kraken

module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2019 License: Apache-2.0

README

Kraken is a P2P-powered Docker registry that focuses on scalability and availability. It is designed for Docker image management, replication and distribution in a hybrid cloud environment. With pluggable backend support, Kraken can easily integrate into existing Docker registry setups as the distribution layer.

Kraken has been in production at Uber since early 2018. In our busiest cluster, Kraken distributes more than 1 million blobs per day, including 100k 1G+ blobs. At its peak production load, Kraken distributes 20K 100MB-1G blobs in under 30 sec.

Below is the visualization of a small Kraken cluster at work:

Table of Contents

Features

Following are some highlights of Kraken:

  • Highly scalable. Kraken is capable of distributing Docker images at > 50% of max download speed limit on every host. Cluster size and image size do not have significant impact on download speed.
    • Supports at least 15k hosts per cluster.
    • Supports arbitrarily large blobs/layers. We normally limit max size to 20G for best performance.
  • Highly available. No component is a single point of failure.
  • Secure. Support uploader authentication and data integrity protection through TLS.
  • Pluggable storage options. Instead of managing data, Kraken plugs into reliable blob storage options, like S3, GCS, ECR, HDFS or another registry. The storage interface is simple and new options are easy to add.
  • Lossless cross cluster replication. Kraken supports rule-based async replication between clusters.
  • Minimal dependencies. Other than pluggable storage, Kraken only has an optional dependency on DNS.

Design

The high level idea of Kraken is to have a small number of dedicated hosts seeding content to a network of agents running on each host in the cluster.

A central component, the tracker, will orchestrate all participants in the network to form a pseudo-random regular graph.

Such a graph has high connectivity and small diameter. As a result, even with only one seeder and having thousands of peers joining in the same second, all participants can reach a mininum of 80% max upload/download speed in theory (60% with current implementation), and performance doesn't degrade much as the blob size and cluster size increase. For more details, see the team's tech talk at KubeCon + CloudNativeCon.

Architecture

  • Agent
    • Deployed on every host
    • Implements Docker registry interface
    • Announces available content to tracker
    • Connects to peers returned by tracker to download content
  • Origin
    • Dedicated seeders
    • Stores blobs as files on disk backed by pluggable storage (e.g. S3, GCS, ECR)
    • Forms a self-healing hash ring to distribute load
  • Tracker
    • Tracks which peers have what content (both in-progress and completed)
    • Provides ordered lists of peers to connect to for any given blob
  • Proxy
    • Implements Docker registry interface
    • Uploads each image layer to the responsible origin (remember, origins form a hash ring)
    • Uploads tags to build-index
  • Build-Index
    • Mapping of human readable tag to blob digest
    • No consistency guarantees: client should use unique tags
    • Powers image replication between clusters (simple duplicated queues with retry)
    • Stores tags as files on disk backed by pluggable storage (e.g. S3, GCS, ECR)

Benchmark

The following data is from a test where a 3G Docker image with 2 layers is downloaded by 2600 hosts concurrently (5200 blob downloads), with 300MB/s speed limit on all agents (using 5 trackers and 5 origins):

  • p50 = 10s (at speed limit)
  • p99 = 18s
  • p99.9 = 22s

Usage

All Kraken components can be deployed as Docker containers. To build the Docker images:

$ make images

For information about how to configure and use Kraken, please refer to the documentation.

Kraken on Kubernetes

You can use our example Helm chart to deploy Kraken (with an example http fileserver backend) on your k8s cluster:

$ helm install --name=kraken-demo ./helm

Once deployed, each and every node will have a docker registry API exposed on localhost:30081. For an example pod spec that pulls images from Kraken agent, see example.

For more information on k8s setup, see README.

Devcluster

To start a herd container (which contains origin, tracker, build-index and proxy) and two agent containers with development configuration:

$ make devcluster

Docker-for-Mac is required for making dev-cluster work on your laptop. For more information on devcluster, please check out devcluster README.

Comparison With Other Projects

Dragonfly from Alibaba

Dragonfly cluster has one or a few "supernodes" that coordinates transfer of every 4MB chunk of data in the cluster.

While the supernode would be able to make optimal decisions, the throughput of the whole cluster is limited by the processing power of one or a few hosts, and the performance would degrade linearly as either blob size or cluster size increases.

Kraken's tracker only helps orchestrate the connection graph, and leaves negotiation of actual data transfer to individual peers, so Kraken scales better with large blobs. On top of that, Kraken is HA and supports cross cluster replication, both are required for a reliable hybrid cloud setup.

BitTorrent

Kraken was initially built with a BitTorrent driver, however we ended up implementing our own P2P driver based on BitTorrent protocol to allow for tighter integration with storage solutions and more control over performance optimizations.

Kraken's problem space is slightly different than what BitTorrent was designed for. Kraken's goal is to reduce global max download time and communication overhead in a stable environment, while BitTorrent was designed for an unpredictable and adversarial environment, so it needs to preserve more copies of scarce data and defend against malicious or bad behaving peers.

Despite the differences, we re-examine Kraken's protocol from time to time, and if it's feasible, we hope to make it compatible with BitTorrent again.

Limitations

  • If Docker registry throughput is not the bottleneck in your deployment workflow, switching to Kraken will not magically speed up your docker pull. To actually speed up docker pull, consider switching to Makisu to improve layer reusability at build time, or tweak compression ratios, as docker pull spends most of the time on data decompression.
  • Mutating tags (e.g. updating a latest tag) is allowed, however a few things will not work: tag lookups immediately afterwards will still return the old value due to Nginx caching, and replication probably won't trigger. We are working on supporting this functionality better. If you need tag mutation support right now, please reduce cache interval of build-index component. If you also need replication in a multi-cluster setup, please consider setting up another Docker registry as Kraken's backend.
  • Theoretically, Kraken should distribute blobs of any size without significant performance degradation, but at Uber we enforce a 20G limit and cannot endorse of the production use of ultra-large blobs (i.e. 100G+). Peers enforce connection limits on a per blob basis, and new peers might be starved for connections if no peers become seeders relatively soon. If you have ultra-large blobs you'd like to distribute, we recommend breaking them into <10G chunks first.

Contributing

Please check out our guide.

Contact

To contact us, please join our Slack channel.

Directories

Path Synopsis
cmd
cmd
gen
go/proto/p2p
Package p2p is a generated protocol buffer package.
Package p2p is a generated protocol buffer package.
lib
hrw
mocks
agent/agentclient
Package mockagentclient is a generated GoMock package.
Package mockagentclient is a generated GoMock package.
build-index/tagclient
Package mocktagclient is a generated GoMock package.
Package mocktagclient is a generated GoMock package.
build-index/tagstore
Package mocktagstore is a generated GoMock package.
Package mocktagstore is a generated GoMock package.
build-index/tagtype
Package mocktagtype is a generated GoMock package.
Package mocktagtype is a generated GoMock package.
lib/backend
Package mockbackend is a generated GoMock package.
Package mockbackend is a generated GoMock package.
lib/backend/gcsbackend
Package mockgcsbackend is a generated GoMock package.
Package mockgcsbackend is a generated GoMock package.
lib/backend/hdfsbackend/webhdfs
Package mockwebhdfs is a generated GoMock package.
Package mockwebhdfs is a generated GoMock package.
lib/backend/s3backend
Package mocks3backend is a generated GoMock package.
Package mocks3backend is a generated GoMock package.
lib/dockerregistry/transfer
Package mocktransfer is a generated GoMock package.
Package mocktransfer is a generated GoMock package.
lib/hashring
Package mockhashring is a generated GoMock package.
Package mockhashring is a generated GoMock package.
lib/healthcheck
Package mockhealthcheck is a generated GoMock package.
Package mockhealthcheck is a generated GoMock package.
lib/hostlist
Package mockhostlist is a generated GoMock package.
Package mockhostlist is a generated GoMock package.
lib/persistedretry
Package mockpersistedretry is a generated GoMock package.
Package mockpersistedretry is a generated GoMock package.
lib/persistedretry/tagreplication
Package mocktagreplication is a generated GoMock package.
Package mocktagreplication is a generated GoMock package.
lib/store
Package mockstore is a generated GoMock package.
Package mockstore is a generated GoMock package.
lib/torrent/scheduler
Package mockscheduler is a generated GoMock package.
Package mockscheduler is a generated GoMock package.
origin/blobclient
Package mockblobclient is a generated GoMock package.
Package mockblobclient is a generated GoMock package.
tracker/announceclient
Package mockannounceclient is a generated GoMock package.
Package mockannounceclient is a generated GoMock package.
tracker/metainfoclient
Package mockmetainfoclient is a generated GoMock package.
Package mockmetainfoclient is a generated GoMock package.
tracker/originstore
Package mockoriginstore is a generated GoMock package.
Package mockoriginstore is a generated GoMock package.
tracker/peerstore
Package mockpeerstore is a generated GoMock package.
Package mockpeerstore is a generated GoMock package.
utils/dedup
Package mockdedup is a generated GoMock package.
Package mockdedup is a generated GoMock package.
utils/httputil
Package mockhttputil is a generated GoMock package.
Package mockhttputil is a generated GoMock package.
cmd
cmd
tools
lib
cmd
utils
log

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL