Deploy applications using images from non-ACR repositories-Serverless App Engine(SAE)-阿里云帮助中心

In addition to ACR, you can deploy applications by using images from any third-party image repository, such as Docker Hub or Docker Registry. To do this, you must ensure network connectivity between your SAE application and the image repository, configure credentials to access the repository, and then provide the image repository address to deploy the application.

Prerequisites

Ensure network connectivity to the image repository

If the image repository is in the same VPC as your SAE application, no additional network configuration is required.
If the image repository is not in the VPC of your SAE application, you must establish a cross-VPC connection or enable a NAT Gateway for the application's VPC. If the image repository has access restrictions, you must also add the CIDR block of the application's VPC or the Elastic IP Address (EIP) bound to the NAT Gateway to the repository's allowlist.

How to view the VPC of an SAE application

Before you deploy an application, you must plan its region and namespace. This determines the VPC in which the application is located.

Log on to the SAE console. In the top navigation bar, select a region. In the left-side navigation pane, choose Namespaces.
Click the target namespace in the list. In the left-side navigation pane, choose Basic Information. Click the link in the VPC section to view information such as the VPC ID.

What if my SAE application is in a Chinese mainland region and cannot access an overseas image repository like Docker Hub?

Option 1: Domestic repository

Image repositories in the Chinese mainland, such as the ACR Artifact Center, may contain the image you want to deploy. For example, the address for an Nginx image is registry.openanolis.cn/openanolis/nginx:1.14.1-8.6.

Option 2: Overseas image via ACR

Pull the overseas image to your local machine, push it to ACR, and then deploy the application using an image from an ACR instance that belongs to the same account or an ACR instance that belongs to a different account.

Configure repository credentials

Create a secret to store the username and password for the image repository. On the Namespaces page, select the target region and click the target namespace. In the left-side navigation pane, choose Secrets, and then click Create.

For Type, select Image Repository Credentials.
Enter the IP address or domain name of the image repository.
Enter the Username and Password required to log on to the image repository.

Procedure

On the SAE Application List page, select the target region and namespace from the top navigation bar, and then click Create Application.
Select an application edition.
Important
The Lightweight Edition and Professional Edition are in an invite-only beta phase. If you are not part of the beta test, your application defaults to the Standard Edition, and you do not need to select an edition.
- Lightweight Edition: Provides the minimum feature set required to run an application. This edition does not support the Application Monitoring and Microservices Governance features.
- Standard Edition: Includes the Basic Application Monitoring feature. The Advanced Application Monitoring and Microservices Governance features must be enabled and purchased separately.
- Professional Edition: Includes the Advanced Application Monitoring and Microservices Governance features. They do not need to be enabled or purchased separately.
On the Create Application page, specify a custom Application Name and configure the following parameters.
1. Select a namespace type for the application. A namespace is equivalent to a Kubernetes namespace and isolates resources across different environments. You cannot change the namespace of an application after it is created. Plan your resources accordingly.
  - System Created: Uses the default namespace, vSwitch, and security group that are automatically created by the system in the current region.
  - Existing Namespace: Select a namespace, vSwitch, and security group that you created in advance.
2. Set Application Deployment Method to Select Image Deployment, and then click Specify Image on the right. On the Custom Image tab, configure the following settings.
  - Select Public Network or Private Network to access the image repository based on your network configuration.
  - If the image repository requires a username and password, select the Secret for Username and Password of Image Repository that you created earlier.
  - Enter the full Image address in the format <Image repository public or private address>:<Image Tag>, for example, nginx:1.23.1.
3. In the Capacity Settings section, configure Resource Type, Single Instance Specification, and Number of Instances.
  Resource type
  Resource Type can be set to Default or Hygon. The Hygon resource type is in an invite-only beta phase. If you are not part of the beta test, Resource Type defaults to Default, and no selection is required.
  To use Hygon resources to deploy an application, contact technical support in the DingTalk group (ID: 32874633) to enable this feature. You must also select a region and zone that support Hygon resources:
  China (Shanghai): Supports Zone B, Zone G, and Zone L.
  China (Beijing): Supports Zone H, and Zone I.
  China (Hangzhou): Supports Zone J.
(Optional) Click Next: Advanced Settings to configure additional features.
- Startup command
  The CMD or ENTRYPOINT specified in the image determines the application's startup command. No extra configuration is needed in SAE. If required, you can set a startup command to override the one in the image.
- Runtime environment and lifecycle management
  Change variables or configuration files after deployment without rebuilding the image by setting environment variables, setting host bindings, injecting configurations, and injecting secrets.
  Configure a health check to monitor whether application instances are running properly and are ready to process requests. The system automatically restarts unhealthy instances and does not route traffic to an instance until it passes the health check.
  Use application lifecycle management to customize commands that run after the application starts and before it stops, and to enable graceful shutdown.
- Network access and service invocation
  Enable service invocation between applications by using service registration and discovery. Note that if you use MSE for service registration and discovery, additional fees apply.
  Enable external access to your application by binding an NLB, binding a CLB, or configuring a gateway route. Note that NLB, CLB, and gateway routes are subject to additional charges.
  Allow your application to proactively access external resources or services by configuring a NAT Gateway or binding an EIP to an application instance. Note that NAT Gateway and EIP are subject to additional charges.
- Data persistence
  Store application data in NAS, OSS, or a database to prevent data loss when you update or stop the application. Note that NAS, OSS, and databases are subject to additional charges.
- Logging and monitoring
  After deployment, you can view real-time logs and monitor resource usage and load without extra configuration. You can also export logs to SLS or Kafka for centralized management and analysis. Note that SLS and Kafka are subject to additional charges.
  ARMS monitoring provides a comprehensive view of your application's health. It helps you quickly identify faulty or slow API calls, detect performance bottlenecks, and reproduce call parameters, which significantly improves the efficiency of troubleshooting online issues.
  For Standard Edition applications, you can view basic ARMS monitoring data after deployment without extra configuration. You can also purchase and enable advanced ARMS monitoring.
  For Professional Edition applications, enable Application Monitoring in the Advanced Settings. After the application is deployed, you can view advanced ARMS monitoring data. No additional fees are required.
- Other features
  Microservices Governance enables features for Java applications such as graceful start and shutdown, traffic protection, end-to-end canary release, and prioritized routing to providers in the same zone.
  For Standard Edition applications, go to the application details page after deployment to purchase and enable the MSE Microservices Governance feature.
  For Professional Edition applications, enable Microservices Governance in the Advanced Settings to configure graceful start and shutdown. You can configure more features on the application details page after deployment. No additional fees are required.
  Enable the CPU Burst feature to manage the higher CPU demand during startup and loading without wasting resources during normal operation.
  Add a sidecar container to decouple and standardize non-business functionalities from the main application container.
  Enable RRSA identity authentication to manage API permissions at the application instance level, which avoids the security risk of key leakage inherent in traditional key-based authentication.
Click One-Click Create Application or Create Application.
- Application creation takes about 1 to 2 minutes. You can view the change records to check if the deployment is successful. If the deployment fails, SAE does not create any instances. Troubleshoot the issue based on the error message in the Change Details.
- You can view your created applications on the page. To modify the application configuration after deployment, click the target application to go to its details page. At the top of the page, click Deploy Application or Modify Application Configurations. Note that the application automatically restarts for the new configuration to take effect, so you should perform this operation during off-peak hours.
- You can log on to an application instance by using Webshell and interact with it through console commands.
- After creating the application, you can manually adjust the number of instances and the instance specification, or configure an auto scaling policy. You can also enable idle mode to reduce costs.