In typical scenarios where you run a container by using an image, you must download
and decompress the package of the image. To start the container, all the resources
of the image must be loaded. This usually takes a long time. However, you can reduce
the start time by loading only essential resources to start the container. You can
use Container Registry Enterprise Edition to deploy an accelerated version of the
container image in your business. The accelerated version loads only the essential
resource. You can decompress the image package online without the need to download
the image package. This accelerates the distribution of application artifacts and
provides high elasticity. This topic describes how to load resources of a container
image on demand.
Prerequisites
- A Container Service for Kubernetes (ACK) cluster is created. For more information,
see Create a managed kubernetes cluster.
Note Accelerated images can be used only in managed and dedicated clusters whose version
is 1.16.9 or later. When you create clusters, set the Container Runtime parameter
to Docker 19.03.5. In addition, select Aliyun Linux 2.1903 or CentOS 7.7 as the operating
system.
- A Container Registry Enterprise Edition instance is created. For more information,
see Create a Container Registry Enterprise Edition instance.
- The ACK cluster and the Container Registry Enterprise Edition instance are deployed
in the same virtual private cloud (VPC). Accelerated images must be used in VPCs.
For more information, see Configure access over VPCs.
Background information
You can use Container Registry Enterprise Edition to deploy an accelerated version
of the container image in your business. The accelerated version loads only the essential
resource. You can decompress the image package online without the need to download
the image package. This accelerates the distribution of application artifacts and
provides high elasticity. Image acceleration depends on factors such as the image
size and the network of image repository. In the actual test, the application takes
36s to start based on the NodeBB image (1.34 GB) of Docker Hub during the image pull.
In total, the application takes 38s to start. The application takes 4s to start during
the image pull based on image acceleration. In total, the application takes 9s to
start.
Enable image acceleration
You can enable image acceleration for a repository. This way, each image pushed to
the repository is automatically converted to an accelerated image. The time required
to convert an original image to an accelerated image depends on the size of the original
image. The conversion does not affect the original image.
Note The accelerated image resides in the same namespace and repository as the original
image. The tag of the accelerated image is the same as the original image, but is
suffixed by _accelerated.
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, choose .
- On the Instance page, click the name of the Container Registry Enterprise Edition instance or click
Manage in the Actions column for the instance.
- On the management page of the instance, choose in the left-side navigation pane.
- On the page that appears, find the repository for which you want to enable image acceleration.
Click the name of the repository or click Manage in the Actions column.
- On the Details page, click Modify Settings in the upper-right corner.
- In the Modify Settings dialog box, select Enable for the Accelerated Image parameter and click Ok.
After you enable image acceleration for the repository, each image that you push to
the repository is automatically converted to an accelerated image. If you want to
be notified every time an image is converted to an accelerated image, you can configure
an expression-based webhook for the repository. For example, the expression can be
_accelerated$
. For more information, see
Webhook management.
Install the aliyun-acr-acceleration-suite component
To start a container that is created by using an accelerated image, you must install
the aliyun-acr-acceleration-suite component on the worker nodes in the ACK cluster.
- Add image acceleration labels to nodes.
When you create worker nodes, you can add the alibabacloud.com/image-accelerate-enabled:
true image acceleration label to enable image acceleration when nodes are initialized.
After the image acceleration label is configured, the image storage plug-in is automatically
installed when nodes are initialized.
Note Accelerated containers must be run on accelerated nodes. Accelerated nodes support
both common containers and accelerated containers.
- Add image acceleration labels when you create the cluster.
You can set the Label to alibabacloud.com/image-accelerate-enabled: true when you create a cluster. For
more information, see Create a managed kubernetes cluster.
- Add image acceleration labels when nodes are scaled out.
You can set
Node Label to alibabacloud.com/image-accelerate-enabled: true when you scale out nodes. For
more information, see
Scale out a node pool.
Note You can create a separate node pool to manage the nodes that have accelerate images.
- Add image acceleration labels when existing nodes are added.
You can set Label to alibabacloud.com/image-accelerate-enabled: true when you add existing nodes. For
more information, see Add existing ECS instances to an ACK cluster.
- Install the aliyun-acr-acceleration-suite component.
- Log on to the ACK console.
- In the left-side navigation pane, click Clusters.
- In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that you want to manage, and choose in the Actions column.
- On the Optional Add-ons page, find the optional component aliyun-acr-acceleration-suite and click Install.
- In the Note message, click OK.
On the management page of the cluster, click Workload in the left-side navigation pane. On the page that appears, click the DaemonSets tab. On the DaemonSets tab, find the DaemonSet of the aliyun-acr-acceleration-suite component and check
the number of available pods in the Pods column. If all the pods are available, the
installation of the component is complete.
Uninstall the aliyun-acr-acceleration-suite component
Note Before you uninstall the aliyun-acr-acceleration-suite component, make sure that no
container that is created by using an accelerated image is running.
- Log on to the ACK console.
- On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane, choose .
- On the Add-ons page, find the optional component aliyun-acr-acceleration-suite and click Uninstall.
- In the Note message, click OK.
Deploy an accelerated image
- Configure access to the repository where the accelerated image resides.
- Configure access to the repository by using the aliyun-acr-credential-helper component.
- If the aliyun-acr-credential-helper component is configured for the ACK cluster, you
can skip this step.
- If the aliyun-acr-credential-helper component is not configured for the ACK cluster,
you can configure the component for the cluster. For more information, see Use aliyun-acr-credential-helper to pull images without a password.
- Create a Secret on the command line.
Run the following command to create a Secret whose type is kubernetes.io/dockerconfigjson
and whose name starts with acr-credential-.
kubectl create secret docker-registry acr-credential-test --docker-server=RegistryVpcDomain --docker-username=UserName --docker-password=Password
- Add image acceleration labels to namespaces.
Assume that the image is converted to an accelerated image after you configure the
image acceleration label. When you create or update a pod in the namespace, the acceleration
component automatically replaces the address of the original image of the pod with
the address of the accelerated image, adds nodeSelector, and then schedules the pod
to the accelerated nodes.