When you create a container by using an image, the system typically downloads and decompresses the whole package of the image. To start the container, the system must load all the resources of the image. This usually takes a long time. Container Registry can reduce the start time of a container by loading only essential resources. You can use Container Registry Enterprise Edition to deploy an accelerated version of a container image. The accelerated version allows the system to load only the essential resources and decompress the image package online without the need to download the image package. This accelerates the distribution of application artifacts and provides high elasticity. This topic describes how to load resources of a container image on demand.

Prerequisites

  • A Container Service for Kubernetes (ACK) cluster is created. For more information, see Create an ACK managed cluster.
    Note Only managed and dedicated Kubernetes clusters of Kubernetes 1.16.9 or later support accelerated images. When you create the cluster, set the container runtime to Docker and select one of the following operating systems: Aliyun Linux 2.1903, CentOS 7.6, CentOS 7.7, CentOS 7.8, and CentOS 7.9.
  • A Container Registry Enterprise Edition instance is created. For more information, see Create a Container Registry Enterprise Edition instance.
    Note The Container Registry Enterprise Edition instance must be of Standard Edition or Advanced Edition.
  • The ACK cluster and the Container Registry Enterprise Edition instance are deployed in the same virtual private cloud (VPC). Accelerated images must be used in VPCs. For more information, see Configure access over VPCs.

Background information

You can use Container Registry Enterprise Edition to deploy an accelerated version of a container image. The accelerated version allows the system to load only the essential resources and decompress the image package online without the need to download the image package. This accelerates the distribution of application artifacts and provides high elasticity. The effect of image acceleration depends on factors such as the image size and the network conditions of the image repository. In a test, it takes 36s to pull the NodeBB image (1.34 GB) from Docker Hub. It takes a total of 38s to start an application based on this image. It takes only 4s to pull an accelerated image for NodeBB. In total, it takes 9s to start an application based on the accelerated image.

Supported regions

Only the following regions support the on-demand image loading feature: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Shenzhen), China (Hong Kong), Singapore (Singapore), US (Silicon Valley), and US (Virginia).

Enable image acceleration

You can enable image acceleration for a repository. This way, each image pushed to the repository is automatically converted to an accelerated image. The time required to convert an original image to an accelerated image depends on the size of the original image. The conversion does not affect the original image.
Note The accelerated image resides in the same namespace and repository as the original image. The tag of the accelerated image is that of the original image suffixed with _accelerated.
  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Repositories in the left-side navigation pane.
  6. On the Repositories page, find the repository for which you want to enable image acceleration. Click the name of the repository or click Manage in the Actions column.
  7. On the page that appears, click Edit in the upper-left corner.
  8. In the Modify Settings dialog box, select Enable for the Accelerated Image parameter and click Confirm.
    After you enable image acceleration for the repository, each image that you push to the repository is automatically converted to an accelerated image. If you want to be notified every time an image is converted to an accelerated image, you can configure an expression-based webhook for the repository. For example, the expression can be _accelerated$. For more information, see Manage webhooks.

Install the aliyun-acr-acceleration-suite component

To start a container by using an accelerated image, you must install the aliyun-acr-acceleration-suite component on the worker nodes in the ACK cluster.

  1. Attach the image acceleration label to nodes.
    When you create worker nodes, you can attach the alibabacloud.com/image-accelerate-enabled: true label to the nodes to enable image acceleration when the nodes are initialized. If you attach the label to existing nodes, the label does not take effect. After the image acceleration label is configured, the image storage plug-in is automatically installed when the nodes are initialized.
    Note Accelerated containers must be run on accelerated nodes. Accelerated nodes support both common containers and accelerated containers.
    • Attach the image acceleration label when you create the cluster.

      You can set the Label parameter to alibabacloud.com/image-accelerate-enabled: true when you create the cluster. For more information, see Create an ACK managed cluster.

    • Attach the image acceleration label when nodes are scaled out.
      You can set the Node Label parameter to alibabacloud.com/image-accelerate-enabled: true when you scale out nodes. For more information, see Scale out a node pool.
      Note You can create a separate node pool to manage the nodes that support accelerated images.
    • Attach the image acceleration label when existing nodes are added.

      You can set the Label parameter to alibabacloud.com/image-accelerate-enabled: true when you add existing nodes. For more information, see Add existing ECS instances to an ACK cluster.

  2. Install the aliyun-acr-acceleration-suite component.
    1. Log on to the ACK console.
    2. In the left-side navigation pane of the ACK console, click Clusters.
    3. On the Clusters page, find the cluster that you want to manage and choose More > Manage System Components in the Actions column.
    4. In the Others section of the Add-ons page, find the component aliyun-acr-acceleration-suite and click Install.
    5. In the Install aliyun-acr-acceleration-suite message, click OK.
      On the management page of the cluster, choose Workloads > DaemonSets in the left-side navigation pane. On the DaemonSets page, find the DaemonSet of the aliyun-acr-acceleration-suite component and check the number of available pods. If all the pods are available, the installation of the component is complete.

Uninstall the aliyun-acr-acceleration-suite component

Note Before you uninstall the aliyun-acr-acceleration-suite component, make sure that no container that is created by using an accelerated image is running.
  1. Log on to the ACK console.
  2. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  3. In the left-side navigation pane, choose Operations > Add-ons.
  4. In the Others section of the Add-ons page, find the component aliyun-acr-acceleration-suite and click Uninstall.
  5. In the Uninstall aliyun-acr-acceleration-suite message, click OK.

Deploy an accelerated image

  1. Configure access to the repository where the accelerated image resides.
    • Configure access to the repository by using the aliyun-acr-credential-helper component.
      • If the aliyun-acr-credential-helper component has been configured for the ACK cluster and the specified information about the Container Registry Enterprise Edition is correct, you can skip this step.
      • If the aliyun-acr-credential-helper component has not been configured for the ACK cluster, you can configure the component for the cluster. For more information, see Use the aliyun-acr-credential-helper component to pull images without a password.
    • Create a Secret on the command line.
      Run the following command to create a Secret whose type is kubernetes.io/dockerconfigjson and whose name starts with acr-credential-: 
      kubectl create secret docker-registry acr-credential-test --docker-server=RegistryVpcDomain --docker-username=UserName --docker-password=Password
  2. Attach the image acceleration label.
    You can attach the image acceleration label to workloads such as pods and Deployments. You can also attach an image acceleration label to a namespace of the ACK cluster. All workloads in the namespace that meet acceleration conditions can load resources of a container image on demand. This way, you do not need to edit the YAML file for each workload. You can use the following methods to attach the image acceleration label to a specific workload or all workloads in a namespace:
    Note The name of the label is k8s.aliyun.com/image-accelerate-mode and the value of the label is on-demand.
    • Attach the image acceleration label to a workload.
      The following example shows how to attach the label to a pod. Run the following command to go to the editing page of the pod: 
      kubectl edit pod <Pod name>
      Add the label k8s.aliyun.com/image-accelerate-mode: on-demand to the YAML file of the pod. 
      apiVersion: v1
kind: Pod
metadata:
  labels:
    # enable on-demand mode
    k8s.aliyun.com/image-accelerate-mode: on-demand
  name: test
spec:
  containers:
   # your ACR instacne image
   - image: test-registry-vpc.cn-hangzhou.cr.aliyuncs.com/test/nginx:latest
     name: test
     command: ["sleep", "3600"]
    • Attach the image acceleration label to a namespace.
      • Attach the image acceleration label by using the console.
        1. Log on to the ACK console.
        2. In the left-side navigation pane, click Clusters.
        3. On the Clusters page, click the name of the cluster in which the ingress gateway service is deployed. Alternatively, click Details in the Actions column of the cluster in which the ingress gateway service is deployed.
        4. In the left-side navigation pane of the details page, click Namespaces and Quotas.
        5. On the Namespace page, find the namespace that you want to configure and click Edit in the Actions column.
        6. In the Label section of the Edit Namespace dialog box, set Variable Key to k8s.aliyun.com/image-accelerate-mode and Variable Value to on-demand, and click OK.
      • Attach the image acceleration label on the command line. 
        kubectl label namespaces <your-namespace> k8s.aliyun.com/image-accelerate-mode=on-demand
    Assume that an image is converted to an accelerated image after you configure the image acceleration label. When you create or update a pod in the namespace, the acceleration component automatically replaces the address of the original image of the pod with that of the accelerated image. The acceleration component adds nodeSelector and schedules the pod to the accelerated nodes.