You can use the P2P acceleration feature in on-premises clusters and clusters in third-party clouds to accelerate image pulling and reduce the time used to deploy applications. This topic describes how to use the P2P acceleration feature in on-premises clusters and clusters in third-party clouds.

Prerequisites

  • A Container Registry Enterprise Edition instance is created. The Container Registry Enterprise Edition instance must be of the standard or advanced edition. For more information, see Create a Container Registry Enterprise Edition instance.
  • The Container Registry Enterprise Edition instance is configured to allow access from an on-premises cluster or a cluster in third-party clouds over the Internet and the whitelist is configured for the instance. For more information, see Configure access over the Internet.
  • The following operations are performed in the environment where you run commands:
    • Install Helm. For more information, see Helm.
    • Install the kubectl client and use kubectl to access the cluster.

Procedure

  1. Run the following commands to install the P2P component by using Helm:
    export ACR_INSTANCE_REGION="<region of acr instance >"
    export ACR_INSTANCE_ID="<id of acr instance >"
    export ALIYUN_AK="<aliyun access key>"
    export ALIYUN_SK="<aliyun access key secret >"
    export P2P_CHART="https://aliacs-k8s-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/app/charts-incubator/ack-acr-acceleration-p2p-0.2.2.tgz"
    
    helm install ack-acr-acceleration-p2p $P2P_CHART -n aliyun-acr-acceleration --create-namespace \
      --set region=$ACR_INSTANCE_REGION \
      --set accessKey=$ALIYUN_AK \
      --set accessKeySecret=$ALIYUN_SK \
      --set p2p.registryInstances=$ACR_INSTANCE_ID \
      --set pullImageInternet=true \
      --set p2p.plusMode.enable=true
    During installation, you can add the following parameter settings based on your requirements:
    # The retention period of the data cached by the registry-mirror component. The default retention period is 24 hours. You can change the value based on the disk capacity of nodes. 
    --set p2p.plusMode.cacheTTL=<custom time>
    
    # The path to which the data is cached by the registry-mirror component on the host. 
    # If this parameter is not specified, the cache will be lost when the registry-mirror container restarts. 
    --set p2p.plusMode.cacheHostPath=<host path>
    
    # The transfer acceleration feature of Object Storage Service (OSS) is enabled during the pull from origin over the Internet. This feature is applicable to scenarios where the Internet is unstable. For example, you can enable this feature when images are pulled across regions over the Internet. 
    # Before the configuration, make sure that the transfer acceleration feature is enabled in the OSS console. 
    --set p2p.plusMode.ossInternetAccelerate=true
    
    # A value of source indicates that images are downloaded from the registry-mirror component or a registry in the cloud. In this case, the scheduler component is not deployed to your cluster. 
    --set p2p.plusMode.downloadPattern=source
    
    # The scheduler and registry-mirror components are deployed on a specified node.
    # Before the configuration, you must add the following label to the node: k8s.aliyun.com/p2p-plus-node=true.
    --set p2p.plusMode.nodeSelectorEnable=true
  2. Enable P2P acceleration.
    You can add the P2P acceleration label to workloads such as pods and Deployments to enable P2P acceleration for these workloads. You can also add the P2P acceleration label to a namespace in your cluster. This way, P2P acceleration is enabled for all workloads that meet acceleration conditions in this namespace. This way, you do not need to modify the YAML files of specific workloads to enable P2P acceleration. Select a method to add the P2P acceleration label based on your business requirements.
    Note The name of the P2P acceleration label is k8s.aliyun.com/image-accelerate-mode and the value is p2p.
    • Add the P2P acceleration label to a workload
      In this example, add the P2P acceleration label to a Deployment. Run the following command to edit the YAML file of the Deployment:
      kubectl edit deploy <Deployment name>
      Add the label k8s.aliyun.com/image-accelerate-mode: p2p to the YAML file of the Deployment.
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: test
        labels:
          app: nginx
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: nginx
        template:
          metadata:
            labels:
              # enable P2P
              k8s.aliyun.com/image-accelerate-mode: p2p
              app: nginx
          spec:
            # your ACR instacne image pull secret
            imagePullSecrets:
            - name: test-registry
            containers:
            # your ACR instacne image
            - image: test-registry-vpc.cn-hangzhou.cr.aliyuncs.com/docker-builder/nginx:latest
              name: test
              command: ["sleep", "3600"]
    • Add the P2P acceleration label to a namespace

      Run the following command to add a P2P acceleration label to a namespace:

      kubectl label namespaces <your-namespace> k8s.aliyun.com/image-accelerate-mode=p2p
  3. Verify P2P acceleration.
    After P2P acceleration is enabled for a pod, the P2P component automatically adds P2P-related information to the YAML file of the pod. The information includes P2P-related annotations, the address of the P2P-accelerated image, and the Secret for pulling the P2P-accelerated image.
    Notice
    • If no image from a Container Registry Enterprise Edition instance is specified in the original YAML file of the pod, the P2P component does not add the preceding information to the file. If no Secrete for pulling an image from a Container Registry Enterprise Edition instance in regular mode is configured, the P2P component also does not add the preceding information.
    • The Secret for pulling a P2P-accelerated image and the Secret for pulling the original image are different only in the domain name of the image repository. Other configurations of the two Secrets are the same. If the user information is invalid in the Secret for pulling the original image, the P2P-accelerated image also fails to be pulled.

    Run the following command to view the YAML file of the pod:

    kubectl get po <Pod name> -oyaml

    Expected output:

    apiVersion: v1
    kind: Pod
    metadata:
      annotations:
        # inject p2p-annotations automatically
        k8s.aliyun.com/image-accelerate-mode: p2p
        k8s.aliyun.com/p2p-config: '...'
    spec:
      containers:
       # inject image to p2p endpoint
       - image: test-registry-vpc.distributed.cn-hangzhou.cr.aliyuncs.com:65001/docker-builder/nginx:latest
      imagePullSecrets:
      - name: test-registry
      # inject image pull secret for p2p endpoint
      - name: acr-credential-test-registry-p2p

    If P2P-related annotations, the address of the P2P-accelerated image, and the Secret for pulling the P2P-accelerated image exist in the YAML file, P2P acceleration is enabled.

  4. Optional:Run the following command to modify the parameters of the P2P component based on your requirements:
    helm upgrade ack-acr-acceleration-p2p $P2P_CHART -n aliyun-acr-acceleration \
      --set p2p.plusMode.cacheTTL=72h
  5. Optional:Run the following command to uninstall the P2P component:
    helm uninstall ack-acr-acceleration-p2p -n aliyun-acr-acceleration