All Products
Search
Document Center

Annotations supported by image caches

Last Updated: Dec 03, 2021

If you want to accelerate the creation of pods in a Kubernetes cluster, you can use the image cache feature in the manner of CustomResourceDefinition (CRD) that is provided by Kubernetes. When you create an image cache, you can add annotations based on your business requirements. This topic describes the annotations that are supported by image caches and provides configuration examples.

Annotations supported by image caches

The following table describes the annotations that are supported by image caches.

Parameter

Example

Description

k8s.aliyun.com/vswitch-ids

"vsw-bp1dktddjsg5nktv****,vsw-bp1xpiowfm5vo8o3c****"

Specifies the IDs of vSwitches. You can specify multiple vSwitches to implement the multi-zone feature. If you do not specify this parameter, the ID of the vSwitch configured in the configuration file of the elastic container instance is used.

k8s.aliyun.com/security-group-id

"sg-bp1dktddjsg5nktv****"

Specifies the ID of the security group. If you do not specify this parameter, the ID of the security group configured in the configuration file of the elastic container instance is used.

k8s.aliyun.com/acr-instance-ids

"cri-j36zhodptmyq****"

Specifies the IDs of Alibaba Cloud Container Registry (ACR) Enterprise Edition instances. These instances are used to pull images without the need to use passwords.

k8s.aliyun.com/imc-enable-reuse

"true"

Specifies whether to enable the image cache reuse feature. If you enable this feature and the image cache that you want to create contains duplicate image layers, the system reuses the image layers to create a new image cache. This accelerates the creation of image caches.

k8s.aliyun.com/imc-enable-flash

"true"

Specifies whether to enable the instant image cache feature. If you enable this feature, the system creates an instant local snapshot. This reduces the time required to create the image cache. You are charged for the instant local snapshots that are created when you enable the instant image cache feature.

k8s.aliyun.com/eip-instance-id

"eip-bp1q5n8cq4p7f6dzu****"

Specifies the ID of the elastic IP address (EIP) that is associated with the elastic container instance. If no NAT gateway is configured, you can associate an existing EIP with the elastic container instance to pull images over the Internet.

k8s.aliyun.com/auto-create-eip

"true"

Specifies whether to automatically create an EIP and associate the EIP with the elastic container instance. If this parameter is set to true and no NAT gateway is configured, the system creates an EIP and associates the EIP with the elastic container instance to pull images over the Internet.

k8s.aliyun.com/eip-bandwidth

"5"

Specifies the bandwidth limit for the EIP when the system creates an EIP.

k8s.aliyun.com/eip-internet-charge-type

PayByBandwidth

Specifies the billing method for network usage of the EIP when the system creates an EIP. Valid values:

  • PayByBandwidth

  • PayByTraffic

k8s.aliyun.com/eip-isp

BGP

Specifies the line type of the EIP when the system creates an EIP. This parameter is suitable only for pay-as-you-go EIPs. Valid values:

  • BGP: BGP (Multi-ISP) line

  • BGP_PRO: BGP (Multi-ISP) Pro line

k8s.aliyun.com/eip-common-bandwidth-package-id

"cbwp-2zeukbj916scmj51m****"

Specifies the ID of the EIP bandwidth plan.

Create an image cache in multiple zones

When you create an image cache, the system creates a temporary elastic container instance. To prevent the error in which the image cache cannot be created due to insufficient elastic container instances in the specified zone, you can use the multi-zone feature by specifying multiple vSwitches.

Note

When you create an image cache, the vSwitch configured in the configuration file of the elastic container instance is used. If multiple zones are configured in the configuration file of the elastic container instance, you do not need to specify vSwitches.

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: imagecache-sample
  annotations:
    k8s.aliyun.com/vswitch-ids: "vsw-bp1dktddjsg5nktv****,vsw-bp1xpiowfm5vo8o3c****" #Configure multiple vSwitches.
spec:
  images:
  - centos:latest
  - busybox:latest
  imagePullSecrets:
  - default:secret1
  - default:secret2
  - kube-system:secret3
  imageCacheSize:
   25
  retentionDays:
   7

Configure a security group

By default, the security group that you configured in the configuration file of the elastic container instance is used when you create an image cache. You can configure a security group based on your business requirements.

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: imagecache-sample
  annotations:
    k8s.aliyun.com/security-group-id: "sg-bp1dktddjsg5nktv****"      #Configure a security group.
spec:
  images:
  - centos:latest
  - busybox:latest
  imagePullSecrets:
  - default:secret1
  - default:secret2
  - kube-system:secret3
  imageCacheSize:
   25
  retentionDays:
   7

Pull ACR images without the need to use passwords

ACR is a secure platform that allows you to manage and distribute cloud-native artifacts that meet the standards of Open Container Initiative (OCI) in an efficient manner. The artifacts include container images and Helm charts. ACR can be integrated into Alibaba Cloud Container Service for Kubernetes (ACK) to support end-to-end acceleration features and accelerate the creation of large images by using multiple code sources. For more information about ACR, see What is Container Registry?

If you use an ACR Enterprise Edition instance to manage your images, you can configure the ACR Enterprise Edition instance and then create an image cache to pull images from the ACR instance without the need to use passwords.

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: imagecache-sample
  annotations:
    k8s.aliyun.com/acr-instance-ids: "cri-j36zhodptmyq****" #Configure an ACR Enterprise Edition instance.
spec:
  images:
  - centos:latest
  - busybox:latest
  imagePullSecrets:
  - default:secret1
  - default:secret2
  - kube-system:secret3
  imageCacheSize:
   25
  retentionDays:
   7

Enable image cache reuse

The time required to create an image cache is calculated based on factors such as the image size and network conditions. You can enable the image cache reuse feature to reduce the time required to create an image cache.

After you enable the image cache reuse feature, the system matches existing image caches when you create an image cache. If an existing image cache contains the image layer that you want to use, the system reuses the image layer of the existing image cache. This accelerates the creation of the image cache.

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: imagecache-sample
  annotations:
    k8s.aliyun.com/imc-enable-reuse: "true" #Enable image cache reuse.
spec:
  images:
  - centos:latest
  - busybox:latest
  imagePullSecrets:
  - default:secret1
  - default:secret2
  - kube-system:secret3
  imageCacheSize:
   25
  retentionDays:
   7

Enable instant image cache

The time required to create an image cache is calculated based on factors such as the image size and network conditions. You can enable the instant image cache feature to reduce the time required to create an image cache.

After you enable the instant image cache feature, the system creates a temporary local snapshot when you create an image cache. After the local snapshot is created, the image cache is available for use.

Note

  • You are charged based on the size of the local snapshot and the number of times that the local snapshot is used. The fee for a local snapshot is calculated by using the following formula: The fee = Unit price per time × 1 time + Unit price of an instant snapshot × Snapshot size × Usage duration.

  • After the local snapshot is created, the system creates a regular snapshot. After the regular snapshot is created, the system deletes the local snapshot.

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: imagecache-sample
  annotations:
    k8s.aliyun.com/imc-enable-flash: "true" #Enable instant image cache.
spec:
  images:
  - centos:latest
  - busybox:latest
  imagePullSecrets:
  - default:secret1
  - default:secret2
  - kube-system:secret3
  imageCacheSize:
   25
  retentionDays:
   7

Configure an EIP to pull images over the Internet

EIPs are public IP addresses that you can purchase and use as independent resources. When an EIP is associated with a cloud resource, the cloud resource can use the EIP to connect to the Internet. For more information about EIPs, see What is an EIP?

When you create an image cache, make sure that you are connected to the Internet before you pull images over the Internet. You can be connected to the Internet by configuring a NAT gateway or configuring an EIP. If your virtual private cloud (VPC) is not associated with a NAT gateway, you can configure an EIP to pull images over the Internet. You can use one of the following methods to configure an EIP.

Note

When you create an image cache, the system creates a temporary elastic container instance and associates the EIP with the elastic container instance. If you use an existing EIP, the EIP is retained after the image cache is created. If the system creates an EIP and associates the EIP with the elastic container instance, the EIP and the elastic container instance are released after the image cache is created.

  • Associate an existing EIP with the elastic container instance

    apiVersion: eci.alibabacloud.com/v1
    kind: ImageCache
    metadata:
      name: imagecache-sample
      annotations:
        k8s.aliyun.com/eip-instance-id: "eip-bp1q5n8cq4p7f6dzu****" #Associate an existing EIP with the elastic container instance.
    spec:
      images:
      - centos:latest
      - busybox:latest
      imagePullSecrets:
      - default:secret1
      - default:secret2
      - kube-system:secret3
      imageCacheSize:
       25
      retentionDays:
       7
  • Automatically create an EIP and associate the EIP with the elastic container instance

    apiVersion: eci.alibabacloud.com/v1
    kind: ImageCache
    metadata:
      name: imagecache-sample
      annotations:
        k8s.aliyun.com/auto-create-eip: "true"   #Automatically create an EIP and associate the EIP with the elastic container instance.
        k8s.aliyun.com/eip-bandwidth: "10" #s Specify the bandwidth limit for the EIP.
        k8s.aliyun.com/eip-internet-charge-type: PayByBandwidth #Specify the billing method for network usage of the EIP.
        k8s.aliyun.com/eip-common-bandwidth-package-id: "cbwp-2zeukbj916scmj51m****" #Use an EIP bandwidth plan.
    spec:
      images:
      - centos:latest
      - busybox:latest
      imagePullSecrets:
      - default:secret1
      - default:secret2
      - kube-system:secret3
      imageCacheSize:
       25
      retentionDays:
       7