From e7f05b524f0f0c362744f1d10d0bd310c9dc05cd Mon Sep 17 00:00:00 2001 From: Baptiste Girard-Carrabin Date: Fri, 5 Sep 2025 15:49:34 +0200 Subject: [PATCH] [cri] Allow configuration of the manifest limit Limit the number of manifests that will be unpacked during image pulls. The default is to unpack all the manifests that match the current platform but this can help limit the amount of returned manifests further. In particular this is useful in the case of index manifests with multiple image that match the same architecture. Limiting the manifests to 1 there will ensure it's always the same manifest that gets unpacked. --- internal/cri/config/config.go | 5 +++++ internal/cri/server/images/image_pull.go | 1 + 2 files changed, 6 insertions(+) diff --git a/internal/cri/config/config.go b/internal/cri/config/config.go index 6f8f2d128275c..44be72981e154 100644 --- a/internal/cri/config/config.go +++ b/internal/cri/config/config.go @@ -345,6 +345,11 @@ type ImageConfig struct { // When transfer service is used to pull images, pull related configs, like max_concurrent_downloads // and unpack_config are configured under [plugins."io.containerd.transfer.v1.local"] UseLocalImagePull bool `toml:"use_local_image_pull" json:"useLocalImagePull"` + + // Limit the number of manifests that will be unpacked during image pulls. + // The default is to unpack all the manifests that match the current platform + // but this can help limit the amount of returned manifests further + ManifestLimit int `toml:"manifest_limit" json:"manifestLimit"` } // RuntimeConfig contains toml config related to CRI plugin, diff --git a/internal/cri/server/images/image_pull.go b/internal/cri/server/images/image_pull.go index 113de6ec38d6e..bcc235b59743b 100644 --- a/internal/cri/server/images/image_pull.go +++ b/internal/cri/server/images/image_pull.go @@ -304,6 +304,7 @@ func (c *CRIImageService) pullImageWithTransferService( sopts = append(sopts, transferimage.WithPlatforms(platforms.DefaultSpec())) sopts = append(sopts, transferimage.WithUnpack(platforms.DefaultSpec(), snapshotter)) sopts = append(sopts, transferimage.WithImageLabels(labels)) + sopts = append(sopts, transferimage.WithManifestLimit(c.config.ManifestLimit)) is := transferimage.NewStore(ref, sopts...) log.G(ctx).Debugf("Getting new CRI credentials") ch := newCRICredentials(ref, credentials)