Scenario
When deploying and updating business applications using container images, the traditional approach involves downloading the full container image data and decompressing it. This not only results in longer container startup times but may also cause significant network and disk read/write pressure due to large cluster sizes, leading to large-scale container deployments that do not meet expectations. In reality, only a portion of the container image data may be used during container startup.
TCR Enterprise Edition supports on-demand loading, allowing you to use the accelerated image version in your business deployments. This eliminates the need for full image data downloads and online decompression, significantly improving application distribution efficiency and providing an exceptional elastic experience. This article explains how to load container images on-demand.
Preparations
You have created a container cluster. Currently, the on-demand loading feature is available only for Tencent Cloud TKE clusters that meet the following requirements:
The cluster Kubernetes version is 1.16 or later.
The cluster runtime component is containerd with version 1.4.3. Existing clusters can modify the runtime configuration to containerd 1.4.3, and the nodes added after the adjustment will use this version by default.
The cluster operating system is Ubuntu, TencentOS, or CentOS. If using CentOS, you need to execute
yum install -y fuse on the cluster nodes to install the fuse application.You have purchased an Enterprise Edition instance. The on-demand loading of container images is currently available only for premium instances.
The container cluster's VPC is connected to the TCR Enterprise Edition instance, allowing cluster nodes to access images within the instance over the private network. For specific configuration, refer to Configuring Private Network Access Control.
Preparing accelerated images
Enabling image acceleration
1. Log in to the TCR console and click Image Acceleration in the left sidebar.
2. On the Image Acceleration page, select the region and name of the instance for which image acceleration is to be enabled, and you can view the status of the current instance image acceleration and the list of image acceleration rules.
3. Click Enable Image Acceleration. In the "Activate Image Acceleration Service" window, please read the related prompts carefully.
Once image acceleration is enabled, a new OCI format compatible accelerated image is generated after you upload a container image that complies with the acceleration rules.
Note that after this feature is enabled and used, storing both general and accelerated images will incur additional image storage costs.
4. Click Conform.
Adding an image acceleration rule
1. Click Add Image Acceleration Rule. In the "New Image Acceleration Rule" window, configure the rule according to the following instructions.
Name: Rule name.
Description: Rule description.
Triggering Rule:
Triggered Instance: The currently selected instance is the triggered instance.
Namespace: Namespace whose distribution needs to be accelerated within the current instance. Currently, you cannot select all namespaces.
Repository Name: Accelerated repository, supporting regular expression filtering. If not specified, all repositories within the namespace are selected by default.
Tag: Accelerated tag. You can use a regular expression to filter tags. If this parameter is not specified, all tags in the repositories that meet the requirements are selected by default.
Validation Rule: Enter the address of the image to be accelerated to verify whether the image under the current rule meets the acceleration criteria.
2. Click OK to add an image acceleration rule for the current instance.
Pushing the image and automatically converting it
After successfully adding a rule, you can view the added image acceleration rule on the "Image Acceleration" page. Ensure that the rule status is enabled, and push a new container image to the image repository that meets the rule. This will automatically trigger the accelerated image format conversion, generating an accelerated image with the -apparate suffix. The default image artifact type is Docker-Image, and the converted image artifact type is OCI-Image-v1.
Deploying an Acceleration Image
Tencent Kubernetes Engine (TKE) is a Kubernetes managed service that works closely with TCR. You can install the TCR acceleration application in a TKE cluster and deploy an acceleration image to increase the business startup speed.
Configuring cluster nodes
Cluster nodes do not support acceleration images by default. To enable a cluster node to use an acceleration image with priority, add the image acceleration label to the cluster node via the CLI or TKE console.
Run the following command to add the image acceleration label to a cluster node:
kubectl label node xxx cloud.tencent.com/apparate=true
1. Log in to the TKE console and select Cluster in the left sidebar.
2. On the Cluster Management page, click the ID of the cluster that requires image acceleration for distribution to go to the cluster details page.
3. Select the ID/name of the cluster for which to set the node label to go to the cluster details page.
4. In the left sidebar, select Node Management > Nodes to go to the Node List page.
5. Choose More > Edit Label on the right of the target node.
6. In the "Edit Label" pop-up window, set the Label to
cloud.tencent.com/apparate=true and click Submit.Installing the acceleration application
By default, clusters do not support the use of accelerated images. You need to install the TCR Acceleration Suite application in the cluster. After installing the TCR Acceleration Suite application, nodes marked to support accelerated image deployment will automatically deploy the daemonset and can load accelerated images normally.
When installing the TCR Acceleration Suite application and adding new nodes with the cloud.tencent.com/apparate=true label, the nodes will also automatically deploy the daemonset and can deploy accelerated images normally.
Installing the TCR acceleration suite application via CLI
1. Install the Helm V3 CLI. For more information, see Using the Helm client to upload and download Helm Charts.
2. Add the Helm repository and pull the TCR acceleration application Chart package.
helm repo add tcr-helm-public https://helmhub.tencentcloudcr.com/chartrepo/publichelm pull tcr-helm-public/apparate --version 1.0.0
3. Decompress the downloaded Chart package and modify
values.yaml.tar -xzvf apparate-1.0.0.tgzvim apparate/values.yaml
Configure the following parameters:
3.1 imagePullSecretsCrs: This configuration is used for pulling accelerated images. Please modify the dockerUsername, dockerPassword, and dockerServer fields, filling in the Enterprise Edition instance's username, password, and access domain, respectively.
3.2 Image: Keep the default setting, which is used for pulling basic images when installing applications in the cluster. If the cluster is deployed outside of mainland China, you can change it to the access domain name of the Personal Edition image repository in the corresponding region.
4. Build the Chart package again and install it to the specified cluster.
helm package apparate/helm install apparate apparate-1.0.0.tgz
Before executing helm install, you need to pre-configure the cluster's access credentials locally. For more information, refer to: Connecting the Local Helm Client to the Cluster.
5. Go to the Cluster Applications page and confirm the application's installation status and configuration.
Deploying an Acceleration Image
When creating a workload, select an image within the current instance. Only when the following conditions are met, the cluster loads the image on demand to quickly start the container:
The container image specified for the workload is a converted acceleration image, such as
nginx:latest-apparate, and its artifact type is OCI-Image-v1.The image acceleration label
cloud.tencent.com/apparate=true is added to the node to which the workload Pod is scheduled.Hence, when creating a workload, please select the accelerated image version and add a nodeSelector with the value
cloud.tencent.com/apparate=true. This will ensure that the workload is scheduled on nodes that support accelerated images, enabling faster startup.FAQs Overview
Can I delete regular and accelerated images?
Yes. When both regular and accelerated images exist in the repository, deleting one will not affect the pull and deployment of the other.
What should I do if no accelerated image is generated automatically after image push?
First, check if the image matches the existing acceleration rules. If you are sure that the image meets the acceleration rules in the enabled state, you can consult Smart Customer Service or Online Consultation for help.