Updated on 2022-10-14 GMT+08:00

Image Repository

UCS integrates Huawei Cloud SoftWare Repository for Containers (SWR), which provides easy, secure, and reliable management over container images throughout their lifecycles, facilitating the deployment of containerized applications.

SWR allows you to securely host and efficiently distribute images on the cloud to smoothly run your services in containers. You do not need to build or maintain image repositories.


  • Full lifecycle management of images

    SWR manages the full lifecycle of your container images, including push, pull, and deletion.

  • Private image repository

    Private image repository and fine-grained permission management allow you to grant different access permissions, namely, read, write, and edit, to different users.

  • P2P acceleration of large-scale image distribution

    Acceleration technology developed by Huawei brings faster image pull for CCE clusters during high concurrency.

  • Automatic deployment update through triggers

    Application deployment can be triggered automatically upon image tag update. You only need to set a trigger for the desired image. Every time the image tag is updated, the application deployed with this image will be automatically updated.


Clusters connected to UCS through a private network cannot download images from SWR. Ensure your clusters can access the public network.

Pushing the Image

  1. Log in to the UCS console. In the navigation pane on the left, choose Image Repositories.
  2. View the basic information about the image repository, as shown in Figure 1. Click the image repository to access SWR.

    Figure 1 Image repository

  3. For details about how to push an image to SWR, see Uploading an Image Through a Container Engine Client.

Using an Image

Clusters and federations managed by UCS allow you to create a workload by pulling an image from the image repository. The following uses the CCE cluster taken over by UCS as an example to shown you how to pull and use an image to create a workload:

  1. Log in to the cluster console.
  2. In the navigation pane, choose Workloads and click Create Image in the upper right corner.
  3. In the Basic Info area, set workload parameters. Deployment is used as an example.

    • Workload Type: Select Deployment.
    • Workload Name: Enter demo. The value can be customized.
    • Pods: Set this parameter as required.
    • Description: Enter the description of the workload.
    • Time Zone Synchronization: Specify whether to enable this function. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone.

  4. In the Container Settings area, click Select Image.

    On the My Images tab page, select the target image and click OK.

    • If the selected image is a public image, you do not need to select an Image Access Credential.
    • If the selected image is a private image, you need to select an Image Access Credential. Otherwise, the image cannot be pulled.

      You can click Create Secret to create an image access credential. For details, see Creating an Image Secret.

    Figure 2 Container settings

  5. Click Create Workload. For details about how to create a workload, see Deployments.

Creating an Image Secret

When a CCE cluster is created, a secret named default-secret is generated by default, which contains an access credential of SWR. Therefore, you do not need to create an image secret again.

When a non-CCE cluster uses SWR private images, you need to create an image secret to pull SWR images. The procedure is as follows:

  1. Log in to the cluster console.
  2. In the navigation pane on the left, choose ConfigMaps and Secrets, and click the Secrets tab.
  3. Click Create Secret and set parameters.

    Figure 3 Creating a secret
    Table 1 Parameter description




    Name of the secret you create, which must be unique.


    Namespace to which the secret belongs. If you do not specify this parameter, the value default is used by default.


    Description of a secret.

    Secret Type

    Type of the new secret. kubernetes.io/dockerconfigjson stores the authentication information required for pulling images from a private repository.

    Image Repository Address

    The image repository address is swr.<Your region>.myhuaweicloud.com. For example, the image repository address for AP-Singapore is swr.ap-southeast-3.myhuaweicloud.com. For details about available SWR regions, see Regions and Endpoints.


    Enter the username and password of the private image repository. Workload secret data can be used in containers.

    To obtain the username and password when using SWR, perform the following steps:

    1. Click the username in the upper right corner, choose My Credentials > Access Keys, and click Create Access Key. You can obtain the AK and SK information from the credentials.csv file downloaded.

      The AK/SK file can be downloaded only once. Keep it secure. For more details about access keys, see Access Keys.

    2. Log in to a Linux computer and run the following command to obtain the login key ($AK and $SK are the AK/SK obtained in the previous step.):

      printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'

    3. The username is [Regional project name]@[AK], for example, ap-southeast-3@***.

      The password is the login key obtained in 2.


    Label of the secret. Enter a key-value pair and click Add.