Image Repositories

Features

• Full lifecycle management of images

  SWR manages the full lifecycle of your container images, including push, pull, and deletion.

• Private image repository

  Private image repository and fine-grained permission management allow you to grant different access permissions, namely, read, write, and edit, to different users.

• Image Acceleration

  Acceleration technology developed by Huawei brings faster image pull for CCE clusters during high concurrency.

• Automatic deployment update through triggers

  Application deployment can be triggered automatically upon image tag update. You only need to set a trigger for the desired image. Every time the image tag is updated, the application deployed with this image will be automatically updated.

Constraints

Attached clusters connected to UCS through a private network cannot download images from SWR. Ensure your clusters can access the public network.

Pushing the Image

1. Log in to the UCS console. In the navigation pane on the left, choose Image Repositories.
2. View the basic information about the image repository, as shown in Figure 1. Click the image repository to access SWR.
   Figure 1 Image repository
   

3. Upload an image to SWR by referring to Uploading an Image Through a Container Engine Client.

Using an Image

Clusters and federations managed by UCS allow you to create a workload by pulling an image from the image repository. The following uses the CCE cluster taken over by UCS as an example to shown you how to pull and use an image to create a workload:

1. Log in to the cluster console.
2. In the navigation pane, choose Workloads and click Create from Image in the upper right corner.
3. In the Basic Info area, set workload parameters. Deployment is used as an example.
   • Workload Type: Select Deployment.
   • Workload Name: Enter demo. The value can be customized.
   • Pods: Set this parameter as required.
   • Description: Enter the description of the workload.
   • Time Zone Synchronization: Specify whether to enable this function. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone.

4. In the Container Settings area, click Select Image.

   On the My Images tab page, select the target image and click OK.

   

   • If the selected image is a public image, you do not need to select an Image Access Credential.
   • If the selected image is a private image, you need to select an Image Access Credential. Otherwise, the image cannot be pulled.

     You can click Create Secret to create an image access credential. For details, see Creating an Image Secret.

   Figure 2 Container settings
   

5. Click Create Workload. For details about how to create a workload, see Deployments.

Creating an Image Secret

When a Huawei Cloud cluster is being created, a secret named default-secret is generated by default, which contains an access credential of SWR. You do not need to create an image secret again.

When an attached cluster uses SWR private images, you need to create an image secret to pull SWR images. The procedure is as follows:

1. Log in to the cluster console.
2. In the navigation pane on the left, choose ConfigMaps and Secrets, and click the Secrets tab.
3. Click Create Secret and set parameters.
   Figure 3 Creating a secret
   

   Table 1 Parameter description

   Parameter	Description
   Name	Name of the secret you create, which must be unique.
   Namespace	Namespace to which the secret belongs. If you do not specify this parameter, the value default is used by default.
   Description	Description of a secret.
   Secret Type	Type of the new secret. kubernetes.io/dockerconfigjson stores the authentication information required for pulling images from a private repository.
   Image Repository Address	The image repository address is swr.region.myhuaweicloud.com. For example, the image repository address of AP-Singapore is swr.ap-southeast-3.myhuaweicloud.com. For details about the regions where SWR is used, see Regions and Endpoints.
   Data	Enter the username and password of the private image repository. Workload secret data can be used in containers. To obtain the username and password when using SWR, perform the following steps: Click the username in the upper right corner, choose My Credentials > Access Keys, and click Create Access Key. You can obtain the AK and SK information from the credentials.csv file downloaded. The AK/SK file can be downloaded only once. Keep it secure. For more details about access keys, seeAccess Keys. Log in to a Linux computer and run the following command to obtain the login key ($AK and $SK are the AK/SK obtained in the previous step.): printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//' The username is Regional project name@AK, for example, ap-southeast-3@***. The password is the login key obtained in 2.
   Label	Label of the secret. Enter a key-value pair and click Add.