...
Since agreements can be cancelled and remade for the same service by certain changes (like userinput), the image clean-up should not be a part of the agreement lifecycle. By making image-removal behavior configurable through node management policy, users can decide how aggressive they want the cleaning to be or disable entirely if they don't want images ever removed.
To make this more useful, the agent behavior will change to only download images that are not already on the device.
The policy will specify which image it applies to or * for all, and how long to wait before deleting the specified image. To determine when to delete the image, the agent will iterate over canceled agreements and if the image used by the agreement is on the node but has not been needed since more than deleteAfterHours, it will remove the image from the device.
There will not be any explicit resolution of conflicting removal policies, whichever is most aggressive will delete the image first in practice.
"imageRemovalPolicy":
{
[{“imageName”: “dockeruser/image1”,
“deleteAfterHours”: 2
},
{“imageName”: “*”,
“deleteAfterHours”: 4
There will not be any explicit resolution of conflicting removal policies, whichever is most aggressive will delete the image first in practice.
Image policy - NMPs can be matched by policy or pattern. The agent will store matching NMPs and a new subworker will periodically check if any removals currently need to be executed as well as maintaining a list of images in the database that are affected by the current matching NMPs.
Images downloaded by the agent will be added to the table when it is successfully downloaded. Images not downloaded by the agent that are affected by an image policy will be added to the table by the subworker. The time since last used will be set by the subworker with ‘0’ to indicate it is currently in use. When the subworker runs it will check each image and if it is currently in use by an agent-created container then set the time last used to ‘0’. If the the time last used is currently ‘0’ and there is no agent-created container using that image then set the Time Last Used to the current time.
Image removal is only relavent to edge devices, not clusters as k8s manages service images for clusters outside of the agent’s control.
For a policy to apply to all images use *. Partial wildcards will also be allowed. For example, image1:* to apply to all versions of image1. Image names must be complete, the cli will throw an error if a user tries to publish a partial image name (missing version tag
The following is an example of the field to add to the existing NMP structure. Note the name "image_policy" is left general with a subfield for removal to leave open the possibility for other kinds of image manipulation that we might want to manage through node management policy.
“image_policy”: {
“removal”: [{“image_name”: “image1:0.0.1”,
“delete_after_minutes”: 30,
“agent_downloaded_only”: true
},
{“image_name”: “*”,
“delete_after_minutes”: 60,
“agent_downloaded_only”: false
}
} ]
}
To use this feature, users will create a node management policy with an "imageRemovePolicyimage_policy" section that specifies the images and time to delete them. After publishing it to the exchange, agents will check if it applies to them and if so save it to the local db and a subworker will begin checking if it is time to delete any images.
...
Add the "image_policy" to the nmp template.
Validate the new section and enforce mutual exclusivity of the "upgrade" and "image_policy" subfields.
...