converter
INFO[2022-01-28T03:39:28.075375146Z] pulled image 192.168.1.1/library/nginx:latest module=converter
INFO[2022-01-28T03:39:28.075530522Z] converting image 192.168.1.1/library/nginx:latest module=converter
INFO[2022-01-28T03:39:29.561103924Z] converted image 192.168.1.1/library/nginx:latest-nydus module=converter
INFO[2022-01-28T03:39:29.561197593Z] pushing image 192.168.1.1/library/nginx:latest-nydus module=converter
INFO[2022-01-28T03:39:29.587585066Z] pushed image 192.168.1.1/library/nginx:latest-nydus module=converter
You can see the converted image and source oci image in the some repo, they have different tag suffix.