On 08.05.20 08:48, Alexander Larsson wrote:
> So, as owen said, we did look into ways of changing the basic form of
> the layers to get some kind of incrementality, but in the end it just
> didn't perform nearly well enough to be worth all the effort compared to
> a delta-style update.
>
> That doesn't mean OCIv2 is not useful in addition to deltas. We could
> use OCIv2 to improve initial pulls, as well as pulls of independent
> images that happen to "accidentally" share files (or chunks). However,
> even in an OCIv2 world I think deltas are going to be important.
Coming from the illumos community where we use this principle for our
Package management I can name a few more benefits gained from an
approach as discussed in this thread.
The main difference is, that you are separating data and metadata of the
layers into different parts. While you can achieve a lot of benefits by
processing the data itself (Content based storage addressing, Individual
Compression). The most benefits you will gain however from the
processing of the metadata. We use a set of orthogonal properties to
encode details about a file, which we then can use to install only the
subset of parts the user is interested in.
As example take the following manifest (a package in our system):
set key=source.url value=
https://github.com/foo/bar
set key=source.version value=v1.0
set key=source.commit.hash value=$SOURCECOMMITHASH
file $CONTENTADDRESSHASH path=/foo/bar pkg.variant=i86pc elfbits=32
pkg.variant.os=illumos
file $CONTENTADDRESSHASH path=/foo/bar pkg.variant=i86pc elfbits=64
pkg.variant.os=illumos
file $CONTENTADDRESSHASH path=/foo/bar pkg.variant=sparc elfbits=32
pkg.variant.os=illumos
file $CONTENTADDRESSHASH path=/foo/bar pkg.variant=sparc elfbits=64
pkg.variant.os=illumos
file $CONTENTADDRESSHASH path=/foo/bar pkg.variant=i86pc elfbits=64
pkg.variant.os=linux
This is a real life example of a package (or in the case of OCI that
would be a layer) that contains one binary in all sorts of flavours.
path is the Property we check for duplicates after applying all filters.
In this case we filter for processor architecture (sparc or x86),
bitness and ABI compatibility. These filters are given by the runtime
which wants to download the image. We also have additional filters
called facets which are defined by user input and allow to trim fat an a
per use case basis.
Another benefit is the capability to easily add key values pairs to the
metadata which allow extended audit and mapping use cases such as CVE
vulnerability checks or out of date dependency checks. These can easily
be integrated into any system, as those now don't need to download any
image at all but only need to parse the metadata for the keys they are
interested in.
Hope this gives an idea what forms and use cases this could cover.
Greetings
Till