yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/ucs/umn/ucs_01_0016.html
qiujiandong1 0a674cd795 UCS UMN initial update 20250523 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com>
Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
2026-01-13 13:39:08 +00:00

74 lines
13 KiB
HTML
Raw Permalink Blame History

<a name="ucs_01_0016"></a><a name="ucs_01_0016"></a>
<h1 class="topictitle1">Image Repositories</h1>
<div id="body0000001237670619"><p id="ucs_01_0016__p8060118">UCS integrates OTC SoftWare Repository for Containers (SWR), which provides easy, secure, and reliable management over container images throughout their lifecycles, facilitating the deployment of containerized applications.</p>
<p id="ucs_01_0016__p17474153352819">SWR allows you to securely host and efficiently distribute images on the cloud to smoothly run your services in containers. You do not need to build or maintain image repositories.</p>
<div class="section" id="ucs_01_0016__section3198201512295"><h4 class="sectiontitle">Features</h4><ul id="ucs_01_0016__ul9789194271"><li id="ucs_01_0016__en-us_topic_0000001142090088_li09841958153313">Full lifecycle management of images<p id="ucs_01_0016__en-us_topic_0000001142090088_p868455919337"><a name="ucs_01_0016__en-us_topic_0000001142090088_li09841958153313"></a><a name="en-us_topic_0000001142090088_li09841958153313"></a>SWR manages the full lifecycle of your container images, including push, pull, and deletion.</p>
</li><li id="ucs_01_0016__en-us_topic_0000001142090088_li206106143185">Private image repository<p id="ucs_01_0016__en-us_topic_0000001142090088_p8277103921812"><a name="ucs_01_0016__en-us_topic_0000001142090088_li206106143185"></a><a name="en-us_topic_0000001142090088_li206106143185"></a>Images can be stored in an SWR private image repository. With the SWR fine-grained permission system, users can be granted with different permissions (read, write, and manage) to access the images.</p>
</li><li id="ucs_01_0016__en-us_topic_0000001142090088_li67366911911">Automatic deployment update through triggers<p id="ucs_01_0016__en-us_topic_0000001142090088_p49001114201915"><a name="ucs_01_0016__en-us_topic_0000001142090088_li67366911911"></a><a name="en-us_topic_0000001142090088_li67366911911"></a>Application deployment can be triggered automatically upon image tag update. You only need to set a trigger for the desired image. Every time the image tag is updated, the application deployed with this image will be automatically updated.</p>
</li></ul>
</div>
<div class="section" id="ucs_01_0016__section45710062017"><h4 class="sectiontitle">Constraints</h4><p id="ucs_01_0016__p92659412014">Attached clusters connected to UCS through a private network cannot download images from SWR. Ensure your clusters can access the public network.</p>
</div>
<div class="section" id="ucs_01_0016__section15405155023019"><h4 class="sectiontitle">Pushing the Image</h4><ol id="ucs_01_0016__ol105341054413"><li id="ucs_01_0016__li853511020440"><span>Log in to the UCS console. In the navigation pane, choose <span class="uicontrol" id="ucs_01_0016__uicontrol1267292212489"><b>Image Repositories</b></span>.</span></li><li id="ucs_01_0016__li1967111422446"><span>View the basic information about the image repository and click the image repository name to access SWR.</span></li><li id="ucs_01_0016__li10651132044610"><span>Push an image to SWR by referring to <span id="ucs_01_0016__ph5261031122518"><a href="https://docs.otc.t-systems.com/software-repository-container/umn/image_management/uploading_an_image_through_the_client.html#" target="_blank" rel="noopener noreferrer">Uploading an Image Through the Client</a></span>.</span></li></ol>
</div>
<div class="section" id="ucs_01_0016__section9453834154913"><h4 class="sectiontitle">Using an Image</h4><p id="ucs_01_0016__p112494386493">Clusters and federations managed by UCS allow you to create a workload by pulling an image from the image repository. The following uses the CCE cluster taken over by UCS as an example to shown you how to pull and use an image to create a workload:</p>
<ol id="ucs_01_0016__ol1391535341620"><li id="ucs_01_0016__li10823744165416"><span>Access the cluster console.</span></li><li id="ucs_01_0016__li3224123935510"><span>In the navigation pane, choose <strong id="ucs_01_0016__b139605514514">Workloads</strong> and click <strong id="ucs_01_0016__b2459328155317">Create from Image</strong> in the upper right corner.</span></li><li id="ucs_01_0016__li15350526133620"><span>In the <span class="uicontrol" id="ucs_01_0016__uicontrol1189410369129"><b>Basic Info</b></span> area, set workload parameters. Deployment is used as an example.</span><p><ul id="ucs_01_0016__ul159377554014"><li id="ucs_01_0016__li177648919595"><strong id="ucs_01_0016__b532943599102223">Workload Type</strong>: Select <strong id="ucs_01_0016__b995960586102223">Deployment</strong>.</li><li id="ucs_01_0016__li1393685144017"><strong id="ucs_01_0016__b33601527191317">Workload Name</strong>: The value can be customized.</li><li id="ucs_01_0016__li59372518408"><strong id="ucs_01_0016__b288951117144">Pods</strong>: Set this parameter based on service requirements.</li><li id="ucs_01_0016__li6336144313272"><strong id="ucs_01_0016__b148461942151416">Description</strong>: Enter the description of the workload.</li><li id="ucs_01_0016__li246020529257"><strong id="ucs_01_0016__b37934855811573">Time Zone Synchronization</strong>: Specify whether to enable this function. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone.</li></ul>
</p></li><li id="ucs_01_0016__li14872167171217"><span>In the <span class="uicontrol" id="ucs_01_0016__uicontrol13588191571619"><b>Container Settings</b></span> area, click <span class="uicontrol" id="ucs_01_0016__uicontrol20225123941610"><b>Select Image</b></span>.</span><p><p id="ucs_01_0016__p98057217125">On the <strong id="ucs_01_0016__b12189154851618">My Images</strong> tab, select the target image and click <strong id="ucs_01_0016__b149131311101712">OK</strong>.</p>
<div class="notice" id="ucs_01_0016__note1263319862919"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="ucs_01_0016__ul101897211306"><li id="ucs_01_0016__li141897243019">If the selected image is a public image, you do not need to select an <span class="uicontrol" id="ucs_01_0016__uicontrol146972313321"><b>Image Access Credential</b></span>.</li><li id="ucs_01_0016__li450424184312">If the selected image is a private image, you need to select an <span class="uicontrol" id="ucs_01_0016__uicontrol1650192419430"><b>Image Access Credential</b></span>. Otherwise, the image cannot be pulled.<p id="ucs_01_0016__p71701625104317">You can click <span class="uicontrol" id="ucs_01_0016__uicontrol136241106335"><b>Create Secret</b></span> to create an image access credential. For details, see <a href="#ucs_01_0016__section134841815233">Creating an Image Secret</a>.</p>
</li></ul>
</div></div>
</p></li><li id="ucs_01_0016__li66932412212"><span>Click <span class="uicontrol" id="ucs_01_0016__uicontrol37861026146"><b>Create Workload</b></span>. For details about how to create a workload, see <a href="ucs_01_0106.html">Deployments</a>.</span></li></ol>
</div>
<div class="section" id="ucs_01_0016__section134841815233"><a name="ucs_01_0016__section134841815233"></a><a name="section134841815233"></a><h4 class="sectiontitle">Creating an Image Secret</h4><p id="ucs_01_0016__p1325261010235">When a cluster is created, a secret named <strong id="ucs_01_0016__b9734193092118">default-secret</strong> is generated by default, which contains an access credential of SWR. You do not need to create an image secret again.</p>
<p id="ucs_01_0016__p185414183515">When an attached cluster uses SWR private images, you need to create an image secret to pull SWR images. The procedure is as follows:</p>
<ol id="ucs_01_0016__ol16212632163610"><li id="ucs_01_0016__li8766541173813"><span>Access the cluster console.</span></li><li id="ucs_01_0016__li1719904316387"><span>In the navigation pane, choose <span class="uicontrol" id="ucs_01_0016__uicontrol12499135012388"><b>ConfigMaps and Secrets</b></span>. Then, click the <span class="uicontrol" id="ucs_01_0016__uicontrol4250521163920"><b>Secrets</b></span> tab.</span></li><li id="ucs_01_0016__li584232214393"><span>Click <span class="uicontrol" id="ucs_01_0016__uicontrol18649154619394"><b>Create Secret</b></span> and set parameters.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ucs_01_0016__table12639241164011" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="ucs_01_0016__row176391341134014"><th align="left" class="cellrowborder" valign="top" width="20.73%" id="mcps1.3.7.4.3.2.1.2.3.1.1"><p id="ucs_01_0016__p86391641204010">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="79.27%" id="mcps1.3.7.4.3.2.1.2.3.1.2"><p id="ucs_01_0016__p1463904114406">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="ucs_01_0016__row176391541124015"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p36391641174015">Name</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p1163904110402">Name of the secret you create, which must be unique.</p>
</td>
</tr>
<tr id="ucs_01_0016__row3639134154011"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p263944124014">Namespace</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p563994174012">Namespace to which the secret belongs. If you do not specify this parameter, the value <strong id="ucs_01_0016__b6825654142417">default</strong> is used by default.</p>
</td>
</tr>
<tr id="ucs_01_0016__row116397417409"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p863984124011">Description</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p1463913415408">Description of a secret.</p>
</td>
</tr>
<tr id="ucs_01_0016__row10639194174015"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p116391641144013">Secret Type</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p263944111403">Type of the new secret. <strong id="ucs_01_0016__b20820201313252">kubernetes.io/dockerconfigjson</strong> stores the authentication information required for pulling images from a private repository.</p>
</td>
</tr>
<tr id="ucs_01_0016__row1639204164016"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p7639174117405">Data</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p1763918414409">Enter the username and password of the private image repository. Workload secret data can be used in containers.</p>
<p id="ucs_01_0016__p13639841184018">To obtain the username and password when using SWR, perform the following steps:</p>
<ol type="a" id="ucs_01_0016__ol663934194015"><li id="ucs_01_0016__li186391341164016">Click the username in the upper right corner, choose <strong id="ucs_01_0016__b168732033165116">My Credentials</strong> &gt; <strong id="ucs_01_0016__b753825985115">Access Keys</strong>, and click <strong id="ucs_01_0016__b132631715143415">Create Access Key</strong>. You can obtain the AK and SK information from the <strong id="ucs_01_0016__b19107152993412">credentials.csv</strong> file downloaded.<p id="ucs_01_0016__p363913414403">The AK/SK file can be <strong id="ucs_01_0016__b856421611354">downloaded only once</strong>. Keep it secure. </p>
</li><li id="ucs_01_0016__li563918417401"><a name="ucs_01_0016__li563918417401"></a><a name="li563918417401"></a>Log in to a Linux computer and run the following command to obtain the login key (<em id="ucs_01_0016__i17639144174020">$AK</em> and <em id="ucs_01_0016__i863915410403">$SK</em> are the AK/SK obtained in the previous step.):<p id="ucs_01_0016__p137738114591"><strong id="ucs_01_0016__b17845201115915">printf "</strong><em id="ucs_01_0016__i8846151135916">$AK</em><strong id="ucs_01_0016__b98791535911">" | openssl dgst -binary -sha256 -hmac "</strong><em id="ucs_01_0016__i68711565916">$SK</em><strong id="ucs_01_0016__b1787151595917">" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'</strong></p>
</li><li id="ucs_01_0016__li156397410402">The username is <strong id="ucs_01_0016__b1160533342215"><em id="ucs_01_0016__i654916377226">Regional project name</em>@<em id="ucs_01_0016__i1747343172210">AK</em></strong>.<p id="ucs_01_0016__p56391041194019">The password is the login key obtained in <a href="#ucs_01_0016__li563918417401">2</a>.</p>
</li></ol>
</td>
</tr>
<tr id="ucs_01_0016__row563974115408"><td class="cellrowborder" valign="top" width="20.73%" headers="mcps1.3.7.4.3.2.1.2.3.1.1 "><p id="ucs_01_0016__p46391941164010">Label</p>
</td>
<td class="cellrowborder" valign="top" width="79.27%" headers="mcps1.3.7.4.3.2.1.2.3.1.2 "><p id="ucs_01_0016__p7639154124019">Label of the secret. Enter a key-value pair and click <span class="uicontrol" id="ucs_01_0016__uicontrol1581215477383"><b>Add</b></span>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li></ol>
</div>
</div>
View Git Blame Copy Permalink