When you create a container by using an image, the system typically downloads and
decompresses the whole package of the image. To start the container, the system must
load all the resources of the image. This usually takes a long time. Container Registry
can reduce the start time of a container by loading only essential resources. You
can use Container Registry Enterprise Edition to deploy an accelerated version of
a container image. The accelerated version allows the system to load only the essential
resources and decompress the image package online without the need to download the
image package. This accelerates the distribution of application artifacts and provides
high elasticity. This topic describes how to load resources of a container image on
demand.
Prerequisites
- A Container Service for Kubernetes (ACK) cluster is created. For more information,
see Create an ACK managed cluster.
Note Only managed and dedicated Kubernetes clusters of Kubernetes 1.16.9 or later support
accelerated images. When you create the cluster, set the container runtime to Docker
and select one of the following operating systems: Aliyun Linux 2.1903, CentOS 7.6,
CentOS 7.7, CentOS 7.8, and CentOS 7.9.
- A Container Registry Enterprise Edition instance is created. For more information,
see Create a Container Registry Enterprise Edition instance.
Note The Container Registry Enterprise Edition instance must be of Standard Edition or
Advanced Edition.
- The ACK cluster and the Container Registry Enterprise Edition instance are deployed
in the same virtual private cloud (VPC). Accelerated images must be used in VPCs.
For more information, see Configure access over VPCs.
Background information
You can use Container Registry Enterprise Edition to deploy an accelerated version
of a container image. The accelerated version allows the system to load only the essential
resources and decompress the image package online without the need to download the
image package. This accelerates the distribution of application artifacts and provides
high elasticity. The effect of image acceleration depends on factors such as the image
size and the network conditions of the image repository. In a test, it takes 36s to
pull the NodeBB image (1.34 GB) from Docker Hub. It takes a total of 38s to start
an application based on this image. It takes only 4s to pull an accelerated image
for NodeBB. In total, it takes 9s to start an application based on the accelerated
image.
Supported regions
Only the following regions support the on-demand image loading feature: China (Hangzhou),
China (Shanghai), China (Beijing), China (Zhangjiakou), China (Shenzhen), China (Hong
Kong), Singapore (Singapore), US (Silicon Valley), and US (Virginia).
Enable image acceleration
You can enable image acceleration for a repository. This way, each image pushed to
the repository is automatically converted to an accelerated image. The time required
to convert an original image to an accelerated image depends on the size of the original
image. The conversion does not affect the original image.
Note The accelerated image resides in the same namespace and repository as the original
image. The tag of the accelerated image is that of the original image suffixed with
_accelerated.
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, click Instances.
- On the Instances page, click the required Container Registry Enterprise Edition instance.
- On the management page of the Container Registry Enterprise Edition instance, choose
in the left-side navigation pane.
- On the Repositories page, find the repository for which you want to enable image acceleration.
Click the name of the repository or click Manage in the Actions column.
- On the page that appears, click Edit in the upper-left corner.
- In the Modify Settings dialog box, select Enable for the Accelerated Image parameter and click Confirm.
After you enable image acceleration for the repository, each image that you push to
the repository is automatically converted to an accelerated image. If you want to
be notified every time an image is converted to an accelerated image, you can configure
an expression-based webhook for the repository. For example, the expression can be
_accelerated$
. For more information, see
Manage webhooks.
Install the aliyun-acr-acceleration-suite component
To start a container by using an accelerated image, you must install the aliyun-acr-acceleration-suite
component on the worker nodes in the ACK cluster.
- Attach the image acceleration label to nodes.
When you create worker nodes, you can attach the alibabacloud.com/image-accelerate-enabled:
true label to the nodes to enable image acceleration when the nodes are initialized.
If you attach the label to existing nodes, the label does not take effect. After the
image acceleration label is configured, the image storage plug-in is automatically
installed when the nodes are initialized.
Note Accelerated containers must be run on accelerated nodes. Accelerated nodes support
both common containers and accelerated containers.
- Attach the image acceleration label when you create the cluster.
You can set the Label parameter to alibabacloud.com/image-accelerate-enabled: true when you create the
cluster. For more information, see Create an ACK managed cluster.
- Attach the image acceleration label when nodes are scaled out.
You can set the
Node Label parameter to alibabacloud.com/image-accelerate-enabled: true when you scale out nodes.
For more information, see
Scale out a node pool.
Note You can create a separate node pool to manage the nodes that support accelerated images.
- Attach the image acceleration label when existing nodes are added.
You can set the Label parameter to alibabacloud.com/image-accelerate-enabled: true when you add existing
nodes. For more information, see Add existing ECS instances to an ACK cluster.
- Install the aliyun-acr-acceleration-suite component.
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and choose in the Actions column.
- In the Others section of the Add-ons page, find the component aliyun-acr-acceleration-suite and click Install.
- In the Install aliyun-acr-acceleration-suite message, click OK.
On the management page of the cluster, choose in the left-side navigation pane. On the DaemonSets page, find the DaemonSet of the aliyun-acr-acceleration-suite component and check
the number of available pods. If all the pods are available, the installation of the
component is complete.
Uninstall the aliyun-acr-acceleration-suite component
Note Before you uninstall the aliyun-acr-acceleration-suite component, make sure that no
container that is created by using an accelerated image is running.
- Log on to the ACK console.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane, choose .
- In the Others section of the Add-ons page, find the component aliyun-acr-acceleration-suite and click Uninstall.
- In the Uninstall aliyun-acr-acceleration-suite message, click OK.
Deploy an accelerated image
- Configure access to the repository where the accelerated image resides.
- Configure access to the repository by using the aliyun-acr-credential-helper component.
- If the aliyun-acr-credential-helper component has been configured for the ACK cluster
and the specified information about the Container Registry Enterprise Edition is correct,
you can skip this step.
- If the aliyun-acr-credential-helper component has not been configured for the ACK
cluster, you can configure the component for the cluster. For more information, see
Use the aliyun-acr-credential-helper component to pull images without a password.
- Create a Secret on the command line.
Run the following command to create a Secret whose type is kubernetes.io/dockerconfigjson
and whose name starts with acr-credential-:
kubectl create secret docker-registry acr-credential-test --docker-server=RegistryVpcDomain --docker-username=UserName --docker-password=Password
- Attach the image acceleration label.
You can attach the image acceleration label to workloads such as pods and Deployments.
You can also attach an image acceleration label to a namespace of the ACK cluster.
All workloads in the namespace that meet acceleration conditions can load resources
of a container image on demand. This way, you do not need to edit the YAML file for
each workload. You can use the following methods to attach the image acceleration
label to a specific workload or all workloads in a namespace:
Note The name of the label is k8s.aliyun.com/image-accelerate-mode
and the value of the label is on-demand
.
Assume that an image is converted to an accelerated image after you configure the
image acceleration label. When you create or update a pod in the namespace, the acceleration
component automatically replaces the address of the original image of the pod with
that of the accelerated image. The acceleration component adds nodeSelector and schedules
the pod to the accelerated nodes.