Some registries (notably Quay) issue tokens that expire without providing an `expires in` value in the authorization payload. Therefore, if a token produces a 401, we should remove it and re-fetch.
Signed-off-by: Corey Larson <corey@earthly.dev>
Some registries can be flaky and return intermittent 5xx errors. This
change allows those errors to be retried, similarly to network-level
errors.
Note that this needs the upstream containerd fix
https://github.com/containerd/containerd/pull/5276 to work reliably.
This was tested with a registry that was modified to return 504 on every
other manifest PUT. Without the change, exports to the registry fail
every other attempt. With the change and the related containerd change,
exports to the registry always succeed.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Check if context is canceled before returning cached token or err.
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Fix possible race conditions
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Fix block
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
The golang net/http package uses http2 client to serve https by default,
if let Transport.TLSNextProto is nil. And net/http package doesn't
provide tunnable value for http2 flow control which will limit push
performance.
Before this commit, use GODEBUG="http2debug=1" buildkitd to pushing
one image from dockerfile like
```
$ about 700MB
FROM scratch
ADD ./golang-1.13.0-stretch.tar.gzip /
```
and use ifstat to monitor network interface and found that
```
$ ifstat -i enp0s3
enp0s3
KB/s in KB/s out
0.47 0.67
0.44 0.51
19.72 11.56
62.25 2184.41
96.34 3514.28
93.89 3508.31
95.41 3515.53
91.61 3433.22
95.82 3579.68
90.36 3388.89
93.64 3513.03
93.32 3478.04
...
$ log from buildkitd
2020/03/31 17:40:33 http2: Transport received WINDOW_UPDATE stream=11 len=4 incr=32768
2020/03/31 17:40:33 http2: Transport received WINDOW_UPDATE len=4 (conn) incr=271
2020/03/31 17:40:33 http2: Transport received WINDOW_UPDATE stream=11 len=4 incr=271
2020/03/31 17:40:33 http2: Transport received WINDOW_UPDATE len=4 (conn) incr=32496
2020/03/31 17:40:33 http2: Transport received WINDOW_UPDATE stream=11 len=4 incr=32496
...
```
The registry will update window size of flow control when receives each
frame data. The sender need wait for receiver update the window size if
the sender runs out of buffer of flow control. But the increase value
for buffer by WINDOW_UPDATE frame is too small and slow which impacts
push performance.
Before net/http package provides tunnable value for flow control, we
should disable http2 for https request.
And with this commit, the performance will be better like:
```
$ ifstat -i enp0s3
enp0s3
KB/s in KB/s out
0.56 0.61
16.13 5.55
18.89 9.23
218.84 7832.80
338.56 13074.04
302.39 11713.83
231.62 8964.60
356.50 13504.02
298.14 11401.81
311.24 11783.26
333.01 12710.17
329.64 12630.40
305.87 11662.04
292.53 11118.04
```
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Corey Larson
Aaron Lehmann
Vlad A. Ionescu
Tonis Tiigi
Ilya Dmitrichenko
Wei Fu