Pulling an Image from SWR Enterprise Edition

This topic describes how to create a pod using an image pulled from a repository of SWR Enterprise Edition.

Scenario

An image needs to be pulled from a repository of SWR Enterprise Edition.

Constraints

You have created an image repository of the SWR Enterprise Edition. For details, see Purchasing a Repository.
Images have been pushed to the repository. For details, see Pushing an Image.
When pulling images from a repository of SWR Enterprise Edition, the node where workloads are running can access that repository.

Create a secret for the repository of SWR Enterprise Edition.

Log in to SWR console (Enterprise Edition) and go to the target repository. In the navigation pane, choose Access > Access Control. On the displayed page, click Create Private Network Access Rule in the upper right corner and select the VPC and subnet used by the namespace in CCI 2.0. After the creation is complete, record the IP addresses that can be accessed.
In the navigation pane, choose Access > Domain Names. On the displayed page, record the default domain name (which cannot be edited).
In the navigation pane, choose Access > Access Credentials. On the displayed page, click Create Long-Term Credential to create a credential and then download the CSV file.
Switch to the DNS console. In the navigation pane, choose Private Zones. On the displayed page, click Create Private Zone in the upper right corner. Select the VPC used by the namespace in CCI 2.0 and the default domain name in 2.
Click the private domain name to go to the details page and then add a record set. Set Value to the IP address obtained in 1.

Switch to the CCI 2.0 console. In the navigation pane, choose Configuration Center. On the Secrets tab, click Create from YAML. The following is an example YAML file for creating a secret:

kind: Secret
apiVersion: cci/v2
metadata:
  name: ${secret_name}                      # Secret name
data:
  .dockerconfigjson: ${access_credential}   # Credential for accessing the repository of SWR Enterprise Edition
type: kubernetes.io/dockerconfigjson

${access_credential} indicates the Base64-encoded credential in JSON format. To obtain the value, take the following steps:

Enter the content of the CSV file obtained in 3 in the following command:
echo -n '{"auths":{"${url}":{"username":"${user_name}","password":"${password}"}}}' | base64 | sed ':a;N;$!ba;s/\n//g'
${url} indicates the default domain name in 2. ${user_name} and ${password} indicate the username and password in the CSV file.
Run this command to obtain the Base64-encoded access credential and enter the access credential in ${access_credential} in the YAML file to create a secret.

In the navigation pane, choose Workloads. On the Deployments tab, click Create from YAML.

Use an image in the repository of SWR Enterprise Edition to create a Deployment. The following is an example YAML file:

kind: Deployment
apiVersion: cci/v2
metadata:
  name: swr-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: swr-test
  template:
    metadata:
      labels:
        app: swr-test
    spec:
      containers:
        - name: container0
          image: ${image:tag}   # Image path in the format of ${url}/${namespace}/${image-name}@sha256:${sha256}. It can be queried from the Image Tags tab on the SWR console.
          resources:
            limits:
              cpu: 500m
              memory: 1Gi
            requests:
              cpu: 500m
              memory: 1Gi
      imagePullSecrets:
        - name: ${secret-name}  # Name of the secret created in 6