Pulling an Image from SWR Enterprise Edition
This topic describes how to create a pod using an image pulled from a repository of SWR Enterprise Edition.
Scenario
An image needs to be pulled from a repository of SWR Enterprise Edition.
Constraints
- You have created an image repository of the SWR Enterprise Edition. For details, see Purchasing a Repository.
- Images have been pushed to the repository. For details, see Pushing an Image.
- When pulling images from a repository of SWR Enterprise Edition, the node where workloads are running can access that repository.
Create a secret for the repository of SWR Enterprise Edition.
- Log in to SWR console (Enterprise Edition) and go to the target repository. In the navigation pane, choose Access > Access Control. On the displayed page, click Create Private Network Access Rule in the upper right corner and select the VPC and subnet used by the namespace in CCI 2.0. After the creation is complete, record the IP addresses that can be accessed.
- In the navigation pane, choose Access > Domain Names. On the displayed page, record the default domain name (which cannot be edited).
- In the navigation pane, choose Access > Access Credentials. On the displayed page, click Create Long-Term Credential to create a credential and then download the CSV file.
- Switch to the DNS console. In the navigation pane, choose Private Zones. On the displayed page, click Create Private Zone in the upper right corner. Select the VPC used by the namespace in CCI 2.0 and the default domain name in 2.
- Click the private domain name to go to the details page and then add a record set. Set Value to the IP address obtained in 1.
- Switch to the CCI 2.0 console. In the navigation pane, choose Configuration Center. On the Secrets tab, click Create from YAML. The following is an example YAML file for creating a secret:
kind: Secret apiVersion: cci/v2 metadata: name: ${secret_name} # Secret name data: .dockerconfigjson: ${access_credential} # Credential for accessing the repository of SWR Enterprise Edition type: kubernetes.io/dockerconfigjson
${access_credential} indicates the Base64-encoded credential in JSON format. To obtain the value, take the following steps:
Enter the content of the CSV file obtained in 3 in the following command: echo -n '{"auths":{"${url}":{"username":"${user_name}","password":"${password}"}}}' | base64 | sed ':a;N;$!ba;s/\n//g' ${url} indicates the default domain name in 2. ${user_name} and ${password} indicate the username and password in the CSV file. Run this command to obtain the Base64-encoded access credential and enter the access credential in ${access_credential} in the YAML file to create a secret.
- In the navigation pane, choose Workloads. On the Deployments tab, click Create from YAML.
- Use an image in the repository of SWR Enterprise Edition to create a Deployment. The following is an example YAML file:
kind: Deployment apiVersion: cci/v2 metadata: name: swr-test spec: replicas: 1 selector: matchLabels: app: swr-test template: metadata: labels: app: swr-test spec: containers: - name: container0 image: ${image:tag} # Image path in the format of ${url}/${namespace}/${image-name}@sha256:${sha256}. It can be queried from the Image Tags tab on the SWR console. resources: limits: cpu: 500m memory: 1Gi requests: cpu: 500m memory: 1Gi imagePullSecrets: - name: ${secret-name} # Name of the secret created in 6
- View the events of the created pod and verify that the image is pulled successfully.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot