自建Kubernetes叢集通過部署VNode來使用ECI時,在業務並發量大、對ECI Pod啟動速度有要求的情境下,可以通過ECI的鏡像緩衝(即ImageCache)功能來加快Pod啟動速度。使用鏡像緩衝功能前,您需要在自建Kubernetes叢集中部署ImageCache CRD。本文介紹如何部署ImageCache CRD。
前提條件
自建Kubernetes叢集中已部署VNode。
如果您的Kubernetes叢集部署線上下IDC,請確保已打通IDC與阿里雲的網路。
操作步驟
準備部署ImageCache CRD的YAML檔案。
vim imagecache-crd.yamlimagecache-crd.yaml的內容如下,配置時,需根據實際情況修改標有
TODO的配置項。說明如果鏡像緩衝需要拉取公網鏡像,配置的交換器所屬的VPC必須具有公網訪問能力,且安全性群組需開放公網存取權限。
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: imagecaches.eci.alibabacloud.com spec: group: eci.alibabacloud.com scope: Cluster names: plural: imagecaches singular: imagecache kind: ImageCache listKind: ImageCacheList shortNames: - imc categories: - all versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Id type: string jsonPath: .status.imageCacheId - name: Phase type: string jsonPath: .status.phase - name: Progress type: string jsonPath: .status.progress schema: openAPIV3Schema: type: object required: - spec description: "Imagecache is an image acceleration capability provided by alibabacloud" properties: status: type: object required: - phase - progress properties: events: type: array nullable: true items: type: object properties: name: type: string message: type: string type: type: string timestamp: type: string nullable: true phase: type: string default: Pending reason: type: string default: "" progress: type: string default: "0%" expireDateTime: type: string nullable: true startTime: type: string nullable: true lastUpdatedTime: type: string nullable: true imageCacheId: type: string default: "" spec: type: object required: - images properties: images: type: array minItems: 1 items: type: string imagePullSecrets: type: array items: type: string default: [] imageCacheSize: type: integer default: 30 retentionDays: type: integer --- apiVersion: v1 kind: ServiceAccount metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: alibabacloud:eci:imagecache-controller rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches/status verbs: - "*" - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: alibabacloud:eci:imagecache-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: alibabacloud:eci:imagecache-controller subjects: - kind: ServiceAccount name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: alibabacloud-eci-imagecache-secret namespace: kube-system type: Opaque stringData: ACCESS_KEY: "***" # TODO: 阿里雲使用者 AccessKey SECRET_KEY: "***" # TODO: 阿里雲使用者 SecretKey --- apiVersion: apps/v1 kind: Deployment metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system labels: app: eci-imagecache-controller spec: selector: matchLabels: app: eci-imagecache-controller replicas: 1 template: metadata: labels: app: eci-imagecache-controller spec: dnsPolicy: ClusterFirst restartPolicy: Always serviceAccount: alibabacloud-eci-imagecache-controller containers: - name: imagecache-controller imagePullPolicy: Always image: registry.cn-hangzhou.aliyuncs.com/eci-release/imagecache-controller:1.0.0 command: - /imagecache args: - --provider - eci env: - name: CLUSTER_ID value: "unique-cluster-id" # TODO: 阿里雲帳號內,必須保證不同叢集ID唯一,必填 - name: REGION_ID value: "cn-beijing" # TODO: 阿里雲地區ID,需要與虛擬節點同地區,必填 - name: RESOURCE_GROUP_ID value: "" # TODO: 阿里雲資源群組ID,可選 - name: SECURITY_GROUP_ID value: "sg-***" # TODO: 阿里雲安全性群組ID,必填 - name: VSWITCH_IDS value: "vsw-*******" # TODO: 阿里雲虛擬交換器ID,可以設定多個,用半形逗號分隔,必填 - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name envFrom: - secretRef: name: alibabacloud-eci-imagecache-secret部署ImageCache CRD。
kubectl create -f imagecache-crd.yaml查看部署結果。
查看Pod情況。
kubectl get pod -n kube-system預期返回:
NAME READY STATUS RESTARTS AGE alibabacloud-eci-imagecache-controller-8857984bd-2lnhs 1/1 Running 1 7s ......查看ImageCache CRD。
kubectl get crd imagecaches.eci.alibabacloud.com預期返回:
NAME CREATED AT imagecaches.eci.alibabacloud.com 2022-09-01T07:12:47Z