- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
- User Guide
- Best Practices
-
Developer Guide
- Overview
- Using Native kubectl (Recommended)
- Namespace and Network
- Pod
- Label
- Deployment
- EIPPool
- EIP
- Pod Resource Monitoring Metric
- Collecting Pod Logs
- Managing Network Access Through Service and Ingress
- Using PersistentVolumeClaim to Apply for Persistent Storage
- ConfigMap and Secret
- Creating a Workload Using Job and Cron Job
- YAML Syntax
-
API Reference
- Before You Start
- Calling APIs
- Getting Started
- Proprietary APIs
-
Kubernetes APIs
- ConfigMap
- Pod
- StorageClass
- Service
-
Deployment
- Querying All Deployments
- Deleting All Deployments in a Namespace
- Querying Deployments in a Namespace
- Creating a Deployment
- Deleting a Deployment
- Querying a Deployment
- Updating a Deployment
- Replacing a Deployment
- Querying the Scaling Operation of a Specified Deployment
- Updating the Scaling Operation of a Specified Deployment
- Replacing the Scaling Operation of a Specified Deployment
- Querying the Status of a Deployment
- Ingress
- OpenAPIv2
- VolcanoJob
- Namespace
- ClusterRole
- Secret
- Endpoint
- ResourceQuota
- CronJob
-
API groups
- Querying API Versions
- Querying All APIs of v1
- Querying an APIGroupList
- Querying APIGroup (/apis/apps)
- Querying APIs of apps/v1
- Querying an APIGroup (/apis/batch)
- Querying an APIGroup (/apis/batch.volcano.sh)
- Querying All APIs of batch.volcano.sh/v1alpha1
- Querying All APIs of batch/v1
- Querying All APIs of batch/v1beta1
- Querying an APIGroup (/apis/crd.yangtse.cni)
- Querying All APIs of crd.yangtse.cni/v1
- Querying an APIGroup (/apis/extensions)
- Querying All APIs of extensions/v1beta1
- Querying an APIGroup (/apis/metrics.k8s.io)
- Querying All APIs of metrics.k8s.io/v1beta1
- Querying an APIGroup (/apis/networking.cci.io)
- Querying All APIs of networking.cci.io/v1beta1
- Querying an APIGroup (/apis/rbac.authorization.k8s.io)
- Querying All APIs of rbac.authorization.k8s.io/v1
- Event
- PersistentVolumeClaim
- RoleBinding
- StatefulSet
- Job
- ReplicaSet
- Data Structure
- Permissions Policies and Supported Actions
- Appendix
- Out-of-Date APIs
- Change History
-
FAQs
- Product Consulting
-
Basic Concept FAQs
- What Is CCI?
- What Are the Differences Between Cloud Container Instance and Cloud Container Engine?
- What Is an Environment Variable?
- What Is a Service?
- What Is Mcore?
- What Are the Relationships Between Images, Containers, and Workloads?
- What Are Kata Containers?
- Can kubectl Be Used to Manage Container Instances?
- What Are Core-Hours in CCI Resource Packages?
- Workload Abnormalities
-
Container Workload FAQs
- Why Service Performance Does Not Meet the Expectation?
- How Do I Set the Quantity of Instances (Pods)?
- How Do I Check My Resource Quotas?
- How Do I Set Probes for a Workload?
- How Do I Configure an Auto Scaling Policy?
- What Do I Do If the Workload Created from the sample Image Fails to Run?
- How Do I View Pods After I Call the API to Delete a Deployment?
- Why an Error Is Reported When a GPU-Related Operation Is Performed on the Container Entered by Using exec?
- Can I Start a Container in Privileged Mode When Running the systemctl Command in a Container in a CCI Cluster?
- Why Does the Intel oneAPI Toolkit Fail to Run VASP Tasks Occasionally?
- Why Are Pods Evicted?
- Why Is the Workload Web-Terminal Not Displayed on the Console?
- Why Are Fees Continuously Deducted After I Delete a Workload?
-
Image Repository FAQs
- Can I Export Public Images?
- How Do I Create a Container Image?
- How Do I Upload Images?
- Does CCI Provide Base Container Images for Download?
- Does CCI Administrator Have the Permission to Upload Image Packages?
- What Permissions Are Required for Uploading Image Packages for CCI?
- What Do I Do If Authentication Is Required During Image Push?
-
Network Management FAQs
- How Do I View the VPC CIDR Block?
- Does CCI Support Load Balancing?
- How Do I Configure the DNS Service on CCI?
- Does CCI Support InfiniBand (IB) Networks?
- How Do I Access a Container from a Public Network?
- How Do I Access a Public Network from a Container?
- What Do I Do If Access to a Workload from a Public Network Fails?
- What Do I Do If Error 504 Is Reported When I Access a Workload?
- What Do I Do If the Connection Timed Out?
- Storage Management FAQs
- Log Collection
- Account
- SDK Reference
- Videos
- General Reference
Copied.
Images
Overview
You can manage images using SWR or a third-party image repository. This section describes how images are pulled when the bursting add-on is installed in a CCE cluster.
Pulling an Image from SWR on the Console
- Method 1: Selecting an Image from SWR on the CCE Console
- Upload an image to SWR. For details, see the SWR documentation.
- Create a workload on the CCE cluster console and select an image.
- The image will be pulled from SWR. Ensure that your image has been pushed to SWR. For details, see the SWR documentation.
- Method 2: Selecting an Image from SWR Using YAML
- Log in to the CCE cluster node.
- View the image address in SWR.
- Configure the YAML file of the workload.
apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: default labels: virtual-kubelet.io/burst-to-cci: 'auto' # Schedules the workload to CCI. spec: replicas: 2 selector: matchLabels: app: test template: metadata: labels: app: test spec: containers: - image: swr.***.com/cci-test/nginx:1.0.0.x86_64_test name: container-0 resources: requests: cpu: 250m memory: 512Mi limits: cpu: 250m memory: 512Mi volumeMounts: [] imagePullSecrets: - name: default-secret
- Deploy the workload.
kubectl apply -f dep.yaml
Pulling an Image from a Third-Party Image Repository
- Use the tool provided by CCI to create a secret for authenticating the third-party image repository.
imagepull-secret-generator --ak=$ak --sk=$sk --private-user=$user --private-password=$password --output-file-path=my-imagepull-secret.json --project-name=region --secret-name=my-imagepull-secret --swr-address=swr.***.com
Log in to the CCE cluster node and create a secret for the cluster.kubectl apply -f my-imagepull-secret.json
- Create a workload and specify the secret for authenticating the third-party image repository in spec.imagePullSecrets.
Create a workload and specify the secret for authenticating the third-party image repository in spec.imagePullSecrets.
apiVersion: apps/v1 kind: Deployment metadata: labels: app: test-imagepull virtual-kubelet.io/burst-to-cci: enforce name: test-imagepull spec: replicas: 1 selector: matchLabels: app: test-imagepull template: metadata: labels: app: test-imagepull spec: containers: - image: xxx/my-image:latest imagePullPolicy: Always name: nginx resources: limits: cpu: 1 memory: 2Gi requests: cpu: 1 memory: 2Gi imagePullSecrets: - name: my-imagepull-secret
Using Both SWR and a Third-Party Image Repository
Scenario
In some cases, an image can be pulled from a third-party image repository when you create a workload on the CCE cluster console. The pulled image can be synchronized to SWR so that the workloads scheduled to CCI use the image during traffic spikes. This speeds up image pull.
Procedure
Configure annotations in the YAML file of the workload. The following is an example:
"coordinator.cci.io/image-replacement": '[ {"repositoryPrefix":"harbor.domain","replaceWith":"swr.***.com/org1"}, {"repositoryPrefix":"","replaceWith":"swr.***.com/org1"}, {"repositoryPrefix":"harbor.domain/a/b/c/d","replaceWith":"swr.***.com/org2"} ]'
- Replacement policies can be executed in any sequence.
- Multiple replacement policies can be configured. The value of repositoryPrefix for each policy must be unique.
Replacement Policy Key |
Description |
Remarks |
---|---|---|
repositoryPrefix |
Image prefix that you want to match and replace. |
|
replaceWith |
Image prefix to be used. |
|
Annotation |
Before Replacement |
After Replacement |
Description |
---|---|---|---|
"coordinator.cci.io/image-replacement": '[ {"repositoryPrefix":"harbor.domain","replaceWith":"swr.***.com/org1"} ]' |
containers: - name: container-0 image: 'harbor.domain/ubuntu:latest' |
containers: - name: container-0 image: 'swr.***.com/org1/ubuntu:latest' |
repositoryPrefix matches the domain name of a third-party repository. |
"coordinator.cci.io/image-replacement": '[ {"repositoryPrefix":"","replaceWith":"swr.***.com/org1"} ]' |
containers: - name: container-1 image: 'nginx:latest' |
containers: - name: container-1 image: 'swr.***.com/org1/nginx:latest' |
repositoryPrefix is left empty. |
"coordinator.cci.io/image-replacement": '[ {"repositoryPrefix":"harbor.domain/a/b/c/d","replaceWith":"swr.***.com/org2"} ]' |
containers: - name: container-2 image: 'harbor.domain/a/b/c/d/redis:latest' |
containers: - name: container-2 image: 'swr.***.com/org2/redis:latest' |
repositoryPrefix matches the domain name of a third-party repository and the organization directory. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot