From b7b82b0ac4b4b51c4c1deb7c4ee510cbfa3b4595 Mon Sep 17 00:00:00 2001 From: mbshields Date: Thu, 20 Jun 2024 20:39:51 -0700 Subject: [PATCH 1/3] docs: add high availability article Signed-off-by: mbshields --- docs/articles/high-availability.md | 40 ++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 docs/articles/high-availability.md diff --git a/docs/articles/high-availability.md b/docs/articles/high-availability.md new file mode 100644 index 0000000..e3bec88 --- /dev/null +++ b/docs/articles/high-availability.md @@ -0,0 +1,40 @@ +# Deploying a Highly Available zot Registry + +> :point_right: A highly available zot registry can be easily implemented using zot's registry synchronization feature. + +In the zot configuration, the `sync` extension allows a zot instance to mirror another zot instance with various container image download policies, including on-demand and periodic downloads. You can use the zot `sync` function combined with a load balancer such as [HAProxy](https://www.haproxy.com) to implement a highly available registry. + +Two failover configurations are possible: + +* Active/active + + Registry requests are load-balanced between two zot instances, each of which mirrors the other. + +* Active/standby + + Registry requests are sent by the load balancer to the active zot instance, while a standby instance mirrors the active. If the load balancer detects a failure of the active instance, it then sends requests to the standby instance. + +> :pencil2: The highly available zot registry described in this article differs from [zot clustering](clustering.md). Although zot clustering provides a level of high availability, the instances share common storage, whose failure would affect all instances. In the method described in this article, each instance has its own storage, providing an additional level of safety. + +For details of configuring the `sync` extension, see [OCI Registry Mirroring With zot](mirroring.md). + +## Configuring an active/active registry + +An active/active zot registry can be implemented between two zot instances by configuring the `sync` extension in each instance to point to the other instance. In this scheme: + +* a load balancer such as HAProxy or a [DNS-based routing](https://coredns.io/plugins/loadbalance/) scheme is deployed for round-robin load balancing between zot instances +* each zot instance is configured as a standalone registry with its own storage +* each zot instance has its `sync` extension enabled to periodically synchronize with the other instance + +With periodic synchronization, a window of failure exists between synchronization actions. For example, if an image is posted to instance A soon after instance B has synchronized with instance A, and then instance A fails, instance B will not have the new image. To minimize this exposure, we recommend keeping the synchronization period as small as practical. + + +## Configuring an active/standby registry + +An active/standby zot registry can be implemented between two zot instances by configuring the `sync` extension in the standby instance to mirror the other instance. In this scheme: + +* a load balancer such as HAProxy is deployed for active/passive load balancing of the zot instances +* each zot instance is configured as a standalone registry with its own storage +* the standby zot instance has its `sync` extension enabled to periodically synchronize with (mirror) the active instance + +With periodic synchronization, this scheme is also susceptible to the window of failure described in the active/active case. To minimize this exposure, we recommend keeping the synchronization period as small as practical. \ No newline at end of file From 77cd80520c8bea0b10d6c20a008a15654f70e96b Mon Sep 17 00:00:00 2001 From: mbshields Date: Thu, 20 Jun 2024 20:47:37 -0700 Subject: [PATCH 2/3] docs: add HA article - spellcheck and ToC Signed-off-by: mbshields --- .wordlist.txt | 1 + mkdocs.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.wordlist.txt b/.wordlist.txt index d8244f0..867d87c 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -81,6 +81,7 @@ ExpandedRepoInfo ExpandedRepoInfo ExtensionList ExternalName +failover Filebeat filesystem filesystems diff --git a/mkdocs.yml b/mkdocs.yml index 5d3ecdc..fbc2e10 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -127,6 +127,7 @@ nav: - Mirroring: articles/mirroring.md - Clustering: articles/clustering.md - Scale-out clustering: articles/scaleout.md + - Deploying a Highly Available Registry: articles/high-availability.md - Monitoring: articles/monitoring.md - Using GraphQL for Enhanced Searches: articles/graphql.md - Benchmarking with zb: articles/benchmarking-with-zb.md From fbed6c8a56f3ec1cd2a7059833f22598d5a8af45 Mon Sep 17 00:00:00 2001 From: mbshields Date: Mon, 24 Jun 2024 14:40:09 -0700 Subject: [PATCH 3/3] docs: addresses comments on HA article Signed-off-by: mbshields --- docs/articles/high-availability.md | 31 +++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/docs/articles/high-availability.md b/docs/articles/high-availability.md index e3bec88..db1a77f 100644 --- a/docs/articles/high-availability.md +++ b/docs/articles/high-availability.md @@ -6,27 +6,17 @@ In the zot configuration, the `sync` extension allows a zot instance to mirror a Two failover configurations are possible: -* Active/active - - Registry requests are load-balanced between two zot instances, each of which mirrors the other. - * Active/standby Registry requests are sent by the load balancer to the active zot instance, while a standby instance mirrors the active. If the load balancer detects a failure of the active instance, it then sends requests to the standby instance. -> :pencil2: The highly available zot registry described in this article differs from [zot clustering](clustering.md). Although zot clustering provides a level of high availability, the instances share common storage, whose failure would affect all instances. In the method described in this article, each instance has its own storage, providing an additional level of safety. - -For details of configuring the `sync` extension, see [OCI Registry Mirroring With zot](mirroring.md). - -## Configuring an active/active registry +* Active/active -An active/active zot registry can be implemented between two zot instances by configuring the `sync` extension in each instance to point to the other instance. In this scheme: + Registry requests are load-balanced between two zot instances, each of which mirrors the other. -* a load balancer such as HAProxy or a [DNS-based routing](https://coredns.io/plugins/loadbalance/) scheme is deployed for round-robin load balancing between zot instances -* each zot instance is configured as a standalone registry with its own storage -* each zot instance has its `sync` extension enabled to periodically synchronize with the other instance +> :pencil2: The highly available zot registry described in this article differs from [zot clustering](clustering.md). Although zot clustering provides a level of high availability, the instances share common storage, whose failure would affect all instances. In the method described in this article, each instance has its own storage, providing an additional level of safety. -With periodic synchronization, a window of failure exists between synchronization actions. For example, if an image is posted to instance A soon after instance B has synchronized with instance A, and then instance A fails, instance B will not have the new image. To minimize this exposure, we recommend keeping the synchronization period as small as practical. +For details of configuring the `sync` extension, see [OCI Registry Mirroring With zot](mirroring.md). ## Configuring an active/standby registry @@ -37,4 +27,15 @@ An active/standby zot registry can be implemented between two zot instances by c * each zot instance is configured as a standalone registry with its own storage * the standby zot instance has its `sync` extension enabled to periodically synchronize with (mirror) the active instance -With periodic synchronization, this scheme is also susceptible to the window of failure described in the active/active case. To minimize this exposure, we recommend keeping the synchronization period as small as practical. \ No newline at end of file +With periodic synchronization, a window of failure exists between synchronization actions. For example, if an image is posted to the active instance soon after the standby has synchronized with the active, and then the active fails, the standby will not have the new image. To minimize this exposure, we recommend keeping the synchronization period as small as practical. + +## Configuring an active/active registry + +An active/active zot registry can be implemented between two zot instances by configuring the `sync` extension in each instance to point to the other instance. In this scheme: + +* a load balancer such as HAProxy or a [DNS-based routing](https://coredns.io/plugins/loadbalance/) scheme is deployed for load balancing between zot instances +* [path-based routing](https://www.haproxy.com/blog/path-based-routing-with-haproxy) must be implemented +* each zot instance is configured as a standalone registry with its own storage +* each zot instance has its `sync` extension enabled to periodically synchronize with the other instance + +With periodic synchronization, a window of failure exists between synchronization actions. For example, if an image is posted to instance A soon after instance B has synchronized with instance A, and then instance A fails, instance B will not have the new image. To minimize this exposure, we recommend keeping the synchronization period as small as practical.