In typical scenarios where you create a container by using an image, you must download and decompress the package of the image. To start the container, all the resources of the image must be loaded. This usually takes a long time. However, you may need only specific resources of the image to start the container. Container Registry Enterprise Edition allows you to load resources of a container image on demand by deploying an accelerated version of the container image in your system. You can decompress the image package online without the need to download the image package. This accelerates the distribution of application artifacts and provides great elasticity. This topic describes how to load resources of a container image on demand.

Prerequisites

  • An Alibaba Cloud Container Service for Kubernetes (ACK) cluster is created. For more information, see Create a cluster of ACK Managed Edition.
    Note When you create the ACK cluster, set the Container Runtime parameter to Docker 19.03.5. In addition, select Aliyun Linux 2.1903 or CentOS 7.7 as the operating system of the worker nodes in the ACK cluster.
  • A Container Registry Enterprise Edition instance is created. For more information, see Create a Container Registry Enterprise Edition instance.
  • The ACK cluster and the Container Registry Enterprise Edition instance are deployed in the same virtual private cloud (VPC). Accelerated images must be used in VPCs. For more information, see Configure access over VPCs.

Enable image acceleration

You can enable image acceleration for a repository. This way, each image that you push to the repository is automatically converted to an accelerated image. The time taken to convert an original image to an accelerated image depends on the size of the original image. The conversion does not affect the original image.
Note The accelerated image resides in the same namespace and repository as the original image. The tag of the accelerated image is in the following format: Tag of the original image_accelerated.
  1. On the management page of the Container Registry Enterprise Edition instance, choose Repositories > Repositories in the left-side navigation pane.
  2. On the page that appears, find the repository for which you want to enable image acceleration. Click the name of the repository or click Manage in the Actions column.
  3. On the Details page, click Modify Settings in the upper-right corner.
  4. In the Modify Settings dialog box, select Enable for the Accelerated Image parameter and click Ok.
    After you enable image acceleration for the repository, each image that you push to the repository is automatically converted to an accelerated image. If you want to be notified every time an image is converted to an accelerated image, you can configure an expression-based webhook for the repository. For example, you can configure the expression _accelerated$. For more information, see Webhook management.

Install the aliyun-acr-acceleration-suite component

To start a container that is created by using an accelerated image, you must install the aliyun-acr-acceleration-suite component on the worker nodes in the ACK cluster.
Note
  • To download required software packages, make sure that the worker nodes have access to the Internet.
  • Docker is restarted during the process of installing the aliyun-acr-acceleration-suite component. Technically, this does not affect your running containers.
  1. Log on to the ACK console.
  2. In the left-side navigation pane, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and select Manage System Components from the More drop-down list in the Actions column.
  4. On the Add-ons page, find the optional component aliyun-acr-acceleration-suite and click Install.
  5. In the Note message, click OK.
    On the management page of the cluster, click Workload in the left-side navigation pane. On the page that appears, click the DaemonSets tab. On the DaemonSets tab, find the DaemonSet of the aliyun-acr-acceleration-suite component and check the number of available pods in the Pods column. If all the pods are available, the installation of the component is complete.

Uninstall the aliyun-acr-acceleration-suite component

Note
  • Before you uninstall the aliyun-acr-acceleration-suite component, make sure that no container that is created by using an accelerated image is running.
  • Docker is restarted during the process of uninstalling the aliyun-acr-acceleration-suite component. Technically, this does not affect your running containers.
  1. Log on to the ACK console.
  2. On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
  3. In the left-side navigation pane, click Workload.
  4. On the page that appears, click the DaemonSets tab.
  5. On the DaemonSets tab, find the aliyun-acr-acceleration-suite component and click Edit in the Actions column.
  6. On the tab that appears, find the OPERATION variable in the Environments section. Set the value of the variable to uninstall in the Value/ValueFrom field and click Update.
    Go back to the DaemonSets tab. On the DaemonSets tab, find the DaemonSet of the aliyun-acr-acceleration-suite component and check the number of available pods in the Pods column. If all the pods are available, all the dependencies of the component are deleted.
  7. In the left-side navigation pane, choose Operations > Add-ons.
  8. On the Add-ons page, find the optional component aliyun-acr-acceleration-suite and click Uninstall.
  9. In the Note message, click OK.

Deploy an accelerated image

  1. To deploy an accelerated image, specify the VPC endpoint of the accelerated image in the YAML file of a deployment. For example, the VPC endpoint of an accelerated image is test-registry-vpc.cn-hangzhou.cr.aliyuncs.com/test/repo:v1_accelerated.
  2. Secure the access to the repository where the accelerated image resides. You can use the following methods:
    • Use the aliyun-acr-credential-helper component.
      • If the aliyun-acr-credential-helper component is configured for the ACK cluster, you can pull images without a password.
      • If the aliyun-acr-credential-helper component is not configured for the ACK cluster, we recommend that you configure the component for the cluster. For more information, see Use aliyun-acr-credential-helper to pull images without a password.
    • Create a Secret on the command line.
      Run the following command to create a Secret of the kubernetes.io/dockerconfigjson type. The name of the Secret must start with acr-credential-.
      kubectl create secret docker-registry acr-credential-test --docker-server=RegistryVpcDomain --docker-username=UserName --docker-password=Password
  3. Deploy the accelerated image to the ACK cluster.
    kubectl apply -f xxx.yaml