When a self-managed Kubernetes cluster uses elastic container instances based on a virtual node (VNode) and a large amount of concurrent tasks are executed, you can use the ImageCache feature provided by Elastic Container Instance to accelerate the start of pods. Before you use the ImageCache feature, you must deploy a custom resource definition (CRD) for ImageCache in the self-managed Kubernetes cluster. This topic describes how to deploy an ImageCache CRD.
Prerequisites
A VNode is deployed on the self-managed Kubernetes cluster.
If the self-managed Kubernetes cluster is deployed in a data center, the data center is connected to Alibaba Cloud.
Procedure
Prepare the YAML file which is used to deploy the ImageCache CRD.
vim imagecache-crd.yamlThe following code provides the content of the imagecache-crd.yaml. Replace the parameters that are marked with
TODOwith your actual values.NoteIf you must pull public images to use the ImageCache feature, the VPC in which the configured vSwitch resides must have the Internet access capability and the security group must allow Internet access.
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: imagecaches.eci.alibabacloud.com spec: group: eci.alibabacloud.com scope: Cluster names: plural: imagecaches singular: imagecache kind: ImageCache listKind: ImageCacheList shortNames: - imc categories: - all versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Id type: string jsonPath: .status.imageCacheId - name: Phase type: string jsonPath: .status.phase - name: Progress type: string jsonPath: .status.progress schema: openAPIV3Schema: type: object required: - spec description: "Imagecache is an image acceleration capability provided by alibabacloud" properties: status: type: object required: - phase - progress properties: events: type: array nullable: true items: type: object properties: name: type: string message: type: string type: type: string timestamp: type: string nullable: true phase: type: string default: Pending reason: type: string default: "" progress: type: string default: "0%" expireDateTime: type: string nullable: true startTime: type: string nullable: true lastUpdatedTime: type: string nullable: true imageCacheId: type: string default: "" spec: type: object required: - images properties: images: type: array minItems: 1 items: type: string imagePullSecrets: type: array items: type: string default: [] imageCacheSize: type: integer default: 30 retentionDays: type: integer --- apiVersion: v1 kind: ServiceAccount metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: alibabacloud:eci:imagecache-controller rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches/status verbs: - "*" - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: alibabacloud:eci:imagecache-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: alibabacloud:eci:imagecache-controller subjects: - kind: ServiceAccount name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: alibabacloud-eci-imagecache-secret namespace: kube-system type: Opaque stringData: ACCESS_KEY: "***" # TODO: Your Alibaba Cloud AccessKey ID. SECRET_KEY: "***" # TODO: Your Alibaba Cloud AccessKey secret. --- apiVersion: apps/v1 kind: Deployment metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system labels: app: eci-imagecache-controller spec: selector: matchLabels: app: eci-imagecache-controller replicas: 1 template: metadata: labels: app: eci-imagecache-controller spec: dnsPolicy: ClusterFirst restartPolicy: Always serviceAccount: alibabacloud-eci-imagecache-controller containers: - name: imagecache-controller imagePullPolicy: Always image: registry.cn-hangzhou.aliyuncs.com/eci-release/imagecache-controller:1.0.0 command: - /imagecache args: - --provider - eci env: - name: CLUSTER_ID value: "unique-cluster-id" # TODO: The ID of the cluster. It must be unique within an Alibaba Cloud account. This parameter is required. - name: REGION_ID value: "cn-beijing" # TODO: The ID of the Alibaba Cloud region. The ID must be the ID of the region in which the VNode resides. This parameter is required. - name: RESOURCE_GROUP_ID value: "" # TODO:value: "" # The ID of the Alibaba Cloud resource group. This parameter is optional. - name: SECURITY_GROUP_ID value: "sg-***" # TODO: The ID of the Alibaba Cloud security group. This parameter is required. - name: VSWITCH_IDS value: "vsw-*******" # TODO: The IDs of the Alibaba Cloud vSwitches. Separate multiple IDs with commas (,). This parameter is required. - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name envFrom: - secretRef: name: alibabacloud-eci-imagecache-secretDeploy the ImageCache CRD.
kubectl create -f imagecache-crd.yamlView the deployment result.
View the status of the pod.
kubectl get pod -n kube-systemThe following command output is expected to return:
NAME READY STATUS RESTARTS AGE alibabacloud-eci-imagecache-controller-8857984bd-2lnhs 1/1 Running 1 7s ......View the ImageCache CRD.
kubectl get crd imagecaches.eci.alibabacloud.comThe following command output is expected to return:
NAME CREATED AT imagecaches.eci.alibabacloud.com 2022-09-01T07:12:47Z