自建Kubernetes集群通过部署VNode来使用ECI时,在业务并发量大、对ECI Pod启动速度有要求的场景下,可以通过ECI的镜像缓存(即ImageCache)功能来加快Pod启动速度。使用镜像缓存功能前,您需要在自建Kubernetes集群中部署ImageCache CRD。本文介绍如何部署ImageCache CRD。
前提条件
自建Kubernetes集群中已部署VNode。
如果您的Kubernetes集群部署在线下IDC,请确保已打通IDC与阿里云的网络。
操作步骤
准备部署ImageCache CRD的YAML文件。
vim imagecache-crd.yamlimagecache-crd.yaml的内容如下,配置时,需根据实际情况修改标有
TODO的配置项。说明如果镜像缓存需要拉取公网镜像,配置的交换机所属的VPC必须具有公网访问能力,且安全组需开放公网访问权限。
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: imagecaches.eci.alibabacloud.com spec: group: eci.alibabacloud.com scope: Cluster names: plural: imagecaches singular: imagecache kind: ImageCache listKind: ImageCacheList shortNames: - imc categories: - all versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Id type: string jsonPath: .status.imageCacheId - name: Phase type: string jsonPath: .status.phase - name: Progress type: string jsonPath: .status.progress schema: openAPIV3Schema: type: object required: - spec description: "Imagecache is an image acceleration capability provided by alibabacloud" properties: status: type: object required: - phase - progress properties: events: type: array nullable: true items: type: object properties: name: type: string message: type: string type: type: string timestamp: type: string nullable: true phase: type: string default: Pending reason: type: string default: "" progress: type: string default: "0%" expireDateTime: type: string nullable: true startTime: type: string nullable: true lastUpdatedTime: type: string nullable: true imageCacheId: type: string default: "" spec: type: object required: - images properties: images: type: array minItems: 1 items: type: string imagePullSecrets: type: array items: type: string default: [] imageCacheSize: type: integer default: 30 retentionDays: type: integer --- apiVersion: v1 kind: ServiceAccount metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: alibabacloud:eci:imagecache-controller rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches verbs: - "*" - apiGroups: - "eci.alibabacloud.com" resources: - imagecaches/status verbs: - "*" - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: alibabacloud:eci:imagecache-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: alibabacloud:eci:imagecache-controller subjects: - kind: ServiceAccount name: alibabacloud-eci-imagecache-controller namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: alibabacloud-eci-imagecache-secret namespace: kube-system type: Opaque stringData: ACCESS_KEY: "***" # TODO: 阿里云用户 AccessKey SECRET_KEY: "***" # TODO: 阿里云用户 SecretKey --- apiVersion: apps/v1 kind: Deployment metadata: name: alibabacloud-eci-imagecache-controller namespace: kube-system labels: app: eci-imagecache-controller spec: selector: matchLabels: app: eci-imagecache-controller replicas: 1 template: metadata: labels: app: eci-imagecache-controller spec: dnsPolicy: ClusterFirst restartPolicy: Always serviceAccount: alibabacloud-eci-imagecache-controller containers: - name: imagecache-controller imagePullPolicy: Always image: registry.cn-hangzhou.aliyuncs.com/eci-release/imagecache-controller:1.0.0 command: - /imagecache args: - --provider - eci env: - name: CLUSTER_ID value: "unique-cluster-id" # TODO: 阿里云账号内,必须保证不同集群ID唯一,必填 - name: REGION_ID value: "cn-beijing" # TODO: 阿里云地域ID,需要与虚拟节点同地域,必填 - name: RESOURCE_GROUP_ID value: "" # TODO: 阿里云资源组ID,可选 - name: SECURITY_GROUP_ID value: "sg-***" # TODO: 阿里云安全组ID,必填 - name: VSWITCH_IDS value: "vsw-*******" # TODO: 阿里云虚拟交换机ID,可以设置多个,用半角逗号分隔,必填 - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name envFrom: - secretRef: name: alibabacloud-eci-imagecache-secret部署ImageCache CRD。
kubectl create -f imagecache-crd.yaml查看部署结果。
查看Pod情况。
kubectl get pod -n kube-system预期返回:
NAME READY STATUS RESTARTS AGE alibabacloud-eci-imagecache-controller-8857984bd-2lnhs 1/1 Running 1 7s ......查看ImageCache CRD。
kubectl get crd imagecaches.eci.alibabacloud.com预期返回:
NAME CREATED AT imagecaches.eci.alibabacloud.com 2022-09-01T07:12:47Z
文档内容是否对您有帮助?