On Wed, Jun 19, 2019 at 12:03 PM Sage Weil
<sweil(a)redhat.com> wrote:
I'm not sure I read this paragraph correctly.
Are you saying we should use
quay? Or that garbage collection is hard in general? Because I think the
single oc adm prune command above is all that we need... we'll be
publishing a zillion ci-built containers and trim them after 2 weeks.
What's missing?
Yes, if I were doing this over, I would spend the time trying to make
it all work with quay.io instead of running our own registry.
Running that oc prune command in cron is just the tip of the iceberg
trying to operationalize this. For example with OpenShift 3.6, there
was a bug with the way OpenShift (or docker-distribution, or whatever)
writes incoming files to NFS, so "docker push" just fails. There is no
workaround, and the only fix is to upgrade to newer versions of
OpenShift 3.
We're already struggling to keep our Jenkins masters updated for
security patches, and a public OpenShift/Kubernetes infrastructure
will compound the problem.
I'm all for *not* running yet-another-service. But are quay.io going to
be okay with us creating containers for every sha1? Christina and I did
a rough estimate and it'd be about 500GB worth of containers at one time.
Should we ask quay ahead of time if this is okay? I'd rather get a
definitive answer ahead of time instead of set everything up, have them
get mad, and then we end up needing to run our own registry anyway.