Help Center> Cloud Container Instance> User Guide> Bursting to CCI> CCE Cloud Bursting Engine for CCI> Images
Updated on 2024-07-04 GMT+08:00
View PDF

Images

Overview

You can manage images using Huawei Cloud SWR or a third-party image repository. This section describes how images are pushed when the bursting add-on is installed in a CCE cluster.

Pulling an Image from SWR on the Console

  • Method 1: Selecting an Image from SWR on the CCE Console
    1. Upload an image to SWR. For details, see the SWR documentation.
    1. Create a workload on the CCE cluster console and select an image.

    2. The image will be pulled from SWR. Ensure that your image has been pushed to SWR. For details, see the SWR documentation.
  • Method 2: Selecting an Image from SWR Using YAML
    1. Log in to the CCE cluster node.
    2. View the image address in SWR.

      Image address: swr.cn-north-7.myhuaweicloud.com/cci-test/nginx:1.0.0.x86_64_test

    3. Configure the YAML file of the workload.
      apiVersion: apps/v1
kind: Deployment
metadata:
  name: test
  namespace: default
  labels:
    virtual-kubelet.io/burst-to-cci: 'auto'    # Schedules the workload to CCI.
spec:
  replicas: 2
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      containers:
        - image: swr.cn-north-7.myhuaweicloud.com/cci-test/nginx:1.0.0.x86_64_test
          name: container-0
          resources:
            requests:
              cpu: 250m
              memory: 512Mi
            limits:
              cpu: 250m
              memory: 512Mi
          volumeMounts: []
      imagePullSecrets:
        - name: default-secret
    4. Deploy the workload.
      kubectl apply -f  dep.yaml

Pulling an Image from a Third-Party Image Repository

  1. Use the tool provided by CCI to create a secret for authenticating the third-party image repository.
    imagepull-secret-generator --ak=$ak --sk=$sk --private-user=$user --private-password=$password --output-file-path=my-imagepull-secret.json --project-name=cn-north-4 --secret-name=my-imagepull-secret --swr-address=swr.cn-north-4.myhuaweicloud.com
    Log in to the CCE cluster node and create a secret for the cluster. 
    kubectl apply -f my-imagepull-secret.json
  2. Create a workload and specify the secret for authenticating the third-party image repository in spec.imagePullSecrets.

    Create a workload and specify the secret for authenticating the third-party image repository in spec.imagePullSecrets.

    apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: test-imagepull
    virtual-kubelet.io/burst-to-cci: enforce
  name: test-imagepull
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-imagepull
  template:
    metadata:
      labels:
        app: test-imagepull
    spec:
      containers:
      - image: xxx/my-image:latest
        imagePullPolicy: Always
        name: nginx
        resources:
          limits:
            cpu: 1
            memory: 2Gi
          requests:
            cpu: 1
            memory: 2Gi
      imagePullSecrets:
      - name: my-imagepull-secret

Using Both Huawei Cloud SWR and a Third-Party Image Repository

Scenario

In some cases, an image can be pulled from a third-party image repository when you create a workload on the CCE cluster console. The pulled image can be synchronized to SWR so that the workloads scheduled to CCI use the image during traffic spikes. This speed up image pull.

Procedure

Configure annotations in the YAML file of the workload. The following is an example:

"coordinator.cci.io/image-replacement": '[
    {"repositoryPrefix":"harbor.domain","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org1"},
    {"repositoryPrefix":"","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org1"},
    {"repositoryPrefix":"harbor.domain/a/b/c/d","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org2"}
]'
  • Replacement policies can be executed in any sequence.
  • Multiple replacement policies can be configured. The value of repositoryPrefix for each policy must be unique.

Replacement Policy Key

Description

Remarks

repositoryPrefix

Image prefix that you want to match and replace.
  • If this field is left empty, all containers whose image values do not contain slashes (/) are matched.
  • If this field is not empty, all containers whose image values have the same prefix and end with slashes (/) are matched.
  • This field cannot end with a slash (/) and is verified the same as the container image name.

replaceWith

Image prefix to be used.
  • The value of this field cannot be the same as that of repositoryPrefix.
  • This field cannot end with a slash (/) and is verified the same as the container image name.
Table 1 Annotations

Annotation

Before Replacement

After Replacement

Description

"coordinator.cci.io/image-replacement": '[

{"repositoryPrefix":"harbor.domain","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org1"}

]'

containers:

- name: container-0

image: 'harbor.domain/ubuntu:latest'

containers:

- name: container-0

image: 'swr.cn-north-4.myhuaweicloud.com/org1/ubuntu:latest'

repositoryPrefix matches the domain name of a third-party repository.

"coordinator.cci.io/image-replacement": '[

{"repositoryPrefix":"","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org1"}

]'

containers:

- name: container-1

image: 'nginx:latest'

containers:

- name: container-1

image: 'swr.cn-north-4.myhuaweicloud.com/org1/nginx:latest'

repositoryPrefix is left empty.

"coordinator.cci.io/image-replacement": '[

{"repositoryPrefix":"harbor.domain/a/b/c/d","replaceWith":"swr.cn-north-4.myhuaweicloud.com/org2"}

]'

containers:

- name: container-2

image: 'harbor.domain/a/b/c/d/redis:latest'

containers:

- name: container-2

image: 'swr.cn-north-4.myhuaweicloud.com/org2/redis:latest'

repositoryPrefix matches the domain name of a third-party repository and the organization directory.