user guide...2016/11/21 · you can also customize ecs access rules within the security group and...

Cloud Container Engine

User Guide

Issue 01

Date 2016-11-21

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2016-11-21) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

Contents

1 Overview......................................................................................................................................... 11.1 Basic Concepts............................................................................................................................................................... 21.2 Accessing CCE............................................................................................................................................................... 51.3 CCE's Relationships with Other Services.......................................................................................................................5

2 Settings............................................................................................................................................ 62.1 Uploading AK/SK File................................................................................................................................................... 72.2 Creating a VPC...............................................................................................................................................................92.3 Creating a Key Pair.........................................................................................................................................................92.4 Creating an ELB Instance (Optional)........................................................................................................................... 10

3 Getting Started............................................................................................................................. 113.1 Overview...................................................................................................................................................................... 123.2 Creating a Container Cluster........................................................................................................................................ 133.3 Building Container Images...........................................................................................................................................173.4 Uploading Container Images........................................................................................................................................ 243.5 Creating Component Templates................................................................................................................................... 273.6 Creating a Containerized Application.......................................................................................................................... 29

4 Operation Guide..........................................................................................................................364.1 Dashboard.....................................................................................................................................................................374.2 Cluster Manager........................................................................................................................................................... 374.2.1 Creating a Container Cluster..................................................................................................................................... 374.2.2 Managing a Container Cluster...................................................................................................................................404.2.2.1 Nodes...................................................................................................................................................................... 404.2.2.2 Services...................................................................................................................................................................454.2.2.3 Monitoring.............................................................................................................................................................. 464.2.2.4 Events..................................................................................................................................................................... 464.2.2.5 Basic Info................................................................................................................................................................474.2.3 Deleting a Container Cluster..................................................................................................................................... 484.3 Component Template....................................................................................................................................................494.4 App Manager................................................................................................................................................................ 514.4.1 Creating a Containerized Application....................................................................................................................... 524.4.2 Updating a Containerized Application...................................................................................................................... 554.4.3 Managing a Containerized Application.....................................................................................................................57

Cloud Container EngineUser Guide Contents


ii

4.4.3.1 Basic Info................................................................................................................................................................584.4.3.2 Monitoring.............................................................................................................................................................. 594.4.3.3 Events..................................................................................................................................................................... 614.4.3.4 Auto Scaling........................................................................................................................................................... 624.4.3.5 Log Analysis...........................................................................................................................................................694.4.4 Viewing an Application Topology.............................................................................................................................734.4.5 Deleting a Containerized Application....................................................................................................................... 744.5 App Designer................................................................................................................................................................754.5.1 Graphic App Design.................................................................................................................................................. 754.5.1.1 AppComponent.......................................................................................................................................................764.5.1.2 Container................................................................................................................................................................ 774.5.1.3 Port..........................................................................................................................................................................794.5.1.4 Volume....................................................................................................................................................................804.5.1.5 Example: Creating an Application Template for Guestbook..................................................................................824.5.2 Deploying a Containerized Application.................................................................................................................... 904.5.3 Viewing an Application Template............................................................................................................................. 914.5.4 Modifying an Application Template..........................................................................................................................924.5.5 Deleting an Application Template............................................................................................................................. 934.6 Container Registry........................................................................................................................................................934.6.1 Building a Container Image.......................................................................................................................................934.6.2 Connecting to the Private Container Registry........................................................................................................... 944.6.3 Uploading a Private Container Image....................................................................................................................... 964.6.4 Viewing a Private Container Image...........................................................................................................................974.6.5 Modifying a Private Container Image....................................................................................................................... 984.6.6 Deleting a Private Container Image...........................................................................................................................994.6.7 Deleting Residual Private Image Files.................................................................................................................... 100

Cloud Container EngineUser Guide Contents


iii

1 Overview

1.1 Basic Concepts

1.2 Accessing CCE

1.3 CCE's Relationships with Other Services

Cloud Container EngineUser Guide 1 Overview


1

1.1 Basic ConceptsCloud Container Engine (CCE) is a platform for developers and partners to develop, deploy,and manage containerized applications. With CCE, you can roll out new containerizedapplications cost-efficiently anytime, anywhere.

The Docker technology is at the core of CCE. Docker is an open platform for developing,shipping, and running applications. It is designed to deliver your applications faster. WithDocker, you can separate your applications from your infrastructure and treat yourinfrastructure like a managed application. Docker helps you ship code faster, test faster,deploy faster, and shorten the cycle between writing code and running code.

If you intend to work with CCE, it is important that you have a basic understanding of Dockerand can skillfully use the Docker command line. For more information about Docker, visithttps://docs.docker.com/.

You should also have an understanding of the following concepts.

Container Image

A container image is a read-only template used to create containers. For example, a containerimage could contain a complete Ubuntu operating system with required programs and theirdependency files installed.

Docker provides a simple way to build new container images or update existing containerimages. In addition to building container images on your own, you can download containerimages that others have created.

Container images are classified into two types:

l Internal container images

Internal container images are stored in the container registry provided by CCE. They areuploaded by users and accessible only to image owners.

l External container images

External container images are stored in container registries provided by a third party, forexample, the Docker Hub from Docker Inc. CCE users can download container imagesfrom public third-party container registries.

Container Cluster

A container cluster consists of a maximum of 15 nodes. Nodes are used to run containerizedapplications.

Each user can create a maximum of two container clusters. Your container cluster is privateand inaccessible to other users. This ensures that your containerized applications are securelyisolated from containerized applications of other users.

Note that a container cluster must be created before a containerized application is created.

Currently,the Docker version used by CCE is V1.9.1.



2

https://docs.docker.com/

Node

A node is an Elastic Cloud Server(ECS) on which a containerized application will run. Everynode runs a node agent, which is used to manage container instances on the node.

The minimum node specifications are 1 core and 2048 MB. The maximum nodespecifications are 32 cores and 128 GB.

Containerized Application, Component, Container

A containerized application is software provided to end users through CCE. For example, itcan be a website application or a mobile app.

A component is a function module of a containerized application. Components are decoupledfrom each other.

A container is a runtime instance of a container image. Every instance of a component isshipped as a container.

A single containerized application consists of one or more components. Each component hasone or more containers.

Figure 1-1 Relationship between containerized application, component, and container

Component Template

A component template defines a template name, container images, network protocols, ports,memory capacity, CPU cores, environment variables, and volumes. With a componenttemplate, you can quickly create a containerized application with the specificationsdocumented in the template.



3

Service

A service defines a set of instances and a means for accessing them, such as a single stable IPaddress and corresponding DNS name.

To address component communication issues, a service name is used instead of an IP address.You must specify a service name when creating a containerized application.

Namespace

A namespace is like a prefix to the name of a resource. Namespaces help differentapplications and projects to share a container cluster, such as by preventing name collisionsbetween unrelated projects.

App Designer

The App Designer is a graphical orchestration tool. With the App Designer, you can drag-and-drop to design containerized applications and their topology and save graphical designs asapplication templates. With the template, you can quickly create multi-container applications.This makes application deployment easier and more efficient.

Environment Variable

An environment variable refers to a container runtime variable. A maximum of 30environment variables can be defined in a component template. The variables of acontainerized application can be modified even after the application is deployed. This givesgreater flexibility in application management.

There are two ways to define an environment variable:

l Specify the Environment Variable parameter on the CCE consolel Specify the ENV parameter in the Dockerfile

Volume

A volume is a specially-designated directory within one or more containers that bypasses theUnion File System. Using a volume means mounting an absolute path on a host (also called anode) to a path on a container, thereby achieving sharing between hosts and containers.

There are two ways to define a volume:

l Specify the Volume parameter on either the Create Component Template page or theCreate App Design page of the CCE console

l Run the docker run command with the -v optionFor example, to mount the /src/webapp directory on a host to the /opt/webapp directoryon the frontend container, run the following command:docker run -d -P --name frontend -v /src/webapp:/opt/webapp frontend

mcore

One CPU core is equal to 1000 mcores. CPU usage of containerized applications is typicallymeasured in mcores.



4

1.2 Accessing CCEThere are two ways to access CCE:

l By using the management consoleThe public cloud provides a web-based management console. If you have registered anaccount to the management console, you can choose Cloud Container Engine on thehomepage after login.Use the management console to perform operations that APIs do not support.

l By using HTTP-compliant application programming interface (APIs)For more information, see the CCE API Reference.

1.3 CCE's Relationships with Other Servicesl Elastic Cloud Server(ECS)

An Elastic Cloud Server is a computing server that consists of CPUs, memory, images,and Elastic Volume Service (EVS) disks and that allows on-demand allocation andelastic scaling. The ECS integrates Virtual Private Cloud (VPC), virtual firewall, andmulti-data-copy capabilities to build an efficient, reliable, and secure computingenvironment, ensuring that your services run stably and continuously.In CCE, a node is an ECS server armed with two EVS disks. You can specify ECS serverspecifications (flavor) when creating a node.

l Elastic Volume Service (EVS)You can attach EVS disks to an ECS and expand the EVS disk capacity.In CCE, a node is an ECS server armed with two EVS disks. You can specify EVS diskcapacity when creating a node.

l Virtual Private Cloud (VPC)A VPC is an exclusive logical network that is completely isolated. In a VPC, you cancustomize the security group, VPN, IP address segments, and bandwidth. You canmanage and configure internal networks and change network configurations, simplifyingnetwork management. You can also customize ECS access rules within the securitygroup and between security groups to strengthen security protection.For network security purposes, all container clusters created by CCE run on VPCs.

l Elastic Load Balance (ELB)CCE allows applications to work with ELB to improve fault tolerance and serviceavailability of applications.

l Object Storage Service (OBS)Object storage service is an object-based storage service that provides customers withmassive, secure, reliable, and cost-effective data storage capabilities, such as bucketcreation, modification, and deletion, as well as object upload, download, and deletion.CCE uses OBS to store the private container images uploaded by users.



5

2 Settings

2.1 Uploading AK/SK File

2.2 Creating a VPC

2.3 Creating a Key Pair

2.4 Creating an ELB Instance (Optional)

Cloud Container EngineUser Guide 2 Settings


6

2.1 Uploading AK/SK FileBefore you create a container cluster on the CCE console, upload a valid Access Key ID/Secret Access Key (AK/SK) file. If no AK/SK file is uploaded or the uploaded AK/SK filehas expired, the container cluster cannot be authorized to use private container images andElastic Load Balance (ELB). To ensure account security and optimal user experience withCCE services, it is recommended that you upload your AK/SK file and complete userauthentication.

Procedure

Step 1 Download your AK/SK file from the authentication center.

1. Log in to the CCE console.2. Select My Credential.

Figure 2-1 Authentication center

3. Choose Access Credentials > Add Access Key. In the Add Access Key dialog box,type the login password and short message service (SMS) verification code and clickOK.

Figure 2-2 Add Access Key

4. Click OK to download the AK/SK file.



7

Figure 2-3 Confirm the download

The AK/SK file is named credentials.csv.

NOTE

After you click OK, different browsers will respond differently. For some browsers, the browserdownloads the AK/SK file to the local default directory automatically. For other browsers, you areprompted to confirm whether to open or save the downloaded AK/SK file.

Step 2 Upload your AK/SK file to CCE.l If you log in to the CCE console for the first time, the Upload Certificate File window

is displayed upon successful login. Click Upload.

Figure 2-4 Upload a certificate file

l In other situations, choose Dashboard > Upload Certificate File.

Figure 2-5 Upload a certificate file



8

Step 3 Select the path to your AK/SK file. Click Upload and then Close.

Figure 2-6 Upload an AK/SK file

----End

2.2 Creating a VPCCreate a VPC before you create a container cluster. VPCs provide a secure and isolatednetwork environment for CCE services.

If you have already created a VPC, you will never need to create it again.

NOTE

For more information about how to create a VPC, choose Help Center > Virtual Private Cloud > UserGuide > Creating a VPC on the management console.

Step 1 On the management console, choose Network > Virtual Private Cloud.

Step 2 On the VPC console, click Create VPC to create a VPC.

----End

2.3 Creating a Key PairCreate a key pair before you create a container cluster. key pairs are used for identityauthentication at the time of node login.

If you have already created a key pair, you will never need to create it again.

NOTE

For more information about how to create a key pair, choose Help Center > Elastic Cloud Server >User Guide > Configurations > Creating a Key Pair on the management console.

Step 1 On the management console, select Elastic Cloud Server.

Step 2 In the navigation pane, select Key Pair.

Step 3 Click Create Key Pair .

The Create Key Pair page is displayed.



9

Figure 2-7 Create a key pair

Step 4 Specify the key pair name. For example, SSHkey-cce.

The key pair name can be 1 to 64 characters long and any combination of the followingcharacters: letters, digits, hyphens (-), and underscores (_).

Step 5 Click OK.

Step 6 In the displayed dialog box, click OK.

A key file in the .pem format is generated and saved to the default directory on the localcomputer.

----End

2.4 Creating an ELB Instance (Optional)CCE allows applications to work with ELB to improve fault tolerance and service availabilityof applications.

NOTE

An ELB distributes access traffic to various ECS servers automatically. For details on how to create anELB, choose Help Center > Elastic Load Balance > User Guide > Getting Started on themanagement console.

Step 1 Log in to the management console.

Step 2 Choose Network > Elastic Load Balance.

Step 3 On the ELB console, click Create Load Balancer. On the displayed page, specify ELBparameters to create an ELB instance.

NOTICEThe VPC where the ELB resides must be the same as the VPC where the container cluster thatwill run the containerized application resides. If the VPCs are different, no ELB instance isavailable for selection at application creation time.

----End



10

3 Getting Started

3.1 Overview

3.2 Creating a Container Cluster

3.3 Building Container Images

3.4 Uploading Container Images

3.5 Creating Component Templates

3.6 Creating a Containerized Application

Cloud Container EngineUser Guide 3 Getting Started


11

3.1 OverviewCCE provides an optimal operating environment for containers and enables you to buildcomprehensive containerized applications.

This chapter uses the Guestbook application as an example to describe how to create acontainerized application from a component template.

Guestbook

Guestbook is an application that allows visitors of a website to leave a public comment. Toleave a public comment, type the comment in the input box of Guestbook and click Submit.Then, your comment is displayed.

Figure 3-1 Guestbook

As shown in Figure 3-2, the Guestbook application consists of three components:

l FrontendThis component stores code logic.

l Redis_master and Redis_slaveThe two components work in master/slave mode to store user messages.

Every component runs in a separate container.

Figure 3-2 Logical architecture of the Guestbook application



12

Procedure

Figure 3-3 shows how to create a containerized application on the CCE console.

Figure 3-3 Create a containerized application

The general procedure for creating a containerized application is as follows:

Step 1 Create a container cluster.

Step 2 Compile application code and build container images of the application.

Step 3 Upload container images to the private container registry.

Step 4 Create a template.

There are two types of templates.

l Component templateUse component templates to create common components shared by differentapplications.

l Application templateUse the intuitive and easy-to-use graphic App Designer to create application templates.

Step 5 Create an application using the template created in Step 4.

----End

Sections 3.2 Creating a Container Cluster through 3.6 Creating a ContainerizedApplication explain every step in detail.

3.2 Creating a Container ClusterContainer clusters are used to run containers.

Each user can create a maximum of two container clusters.

A maximum of 15 nodes are allowed in a single container cluster. Every node is an ECSserver armed with two EVS disks. One of these disks is a 40-GB system data disk and theother is a user data disk.

Create a container cluster on which your containerized application will run.

Using an example, this section describes how to create the single-node cluster gbk for theGuestbook application.



13

Prerequisitesl Your valid AK/SK file has been uploaded to CCE.

For details about how to upload an AK/SK file, see 2.1 Uploading AK/SK File.l A VPC has been created.

For details about how to create a VPC, see 2.2 Creating a VPC.l An SSH key has been created.

For details about how to create an SSH key, see 2.3 Creating a Key Pair.

Procedure

Step 1 Create a container cluster.

1. On the CCE console, choose Cluster Manager > Create Container Cluster.The Create Container Cluster page is displayed.

Figure 3-4 Open the Create Container Cluster page

2. On the Create Container Cluster page, specify parameters of the container cluster.



14

Figure 3-5 Specify container cluster parameters

– Name

Name of the container cluster to be created. In the Guestbook example, the clustername is gbk.

NOTE

A container cluster name must begin with a lowercase letter and contain only lowercaseletters, digits, and hyphens (-).

– VPC

VPC where the container cluster is located.

– Subnet

Subnet where nodes in the container cluster run.

3. Click OK.

A tab with the name of the newly created container cluster is displayed.

Figure 3-6 Container cluster information



15

Step 2 On the tab page of the newly created container cluster, click Add Node.

The Add Node page is displayed.

Figure 3-7 Add Node page

Step 3 On the Add Node page, specify node parameters.l Node Type

Type of ECS server that will be used as a node.The following is the recommended use scenario of every node type:– General-purpose

Applications have no special requirements on CPUs, memory, disks, andbandwidth, but have high requirements on security and reliability. Customersrequire low initial investment and maintenance costs.

– Computing IApplications have high requirements on bandwidth and require online databackhaul in real time and storage- or ECS-based video content processing.

– Computing IIApplications have high requirements on computing performance and storagecapacity.

– Memory-optimizedApplications require large memory and rapid data switching and processing. Theyprocess large volumes of frequently accessed data.

In the Guestbook example, the node type is General-purpose.l Specifications

CPU and memory capacity of the node.By default, the following amount of CPU and memory resources on a node areconsumed to manage the node:– Operating system consumes 340-MB memory.– The node agent on the first node of the container cluster consumes 0.71-core CPU

and 170-MB memory.– The node agent on each of the remaining nodes consumes 0.4-core CPU and 170-

MB memory.



16

Your containerized applications will use the remaining CPU and memory resources onthe node.The minimum node specifications are 1 core and 2048 MB. The maximum nodespecifications are 32 cores and 128 GB.In the Guestbook example, the node specifications are c2.large.

l QuantityThe number of nodes you plan to buy to run containers.A node is an ECS server armed with two EVS disks.In the Guestbook example, only one node is required.

l DiskEVS disks are classified into system and data disks.EVS disks deliver three levels of I/O performance:– Common I/O: The EVS disk uses Serial Advanced Technology Attachment (SATA)

storage.– High I/O: The EVS disk uses SAN attached storage (SAS) storage.– Ultra-high I/O: The EVS disk uses solid state disk (SSD) storage.Capacity of the system disk is hard-coded to be 40 GB. Capacity of the data disk is userconfigurable and ranges from 100 GB to 32768 GB (inclusive). The default capacity is100 GB.In the Guestbook example, the default value is retained.

l Key PairThe SSH key name specified in 2.3 Creating a Key Pair.

Step 4 Click Add Now.

Step 5 click Submit.

It takes about 20 to 30 minutes to create a node. If the Status of the newly created node isAvailable, the node has been created successfully.

Every node in a container cluster is an ECS server armed with two EVS disks. One of thesedisks is a 40-GB system data disk and the other is a user data disk.

----End

3.3 Building Container ImagesThis section uses the Guestbook application as an example to explain how to build containerimages in the Linux environment.

NOTE

l The procedure for building container images is similar across all operating systems.

l It is recommended that the same operating system be used to build and upload container images.Only the following operating systems that have Docker installed are allowed to upload containerimages:

Ubuntu and similar distributions (e.g. Debian)

CentOS and similar distributions (e.g. RHEL, Fedora)



17

BackgroundThe Frontend component stores all code logic of the Guestbook application and reads/writescode logic from/into the Redis components.

A service name instead of an IP address is used for component communication.

Prerequisitesl Internet connectivity to Docker Hub of Docker, Inc. is available.l Docker 1.10.0 or a later version has been installed on the virtual or physical machine that

you use to build container images.To check the Docker version, run the following command:docker versionExample command output:Client:Version: 1.12.1API version: 1.24Go version: go1.6.3Git commit: 23cf638Built: Thu Aug 18 05:22:43 2016OS/Arch: linux/amd64Where the Version field indicates the Docker version.If the displayed version is earlier than 1.10.0 or the Docker is not installed, downloadDocker 1.10.0 or a later version at https://www.docker.com/ and install it by followingthe instructions provided at https://docs.docker.com/.

Building a Container Image of the Frontend ComponentThe purpose of Step 1 through Step 5 is to build a local code file of the Frontend component.

Code file structure of the Frontend component:

--|---guestbook.php |---controllers.js |---index.html

Step 1 Log in to the Docker client as the root user.

NOTE

You may also log in as any other user who is authorized to perform Docker operations.

Step 2 Run the following commands to create the directories where files of the Frontend componentwill be saved:

mkdir guestbook

cd guestbook

mkdir frontend

cd frontend

Step 3 Run the following command to compile the Guestbook code file guestbook.php:

vi guestbook.php

Content in the guestbook.php file:



18

https://www.docker.com/


<?phpset_include_path('.:/usr/local/lib/php');error_reporting(E_ALL);ini_set('display_errors', 1);require 'Predis/Autoloader.php';Predis\Autoloader::register();if (isset($_GET['cmd']) === true) { $host = 'redis-master'; header('Content-Type: application/json'); if ($_GET['cmd'] == 'set') { $client = new Predis\Client([ 'scheme' => 'tcp', 'host' => $host, 'port' => 6379, ]); $client->set($_GET['key'], $_GET['value']); print('{"message": "Updated"}'); } else { $host = 'redis-slave'; $client = new Predis\Client([ 'scheme' => 'tcp', 'host' => $host, 'port' => 6379, ]); $value = $client->get($_GET['key']); print('{"data": "' . $value . '"}'); }} else { phpinfo();} ?>

Where one $host is set to redis-master (service name of the Redis_master component) andthe other $host is set to redis-slave (service name of the Redis_slave component). CCE mapsthe service name of a component into its IP address so that components can access each other.

A service name must begin with a lowercase letter and can contain only lowercase letters,digits, and hyphens (-).

Step 4 Run the following command to compile the Guestbook script file controllers.js:

vi controllers.js

Content in the controllers.js file:

var redisApp = angular.module('redis', ['ui.bootstrap']);/** * Constructor */function RedisController() {}RedisController.prototype.onRedis = function() { this.scope_.messages.push(this.scope_.msg); this.scope_.msg = ""; var value = this.scope_.messages.join(); this.http_.get("guestbook.php?cmd=set&key=messages&value=" + value) .success(angular.bind(this, function(data) { this.scope_.redisResponse = "Updated."; }));};redisApp.controller('RedisCtrl', function ($scope, $http, $location) { $scope.controller = new RedisController(); $scope.controller.scope_ = $scope; $scope.controller.location_ = $location; $scope.controller.http_ = $http; $scope.controller.http_.get("guestbook.php?cmd=get&key=messages") .success(function(data) { console.log(data); $scope.messages = data.data.split(",");



19

});});

Step 5 Run the following command to compile the index.html file:

vi index.html

Content in the index.html file:

<html ng-app="redis"> <head> <title>Guestbook</title> <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.12/angular.min.js"></script> <script src="controllers.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/angular-ui-bootstrap/0.13.0/ui-bootstrap-tpls.js"></script> </head> <body ng-controller="RedisCtrl"> <div style="width: 50%; margin-left: 20px"> <h2>Guestbook</h2> <form> <fieldset> <input ng-model="msg" placeholder="Messages" class="form-control" type="text" name="input"><br> <button type="button" class="btn btn-primary" ng-click="controller.onRedis()">Submit</button> </fieldset> </form> <div> <div ng-repeat="msg in messages track by $index"> {{msg}} </div> </div> </div> </body></html>

Step 6 Run the following command to compile the Dockerfile:

vi dockerfile

Docker can automatically build container images by reading instructions from a Dockerfile,which is a text file that contains all the commands needed to build an image.

Content in the Dockerfile:

FROM php:5-apacheRUN apt-get updateRUN apt-get install -y php-pearRUN pear channel-discover pear.nrk.ioRUN pear install nrk/PredisADD guestbook.php /var/www/html/guestbook.phpADD controllers.js /var/www/html/controllers.jsADD index.html /var/www/html/index.htmll FROM statement indicates that the container image of the Frontend component is based

on the php:5-apache image.l RUN statement indicates that the apt-get command is used to update the software

package list and install Predis.l ADD statement indicates that the local code file is added to the container image of the

Frontend component.

Step 7 Run the following command to build a container image of the Frontend component in thefrontend directory:



20

docker build -t frontend .

Example command output:Sending build context to Docker daemon 372.7 kBStep 1 : FROM php:5-apache5-apache: Pulling from library/php5c90d4a2d1a8: Pull complete357b76a49838: Pull complete0e87614c69f0: Pull completea3a94d3df9be: Pull complete8d889f91ade2: Pull complete6aa1b9bbdc5d: Pull complete777536a87ced: Pull completec9ba89109223: Pull complete2fb909a2ccf9: Pull completeb568c0efcb94: Pull completec0887fadb409: Pull completeDigest: sha256:1985aed3a8242e35f598f0f2b08aea11ecdd623ba670cfbb1f078c689d98c42cStatus: Downloaded newer image for php:5-apache ---> 7374b3b98172Step 2 : RUN apt-get update ---> Running in 287defbad457Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]Ign http://httpredir.debian.org jessie InReleaseGet:2 http://httpredir.debian.org jessie-updates InRelease [142 kB]Get:3 http://httpredir.debian.org jessie Release.gpg [2373 B]Get:4 http://security.debian.org jessie/updates/main amd64 Packages [359 kB]Get:5 http://httpredir.debian.org jessie Release [148 kB]Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [17.6 kB]Get:7 http://httpredir.debian.org jessie/main amd64 Packages [9032 kB]Fetched 9765 kB in 11s (875 kB/s)Reading package lists... ---> e34285bd2042Removing intermediate container 287defbad457Step 3 : RUN apt-get install -y php-pear ---> Running in fb4c4458b7a9Reading package lists...Building dependency tree...Reading state information......Creating config file /etc/php5/mods-available/readline.ini with new versionphp5_invoke: Enable module readline for cli SAPIProcessing triggers for libc-bin (2.19-18+deb8u4) ... ---> 52e877588e6dRemoving intermediate container fb4c4458b7a9Step 4 : RUN pear channel-discover pear.nrk.io ---> Running in d18922f9b0adAdding Channel "pear.nrk.io" succeededDiscovery of channel "pear.nrk.io" succeeded ---> 63bd71456d26Removing intermediate container d18922f9b0adStep 5 : RUN pear install nrk/Predis ---> Running in 32f931c2af8adownloading Predis-1.1.1.tgz ...Starting to download Predis-1.1.1.tgz (228,512 bytes).............................................done: 228,512 bytesinstall ok: channel://pear.nrk.io/Predis-1.1.1 ---> c4f931c29c25Removing intermediate container 32f931c2af8aStep 6 : ADD guestbook.php /var/www/html/guestbook.php ---> 3d71494f0d16Removing intermediate container 037173e5d15eStep 7 : ADD controllers.js /var/www/html/controllers.js ---> e55a52cca404Removing intermediate container 6d7d4a32368fStep 8 : ADD index.html /var/www/html/index.html ---> 5f56d1feb421Removing intermediate container 9a511c08d6cdSuccessfully built 5f56d1feb421



21

If "Successfully built" is displayed, the container image of the Frontend component is builtsuccessfully. To view the built image, run the docker images command.

Example command output:

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE frontend latest 5f56d1feb421 26 hours ago 480.3 M

----End

Building a Container Image of the Redis_master Component

The public redis image in the public container registry can be used as a container image of theRedis_master component. You do not need to manually build a container image for theRedis_master component.

To download the public redis image, perform the following steps:

Step 1 Navigate to the guestbook directory created in "Building a Container Image of theFrontend Component".

Step 2 Run the following commands to create the Redis_master directory and download the publicredis image to this directory:

mkdir Redis_master

cd Redis_master

docker pull redis:3.0


3.0: Pulling from library/redisd34921bc2709: Pulling fs layer 7062b3d97728: Pulling fs layer f5e079305b5b: Pulling fs layer f24ed385d97f: Pulling fs layer 07490d4a265d: Pulling fs layer 69a7e7de57fd: Pull complete 8b4e50bbe5d0: Pull complete 9233ecfa2fa2: Pull complete 279b06473b2b: Pull complete a6e81c8b1686: Pull complete a9f6f37bf5d4: Pull complete 9dfb98084b52: Pull complete 9a6f22fa2498: Pull complete f3c3d957fc95: Pull complete 9d8d146dd82c: Pull complete 7a423638612b: Pull complete f2603106ad09: Pull complete 77904efd4524: Pull complete Digest: sha256:7072fb5c25c253812b73f2890482c9b219108fc4a9fdff5d22a2425dba8cdd25Status: Downloaded newer image for redis:3.0

If Status: Downloaded newer image for redis:3.0 is displayed, the public redis image isdownloaded successfully.

----End



22

Building a Container Image of the Redis_slave Component

Before using the public redis image as the container image of the Redis_slave component, besure that the master/slave setup has been configured between container images ofRedis_master and Redis_slave components.

Step 1 Run the following commands to create the Redis-slave directory in the guestbook directorycreated in "Building a Container Image of the Frontend Component":

mkdir Redis_slave

cd Redis_slave

Step 2 Run the following command to compile the run.sh file:

vi run.sh

Content in the run.sh file:

redis-server --slaveof redis-master 6379

Where redis-master is the service name of the Redis_master component, and 6379 is thedefault port number of the Redis components.

Step 3 Run the following command to compile the Dockerfile:

vi dockerfile

Content in the Dockerfile:

FROM redis:3.0ADD run.sh /run.shRUN chmod a+x /run.shCMD /run.sh

l FROM statement indicates that the container image of the Redis_slave component isbased on the public redis image.

l ADD statement indicates that the local run.sh script is added to the container image ofthe Redis_slave component.

l RUN statement indicates that all users are granted the permission to run the run.sh file.l CMD statement indicates that the run.sh file is automatically run when a container is up.

Step 4 Run the following command to build a container image of the Redis_slave component:

docker build -t redisslave .


Sending build context to Docker daemon 3.072 kBStep 1 : FROM redis:3.0 ---> 77904efd4524Step 2 : ADD run.sh /run.sh ---> 9c7e739083b1Removing intermediate container a843219d53b7Step 3 : RUN chmod a+x /run.sh ---> Running in 908dcebd4d5a ---> 38a9b2fe49f6Removing intermediate container 908dcebd4d5aStep 4 : CMD /run.sh ---> Running in dacb85ccf773 ---> 2922532794cfRemoving intermediate container dacb85ccf773Successfully built 2922532794cf



23

If "Successfully built" is displayed, the container image of the Redis_slave component is builtsuccessfully. To view the built image, run the docker images command.

Example command output:REPOSITORY TAG IMAGE ID CREATED SIZEredisslave latest 2922532794cf About a minute ago 185.7 MBfrontend latest 5f56d1feb421 3 minutes ago 530.1 MBredis 3.0 77904efd4524 2 minutes ago 185.7 MB

----End

3.4 Uploading Container ImagesAfter container images are built, upload them from the Docker client to the private containerregistry. The Docker client must have the permission to access the private container registry.Otherwise, the images cannot be uploaded.

NOTE

The procedure in this section is applicable only to:l Ubuntu and similar distributions (e.g. Debian)l CentOS and similar distributions (e.g. RHEL, Fedora)

Prerequisitesl You have registered an account to the management console.l Docker 1.10.0 or a later version has been installed.

You can download Docker at https://www.docker.com/ and install it by following theinstructions provided at https://docs.docker.com/.

l The frontend, redis, and redisslave images of the Guestbook application have beenbuilt on the Docker client.– frontend is the container image of the Frontend component.– redis is the container image of the Redis_master component.– redisslave is the container image of the Redis_slave component.

l The AK/SK file has been uploaded to the CCE.

ProcedureStep 1 Connect the Docker client to the private container registry.

1. On the CCE console, choose Container Registry > Upload Container Image >Download a certificate file to download the dockercfg file.Certificate files are valid for one year by default. If a certificate file has expired,download a new one.

Figure 3-8 Download a certificate file



24



NOTE

After you click Download a certificate file, different browsers will respond differently. For somebrowsers, the browser downloads the dockercfg file to the local default directory automatically.For other browsers, you are prompted to confirm whether to open or save the downloadeddockercfg file.

Example content in the dockercfg file:{"auths":{"172.20.124.81:443":{"auth":"X2F1dGhfdG9rZW46YTljYWI4YmNiZWJjNGNmMDhjZjkwODI1ODQxYzBhZWItVUdGS1Y4VVlVR09KSUZRVEw0VUwtMjAxNjA2MTcxODAzNTgtZTc1ZmJiNmFlNTIwYjA3ZTA4ZjY5OThiOGEyZGFiNTJiYjgyNWI4YjRhNDQ4YzMwNjRmNDBiZGI5OWE3NDQxMA==","email":""}}}Where 172.20.124.81:443 is an example address of the container registry.

2. Log in to the Docker client as the root user. Run the following command to enter the~/.docker directory:cd ~/.docker

NOTE

– You may also log in as any other user who is authorized to perform Docker operations.– If the ~/.docker directory does not exist on the Docker client, run the mkdir -p ~/.docker

command to create the directory.

3. Run the vi config.json command to copy the content of the dockercfg file to theconfig.json file.

4. Configure Docker parameters to authorize the Docker client to access the privatecontainer registry.

NOTE

For more information on how to configure Docker parameters, visit https://docs.docker.com/docker-trusted-registry/configure/config-security/.

– Ubuntu and similar distributions (e.g. Debian):Run the following command to add the container registry address (for example,172.20.127.81:443) obtained in Step 1.1 to the end of the "DOCKER_OPTS=--insecure-registry" line:vi /etc/default/dockerExpected settings:# Use DOCKER_OPTS to modify the daemon startup options.DOCKER_OPTS="--insecure-registry 172.20.124.81:443"

– CentOS and similar distributions (e.g. RHEL, Fedora):Run the following command to add the container registry address obtained in Step1.1, for example, 172.20.127.81:443, to the end of the "ExecStart=--insecure-registry" line:vi /usr/lib/systemd/system/docker.serviceExpected settings:[Service]Type=notifyExecStart=/usr/bin/docker daemon -H fd:// --insecure-registry 172.20.124.81:443MountFlags=slaveLimitNOFILE=1048576LimitNPROC=1048576LimitCORE=infinity

5. Run the following command to restart the Docker client so that the configured Dockerparameters can take effect:service docker restart



25

https://docs.docker.com/docker-trusted-registry/configure/config-security/


NOTICEFor CentOS7, run the systemctl daemon-reload command to update the docker.servicefile before you restart the Docker client.

Step 2 Run the following command to tag frontend, redis, and redisslave images.

Command syntax:

docker tag images_id 172.20.124.81:443/username/image_name:version

Where

l images_id is the container image ID.l 172.20.124.81:443 is the address of the private container registry acquired in Step 1.1.l username is the username used for uploading a container image.l image_name is the container image name.l version is the container image version.

To acquire the container image ID, image name, and image version, run the followingcommand:

docker images

Example commands for tagging container images:

docker tag c9fd36df346a 172.20.124.81:443/user1000/frontend:latest

docker tag e9d5f05942ad 172.20.124.81:443/user1000/redis:latest

docker tag 5f026ddffa27 172.20.124.81:443/user1000/redisslave:latest

Step 3 Run the following command to upload frontend, redis and redisslave images:

Command syntax:

docker push 172.20.124.81:443/username/image_name:version

Where

l 172.20.124.81:443 is the address of the container registry.l username is the username used for uploading a container image.l image_name is the container image name.l version is the container image version number.

Example commands:

docker push 172.20.124.81:443/user1000/frontend:latest

docker push 172.20.124.81:443/user1000/redis:latest

docker push 172.20.124.81:443/user1000/redisslave:latest

After the container images are uploaded successfully, information similar to the following isdisplayed:

The push refers to a repository [172.20.124.81:443/user1000/redisslave] ......



26

latest:digest:sha256:e59050aa3ed5c08fe9907a3ca0198cc85892c77ae17d90f4c54775691432827a size: 12019

To view the uploaded container images, choose Container Registry in the navigation pane ofthe CCE console. The uploaded images are then displayed in the right-hand side of the CCEconsole.

Figure 3-9 List of private container images

----End

3.5 Creating Component TemplatesYou can create a component template using the uploaded container images.

Background

A single containerized application consists of one or more components. Each component hasone or more containers.

When creating a component template from container images, specify:

l Network protocol

l Communications port

l Memory capacity

l CPU capacity

l Volume

l Environment variables

For the Guestbook application, three component templates must be created:

l gbkfrontend

l gbkredismaster

l gbkredisslave

Procedure

Step 1 Create the component template gbkfrontend.

1. On the CCE console, choose Component Template > Create Component Template.

The Create Component Template page is displayed.



27

Figure 3-10 Open the Create Component Template page

2. On the Create Component Template page, specify parameters of the componenttemplate gbkfrontend.

Figure 3-11 Define a component template

– Template NameName of the component template to be created. In the Frontend componentexample, the template name is gbkfrontend.

NOTE

A component template name can be 1 to 24 characters long. It must begin with a lowercaseletter and contain only lowercase letters, digits, and hyphens (-).

– Container ImageName and version number of the container image that will be used to create thecomponent template.Container images are classified into two types:n Internal container images, which are stored in CCE's container registry.n External container images, which are stored in container registries from other

sources.



28

– Network and PortNetwork protocol and listening port used by the component.In the gbkfrontend example, Network is TCP and Port is 80.

– Memory and CPUMemory capacity and CPU capacity of the component.In the gbkfrontend example, Memory is 64 MB and CPU is 100 mcores.Note that 1 core is equal to 1000 mcores.

– Support CPU overproportioningIf only one container supports CPU overweight, the container can use availableresources on the node, in addition to the CPU capacity of the container.If multiple containers support CPU overweight, they can additionally shareavailable resources on the node on a percentage basis. For example, if the CPUcapacity of container A is 100 mcores and the CPU capacity of container B is 300mcores, then they share available resources on the node at a ratio of 1:3.Usually, the default value of Support CPU overproportioning is retained.

– Volumes and Environment VariablesYou can leave these fields unspecified.

3. Click OK to complete the creation.

Step 2 Repeat Step 1 to create gbkredismaster and gbkredisslave templates.

NOTE

The default port number of the Redis components is 6379. The port number must be the same as thatdefined in section 3.3 Building Container Images.

The created component templates are listed on the Component Template page.

Figure 3-12 View component templates

----End

3.6 Creating a Containerized ApplicationCreate your containerized application after creating a container cluster and template. Thissection uses the Guestbook application as an example to describe how to create acontainerized application from a component template.

Prerequisitesl The container cluster on which the Guestbook application will run has been created.



29

l The component templates that will be used to create the Guestbook application havebeen created.

Procedure

Step 1 Specify containerized application parameters.

1. On the CCE console, choose App Manager > Create Containerized App.

The Create Containerized App page is displayed.

Figure 3-13 Open the Create Containerized App page

2. On the Create Containerized App page, specify containerized application parameters.

Figure 3-14 Specify containerized application parameters



30

– Template TypeType of the template that will be used to create the containerized application.There are two types of templates: application template and component template.In the Guestbook example, Component template is selected.For details on how to create a containerized application using an applicationtemplate, see section 4.4.1 Creating a Containerized Application.

– Container ClusterContainer cluster on which the containerized application will run.In the Guestbook example, the cluster name is gbk.

– App NameName of the containerized application to be created.An application name can be 1 to 24 characters long. It must begin with a lowercaseletter and contain only lowercase letters, digits, and hyphens (-).In the Guestbook example, the application name is guestbook.

Step 2 Create the Frontend component.

1. On the Create Containerized App page, click Create Component.The Create Component page is displayed.

Figure 3-15 Open the Create Component page

2. Specify component parameters.– Template Name

Component template created in section 3.5 Creating Component Templates.In the Frontend component example, the template name is gbkfrontend.

– Component NameName of the component to be created.



31

NOTE

A component name must begin with a lowercase letter and contain only lowercase letters,digits, and hyphens (-).

– NodeNode on which the component will run.

– InstancesNumber of instances that the component has. Every instance is shipped as acontainer.In the Frontend component example, the number of instances is 1.

– Service NameA service name serves a similar purpose as a domain name. Components areaddressed by their service names.In the Frontend component example, the service name is frontend.

NOTE

A service name can be 1 to 24 characters long. It must begin with a lowercase letter andcontain only lowercase letters, digits, and hyphens (-).

– Public ServiceIndicates whether the component is accessible to external networks.In the Frontend component example, Public Service must be selected. Otherwise,the Frontend component is not accessible to Guestbook users.n Service Type

The value is either NodePort or LoadBalancer.In the Frontend component example, NodePort is selected.

n Network ProtocolThe value is either TCP or UDP. In the Frontend component example, TCP isselected.

n Container PortListening port used by the component. It is advisable to retain the defaultvalue.

n Node PortPort that a node will use to provide services externally. In the Guestbookexample, an automatically allocated node port is selected.

3. Click OK.

Step 3 Repeat Step 2 to create Redis_master and Redis_slave components.

The Redis_master and Redis_slave components do not need to provide external access.Therefore, Public Service should be deselected.

NOTICEThe entered service name must be the same as the service name defined in the process ofBuilding a Container Image of the Frontend Component. The Frontend component mapsthe service name of the Redis_master component into the IP address of the Redis_masterwhile attempting to access Redis_master.



32

Figure 3-16 Create the Redis_master component

Figure 3-17 Create the Redis_slave component

Step 4 Click OK to complete the creation of containerized application.

It takes about 3 to 5 minutes to create a containerized application. If the Status of theapplication is Running, the application has been created successfully.



33

Figure 3-18 View a containerized application

Step 5 Acquire the Guestbook service address.

1. On the list of containerized applications, click the name of the Guestbook application orclick Manage for the Guestbook application.

Figure 3-19 Open the application management page

2. Click the icon next to any component of the Guestbook to show the componentinformation. Click the Basic Info tab to view the service address.

NOTE

If the service type is NodePort, the service address is <Public IP address>:<Node port> of anynode in the cluster. To view nodes' public IP addresses, open the Nodes tab page on the ContainerCluster page.

Figure 3-20 View the Guestbook service address

Step 6 Access the Guestbook application using the service address.



34

Figure 3-21 Access the Guestbook application

----End



35

4 Operation Guide

This chapter provides details about the operations allowed by every CCE service.

NOTE

The following browsers are recommended for use with the CCE console:

l Internet Explorer 10 or later

l Google Chrome 31 or later

l Firefox 27 or later

4.1 Dashboard

4.2 Cluster Manager

4.3 Component Template

4.4 App Manager

4.5 App Designer

4.6 Container Registry

Cloud Container EngineUser Guide 4 Operation Guide


36

4.1 DashboardDashboard offers immediate visibility into your containerized applications, including:

l Total number of container clustersl Total number of containerized applicationsl Total number of templatesl Total number of container imagesl Container cluster statusl Containerized application status

Figure 4-1 Dashboard

Clicking Container Clusters under My Resources redirects you to the Cluster Managerpage.

Similarly, if you click Containerized Apps, you will be redirected to the App Managerpage; if you click Templates, you will be redirected to the Component Template page; ifyou click Container Images, you will be redirected to the Container Registry page.

4.2 Cluster ManagerThe Cluster Manager manages a private container cluster on which your containerizedapplication will run.

Each user can create a maximum of two container clusters. A container cluster consists of amaximum of 15 nodes.

On the Cluster Manager page, you can create, manage, or delete a container cluster.

4.2.1 Creating a Container ClusterCreate a container cluster on which your containerized application will run.

Prerequisitesl Your valid AK/SK file has been uploaded to CCE.



37

For details about how to upload an AK/SK file, see 2.1 Uploading AK/SK File.l A VPC has been created.

For details about how to create a VPC, see 2.2 Creating a VPC.l An SSH key has been created.

For details about how to create an SSH key, see 2.3 Creating a Key Pair.

Procedure

Step 1 On the CCE console, choose Cluster Manager > Create Container Cluster.

The Create Container Cluster page is displayed.

Figure 4-2 Open the Create Container Cluster page

Step 2 On the Create Container Cluster page, specify parameters of the container cluster.



38

Figure 4-3 Specify container cluster parameters

l NameName of the container cluster to be created.

NOTE

A container cluster name must begin with a lowercase letter and contain only lowercase letters,digits, and hyphens (-).

l VPCVPC where the container cluster is located.

l SubnetSubnet where nodes in the container cluster run.

Step 3 Click OK.

A tab with the name of the newly created container cluster is displayed. You can click AddNode to add a node to the container cluster. For more information, see Adding a Node.



39

Figure 4-4 Container cluster information

----End

4.2.2 Managing a Container ClusterAfter you create a container cluster, the cluster management page is displayed.

Figure 4-5 Manage a container cluster

You can manage a container cluster, including:

l 4.2.2.1 Nodesl 4.2.2.2 Servicesl 4.2.2.3 Monitoringl 4.2.2.4 Eventsl 4.2.2.5 Basic Info

4.2.2.1 Nodes

On the Nodes tab page, you can add or delete a node, and query the basic information,allocatable CPU, allocatable memory, and network throughput of a node.

Nodes are used to run containers. Every node is an ECS server armed with two EVS disks.One of these disks is a 40-GB system data disk and the other is a user data disk.

A user data disk contains the following three directories:

l /dev/mapper/vg--paas-dockerdata



40

This directory can occupy a maximum of 90% of the total disk capacity. It is mounted tothe /mnt/paas/kubernetes directory on an ECS and stores kubernetes data of users.

l /dev/mapper/vg--paas-dockermetadataThis directory can occupy a maximum of 5% of the total disk capacity.

l /dev/mapper/vg--paas-kubernetesThis directory can occupy a maximum of 5% of the total disk capacity.

Docker uses the devicemapper+direct lvm mode. In this mode, Docker uses /dev/mapper/vg--paas-dockerdata and /dev/mapper/vg--paas-dockermetadata to store Docker data andmetadata and does not mount them to any ECS directory.

Configurations of ECS servers where nodes reside are initialized using Cloud-Init. The presetuser name is linux and the initial password is cloud.1234. The user name linux is a commonaccount pre-configured in the cloud.cfg file (Cloud-init configuration file). This account issecure. Change the initial password after initial login.

NOTE

Do not perform operations on the ECS servers where nodes reside. This is because such ECS servers runa custom Linux operating system and do not support certain open-source Linux commands.

Adding a NodeStep 1 On the cluster management page, click the Nodes tab.

The Nodes tab page is displayed.

Figure 4-6 Nodes tab page

Step 2 On the Nodes tab page, click Add Node.

The Add Node page is displayed.

Figure 4-7 Add Node page



41

Step 3 On the Add Node page, specify node parameters.l Node Type

Type of ECS server that will be used as a node.The following are the recommended use scenarios for each node type:– General-purpose

Applications have no special requirements on CPUs, memory, disks, andbandwidth, but have high requirements on security and reliability. Customersrequire low initial investment and maintenance costs.

– Computing IApplications have high requirements on bandwidth and require online databackhaul in real time and storage- or ECS-based video content processing.

– Computing IIApplications have high requirements on computing performance and storagecapacity.

– Memory-optimizedApplications require large memory and rapid data switching and processing. Theyprocess large volumes of frequently accessed data.

l SpecificationsCPU and memory capacity of the node.By default, the following amount of CPU and memory resources on a node areconsumed to manage the node:– Operating system consumes 340-MB memory.– The node agent on the first node of the container cluster consumes 0.71-core CPU

and 170-MB memory.– The node agent on each of the remaining nodes consumes 0.4-core CPU and 170-

MB memory.Your containerized applications will use the remaining CPU and memory resources onthe node.The minimum node specifications are 1 core and 2048 MB. The maximum nodespecifications are 32 cores and 128 GB.

l QuantityThe number of nodes you plan to buy to run containers.

l DiskEVS disks are classified into system and data disks.EVS disks deliver three levels of I/O performance:– Common I/O: The EVS disk uses Serial Advanced Technology Attachment (SATA)

storage.– High I/O: The EVS disk uses SAN attached storage (SAS) storage.– Ultra-high I/O: The EVS disk uses solid state disk (SSD) storage.Capacity of the system disk is hard-coded to be 40 GB. Capacity of the data disk is userconfigurable and ranges from 100 GB to 32768 GB. The default capacity is 100 GB.

l Key PairThe key pair name specified in 2.3 Creating a Key Pair.



42

Step 4 Click Add Now.

Step 5 click Submit.

It takes about 20 to 30 minutes to create a node. If the Status of the newly created node isAvailable, the node has been created successfully.

Every node in a container cluster is an ECS server armed with two EVS disks. One of thesedisks is a 40-GB system data disk and the other is a user data disk.

----End

Deleting a NodeYou can delete multiple nodes or a single node at one time.

l To delete multiple nodes at a time, perform the following steps:

a. On the Nodes tab page, select the nodes you want to delete.

Figure 4-8 Select nodes

b. Click Delete Node next to the Add Node button.The Delete dialog box is displayed, prompting you to confirm whether to proceedwith the deletion.

c. Click Yes to complete the deletion.l To delete a single node, perform the following steps:

a. Select the node you want to delete and click the Delete button under Operation.

Figure 4-9 Delete a single node

b. On the Delete dialog box, click Yes to complete the deletion.

Querying Node InformationThere are two methods for querying node information.

Method 1: On the Nodes tab page, click the icon next to a node to show the followinginformation about the node:l Basic info, including information about the system disk, data disk, operating system,

public IP address, node specifications, private IP address, and node creation time



43

l CPU usagel Memory usagel Network throughput

Figure 4-10 Node information

Method 2: On the Nodes tab page, click the name of a node you want to query.

Figure 4-11 Node information

The following node-related information is displayed:

l Basic infoBasic info is displayed on the top of the page, including information about the systemdisk, data disk, operating system, public IP address, node specifications, private IPaddress, and node creation time.

l Instance informationAn instance refers to an application component instance.



44

Click the Instance (N) tab, for example, Instance(4), where 4 indicates the number ofinstances that run on the node. The namespace, name, status, age, address, and creationtime of instances are then displayed.

l Monitoring dataClick the Monitoring tab. The CPU usage, memory usage, and network throughput ofthe node are then displayed. You can choose to view monitoring data from the last hour,last three hours, or last 12 hours.

l Event informationClick the Events tab. The occurrence time, and event description are then displayed. Youcan specify the event start time and event end time to narrow down the search for nodeevents.

Figure 4-12 Node events

4.2.2.2 ServicesA service defines a set of instances and a means for accessing them, such as a single stable IPaddress and corresponding DNS name.

Viewing the Service ListClick the Services tab page of the container cluster you want to manage. Service informationof all services used by the container cluster is then displayed, including:

l Service namel Namespacel Service typel Cluster IP addressl Load Balancer IP addressl Service portl Operation

Figure 4-13 Services list



45

The service list contains:

l Services created on the Create Component page, which is displayed when you arecreating a containerized application using a component template.

l Services created on the Port Properties window, which is displayed after you use theApp Designer to drag a port into a container.

l Services created by calling an API

For services created on the CCE console, their namespace is default. For servicescreated by calling an API, their namespace is user defined.

NOTICEDeleting a service may result in unexpected behavior of the containerized application thatuses the service.

Deleting a Service

Click the Delete button for the service you want to delete.

4.2.2.3 Monitoring

Click the Monitoring tab of a container cluster. CPU usage and memory usage of thecontainer cluster are then displayed.

Figure 4-14 Monitoring data

The horizontal axis is time, and the vertical axis is CPU or memory usage.

4.2.2.4 Events

Click the Events tab of a container cluster. Event information of the container cluster is thendisplayed.



46

Figure 4-15 Event information

You can specify the event start time and event end time to narrow down the search forcontainer cluster events.

Event information includes:

l Event NameName of an event.

l Generated OnTime at which an event occurs.

l DescriptionDescription of an event.

4.2.2.5 Basic InfoClick the Basic Info tab of a container cluster. Basic information about the container cluster isthen displayed.

Figure 4-16 Basic cluster information

Basic information includes the name, creation time, VPC, subnet, node count, and descriptionof the container cluster.



47

4.2.3 Deleting a Container Cluster

Procedure

NOTICEl Deleting a container cluster will also delete the containerized applications on the cluster.l A container cluster with active services cannot be deleted. Before deleting such a container

cluster, go to the Services tab page on the Cluster Manager page to delete these services.

Step 1 On the tab page of a container cluster you want to delete, choose Operation > Delete.

Figure 4-17 Delete a container cluster

Step 2 Type the name of the container cluster to confirm that you want to proceed with the deletion.

Figure 4-18 Confirm whether to continue deleting a container cluster

Step 3 Click Yes to complete the deletion.

----End



48

4.3 Component TemplateA component template defines the container image address, network protocol,communications port, memory capacity, CPU capacity, volumes, and environment variables.

You can create a component template using the container image you have uploaded.

Creating a Component Template

Step 1 On the CCE console, choose Component Template > Create Component Template.

The Create Component Template page is displayed.

Figure 4-19 Open the Create Component Template page

Step 2 On the Create Component Template page, specify template parameters.

Figure 4-20 Define a component template



49

l Template NameName of the component template to be created.

NOTE

A component template name can be 1 to 24 characters long. It must begin with a lowercase letterand contain only lowercase letters, digits, and hyphens (-).

l Container ImageName and version number of the container image that will be used to create thecomponent template.Container images are classified into two types:– Internal container images, which are stored in CCE's container registry.– External container images, which are stored in container registries from other

sources.l Network and Port

Network protocol and listening port used by the component. A maximum of 10 pieces ofNetwork and Port configuration items can be configured.

l Memory and CPUMemory capacity and CPU capacity of the component.CPU capacity is measured in mcores. 1 core is equal to 1000 mcores.

NOTE

The memory capacity and CPU capacity defined in a component template cannot exceed those ofthe node on which the containerized application will run. Otherwise, creating the containerizedapplication will fail.

l Support CPU overproportioningIf only one container supports CPU overweight, the container can use available resourceson the node, in addition to the CPU capacity of the container.If multiple containers support CPU overweight, they can additionally share availableresources on the node on a percentage basis. For example, if the CPU capacity ofcontainer A is 100 mcores and the CPU capacity of container B is 300 mcores, then theyshare available resources on the node at a ratio of 1:3.

l VolumesA volume is a specially-designated directory within one or more containers that bypassesthe Union File System. Using a volume means mounting an absolute path on a host (alsocalled a node) to a path on a container, thereby achieving sharing between hosts andcontainers. A maximum of 10 volumes can be configured.There are two ways to define a volume:– Specify the Volumes parameter on either the Create Component Template page or

the Create App Design page of the CCE console– Run the docker run command with the -v optionFor example, to mount the /src/webapp directory on a host to the /opt/webapp directoryon the frontend container, run the following command:docker run -d -P --name frontend -v /src/webapp:/opt/webapp frontend

l Environment VariablesAn environment variable refers to a container runtime variable. A maximum of 30environment variables can be defined in a component template. The variables of acontainerized application can be modified even after the application is deployed,allowing for great flexibility in application management.



50

There are two ways to define an environment variable:– Specify the Environment Variables parameter on the CCE console– Specify the ENV parameter in the Dockerfile

NOTE

l To avoid information leakage, ensure that environment variables do not contain sensitiveinformation such as usernames and passwords.

l If sensitive information is required, encrypt it before setting it as an environment variable. Thesensitive information is decrypted only when an application uses the environment variable.

Step 3 Click OK to complete the creation of the component template.

----End

Modifying a Component Template

Step 1 On the Component Template page, click Modify for the component template you want tomodify.

The Modify Component Template page is displayed.

Figure 4-21 Open the Modify Component Template page

Step 2 Modify template parameters.

For details, see Step 2 in Creating a Component Template.

Step 3 Click Update.

The "Template modified successfully" message is displayed.

----End

Viewing a Component Template

Step 1 On the Component Template page, click View for the component template you want to view.

Information about the component template is displayed.

Step 2 View the component template information.

----End

4.4 App Manager



51

4.4.1 Creating a Containerized ApplicationA containerized application is created using either a component template or an applicationtemplate.

Prerequisitesl A container cluster has been created.l A component template or application template has been created.

Procedure

Step 1 On the CCE console, choose App Manager > Create Containerized App.

The Create Containerized App page is displayed.

Figure 4-22 Open the Create Containerized App page

NOTE

Step 2 and Step 3 are optional.

Step 2 Create a containerized application using a component template.

1. On the Create Containerized App page, select the Component template as thetemplate type.

2. Select the container cluster name, specify the containerized application name.3. Click Create Component.

The Create Component page is displayed.



52

Figure 4-23 Open the Create Component page

4. Specify component parameters.– Template Name

Name of the component template you want to use.– Component Name

Name of the component to be created.

NOTE

A component name can be 1 to 24 characters long. It must begin with a lowercase letter andcontain only lowercase letters, digits, and hyphens (-).

– NodeNode on which the component will run.

– InstancesNumber of instances that the component has. Every instance is shipped as acontainer.

– Service NameA service name serves a similar purpose as a domain name. Components areaddressed by their service names.

NOTE

A service name can be 1 to 24 characters long. It must begin with a lowercase letter andcontain only lowercase letters, digits, and hyphens (-).

– Public ServiceIndicates whether the component is accessible to external networks.If Yes is selected, the following parameters are displayed:n Service Type

Indicates whether the component uses a NodePort or LoadBalancer.



53

n ELB InstanceMandatory if Service Type is set to LoadBalancer.

NOTE

If no ELB instance is available to select from, return to the ELB console to create anew ELB instance. For details, see 2.4 Creating an ELB Instance (Optional). After anew ELB instance is created, it is displayed in the ELB Instance drop-down list.

n Network ProtocolNetwork protocol to be used by the component.

n Container PortListening port to be used by the component.

n Node PortPort used to provide service externally. The port number is either automaticallyallocated or defined by the user. The port number ranges from 30000 to 32767(inclusive).

5. Click OK to complete component creation.

Step 3 Create a containerized application using an application template.

1. On the Create Containerized App page, select the App template as the template type.

NOTE

Application templates are created using the graphic App Designer.

2. Specify the container cluster name and containerized application name.

NOTICEIf a containerized application is created from an application template, the applicationmust be deployed on a container cluster in which all nodes have a EIP. Otherwise, theapplication will be inaccessible to users.

3. Select an application template from the App Template drop-down list.4. Click OK.

The App Designer page is displayed.Information about the created containerized application is displayed.

Figure 4-24 App Designer page

Step 4 Acquire the application access address.

After the application is successfully created, you can access it from a browser.



54

To acquire the application access address, perform the following steps:

1. On the list of containerized applications, click Manage for the application.


2. Click the icon next to any component of the application to show the componentinformation. Click the Basic Info tab to view the access address.

NOTE

– If the service type is NodePort, the service address is <Public IP address>:<Node port> of anynode in the cluster. To view nodes' public IP addresses, open the Nodes tab page on theContainer Cluster page.

– If the service type is LoadBalancer, the service address is <Load balancer IPaddress>:<Container port>.

– If the service type is ClusterIP, the application is only reachable from inside of the cluster andthe service address is <Cluster-internal IP address>:<Node port>.

Figure 4-26 View the application access address

----End

4.4.2 Updating a Containerized ApplicationAfter a containerized application is created, you can adjust its settings, including:

l Updating the container images of application components and the number of instances

l Configuring the number of instances that can be batch updated

l Adding component descriptions

Procedure

Step 1 On the App Manager page, click Update for a containerized application you want to update.

Details about the containerized application are displayed.



55

Figure 4-27 Display details about a containerized application

Step 2 Modify containerized application parameters.

Figure 4-28 Modify containerized application parameters

The following parameters are mandatory:

l InstancesNumber of instances that the component has. Every instance is shipped as a container.

l Instances to Be Batch UpdatedNumber of instances that can be updated all at once.The value is less than or equal to the total number of instances that the component has.The default value is 1.This parameter is applicable to multi-instance applications. For example, if a componenthas 10 instances and the value of Instances to Be Batch Updated is 1, then the 10instances will be updated one by one

l Container ImageContainer image used by the component.Any changes to a container image trigger a rolling update. During a rolling update, CCEdeletes the current instance, uses the new image to create a new instance, and loadsinformation about the current instance (such as port information) into the new instance. It



56

is recommended that the source version and target version used for a rolling updatebelong to the same container image.If you change the number of instances without updating the container image, the changeis actually an instance scaling.

Step 3 Click Update to complete the modification.

The CCE console displays the updating process.

Step 4 Return to the App Manager page to check status of the application you have updated.l If Status is Updating, the application is being updated.

The amount of time required to complete the update depends on network speed andimage size. If the update does not finish within three hours, the CCE stops the update andinitiates a rollback.You can manually stop the update and roll it back whenever needed. To stop the update,choose More > Stop on the Operation column of the corresponding application row.

l If Status is Running, the application is successfully updated.l If Status is Failed, updating the application fails.

In this case, either delete the application and re-create it or wait three hours until theCCE initiates a rollback.

----End

4.4.3 Managing a Containerized ApplicationAfter a containerized application is created, you can perform the following managementoperations:

l Querying basic application informationl Monitoring application performancel Querying event informationl Configuring auto scaling policiesl Querying logs

Procedure

Step 1 On the App Manager page, click Manage for the containerized application you want tomanage.

The management page is displayed.




57

Figure 4-30 Application management page

Step 2 In the Component area, click the icon next to a component of the containerizedapplication to view its information, including:

l 4.4.3.1 Basic Infol 4.4.3.2 Monitoringl 4.4.3.3 Eventsl 4.4.3.4 Auto Scalingl 4.4.3.5 Log Analysis

----End

4.4.3.1 Basic Info

Click the Basic Info tab.

The Basic Info tab page is displayed.

Figure 4-31 Open the Basic Info tab page

On the Basic Info tab page, the following information is displayed:



58

l NetworkService name, service type, service address, network protocol, container port, and nodeport.

l VolumeSource path (absolute path on a node) and destination path (path on a container), whichare specified either when you are creating a component template or making a graphicapplication design.

l Environment VariableKey and value of every environment variable, which are specified either when you arecreating a component template or making a graphic application design.

l InstanceName, container IP address, status, restart times, and age of every instance that theselected component has.

4.4.3.2 Monitoring

The Monitoring tab page displays CPU usage, memory usage, and network throughput ofevery instance that the selected component has.

Procedure

Step 1 Click the Monitoring tab.

The Monitoring tab page is displayed.

NOTE

It takes some time to compute CPU usage. When you are using the monitoring function for the firsttime, CPU usage is displayed about one minute later than memory usage.

Figure 4-32 Open the Monitoring tab page

Step 2 Select an instance name.

The CPU usage and memory usage of the instance are displayed.

l CPU usage



59

Figure 4-33 CPU usage

The horizontal axis is time, and the vertical axis is CPU usage.The green line indicates CPU usage, and the red line indicates CPU usage limit.

NOTE

– If you select Support CPU overweight on the Create Component Template page, the redline is no longer displayed.

– CPU usage is displayed only for a running instance.

l Memory usage

Figure 4-34 Memory usage

The horizontal axis is time, and the vertical axis is memory usage.The green line indicates memory usage, and the red line indicates memory usage limit.

NOTE

Memory usage is displayed, regardless of whether the instance is running.

l Network throughput



60

Figure 4-35 Network throughput

The horizontal axis is time, and the vertical axis is network throughput.

----End

4.4.3.3 Events

The Events tab page displays container events that meet predefined criteria.

Procedure

Step 1 Click the Events tab.

Step 2 Specify search criteria.

Table 4-1 Event search criteria

Parameter Description

Start Time Search start time.

End Time Search end time.

Event Name Name of events, which can be:l Alll K8SPodCreatel K8SPodStartl K8SPodScheduledl K8SPodKillingl K8SPodPulledl K8SPodStartFaill K8SEvent

Instance Name Name of the instance whose events you want to search for.



61

Step 3 Click Search to search for matching events.

----End

4.4.3.4 Auto ScalingAuto scaling is classified into:

l DynamicThe number of instances is dynamically adjusted based on CPU or memory usage of thecontainerized application.

l ScheduledThe number of instances is adjusted periodically or at a predefined time.

The two types of auto scaling can be used together.

Dynamic Scaling

Step 1 Add a dynamic scaling policy.

1. Click the Auto Scaling tab.The Auto Scaling tab page is displayed.

Figure 4-36 Open the Auto Scaling tab page

2. Expand the Dynamic Policy area.



62

Figure 4-37 Add a dynamic policy

3. Configure policy parameters.

Table 4-2 Basic settings

Parameter Description Value

Minimum Instances The minimum number ofinstances that a containerizedapplication must have afterdynamic scaling.

Value range: 1 to N, where Nis the total number ofinstances that thecontainerized applicationhas.

Maximum Instances The maximum number ofinstances allowed on acontainerized applicationafter dynamic scaling.

Value range: N to 10, whereN is the total number ofinstances that thecontainerized applicationhas.



63

Table 4-3 Trigger type

Parameter Description Value Remarks

Trigger Type Type of resourcewhose usage is usedas the triggeringcondition for thedynamic scalingpolicy.

CPU orMemory.

If the average CPU ormemory usage within themeasurement periodremains above the upperlimit (for example, 50mcores or 50 MB) for aperiod of time, X instanceswill be automaticallyadded.Conversely, if the averageCPU or memory usagewithin the measurementperiod remains below thelower limit (for example, 1mcore or 1 MB) for aperiod of time, X instanceswill be automaticallydeleted.Users can configure theupper limit, lower limit,and X (number of instancesto be added/deleted).

Policy Name Name of thedynamic scalingpolicy.

The policy namemust begin witha letter andcontain onlyletters, digits,and underscores(_).

None.

Table 4-4 Advanced settings


MeasurementPeriod

Measurement periodover which resourceusage is averaged.

30 to 1800seconds.

None.



64


ResourceAdjustmentPeriod

Period of time forwhich the averageresource usage mustremain above theupper limit or belowthe lower limitbefore the dynamicscaling policy istriggered.

60 to 3600seconds.

For example, if thevalue of thisparameter is set to60s, then the dynamicscaling policy isenforced when theCPU usage exceedsthe specified limit for60s. This can reducethe number of scalingattempts whenresource usagefluctuates.

Scale-Out Cool-Down Period

Interval betweenconsecutive scale-outs.

600 to 3600seconds.

The cool-down periodensures that no newscale-out will beinitiated while thecurrent scale-out isunderway.

Scale-In Cool-Down Period

Interval betweenconsecutive scale-ins.

600 to 3600seconds.

The cool-down periodensures that no newscale-in will beinitiated while thecurrent scale-in isunderway.

CCE measures resource usage every 15 seconds.

For example, if the measurement period is 60 seconds, the resource overuse/underuseperiod is 300 seconds, the cool-down period between scale-outs is 1000 seconds, and thecool-down period between scale-ins is 2000 seconds.

Every 10 seconds, the CCE measures the average resource usage over the previous 60seconds. If the average resource usage remains above the upper limit or below the lowerlimit for 300 seconds, the dynamic scaling policy is triggered. Within 1000 seconds aftera scale-out occurs, no scale-out will be triggered. Within 2000 seconds after a scale-inoccurs, no scale-in will be triggered.

4. Click Save.

If is displayed next to Dynamic Policy, the dynamic scaling policy issuccessfully added.

If you change the policy status from to , the dynamic scalingpolicy does not take effect.



65

Step 2 After the policy takes effect, view scaling history.

1. Expand the Scaling History area.

Figure 4-38 Expand the Scaling History area

2. Click Show Scaling History to view scaling history.

Figure 4-39 Scaling history

Table 4-5 Query result


Policy Action Indicates whether a scale-in orscale-out is triggered.

– scale_in_k8s: A scale-in istriggered.

– scale_out_k8s: A scale-out istriggered.

Status Status of dynamic scaling. – Pending: Auto scaling isunderway.

– Blocked: Auto scaling isblocked because themaximum or minimuminstance limit has beenreached.

– Success: Auto scaling issuccessful.

– Error: An error wasencountered during autoscaling.

Description Details about the dynamicscaling.

-

Scaling starttime

Time at which dynamic scalingstarts.

-

Scaling endtime

Time at which dynamic scalingfinishes.

-



66

----End

Scheduled Scaling

Scheduled scaling is classified into periodic and timed scaling.

l Periodic policy

a. On the Auto Scaling tab page, expand the Scheduled Policy area.

b. In the Scheduled Policy area, expand the Periodic Policy section.

c. Specify parameters of the periodic scaling policy.

Table 4-6 Parameters of a periodic policy


Policy name Name of the periodic scaling policy.The policy name must begin with a letter and contain onlyletters, digits, and underscores (_).

Start Time Validity period of the periodic policy.

End Time

Frequency Frequency at which the periodic scaling policy is enforced.Value:l Dailyl Weeklyl Monthly

Triggered at Time at which the periodic policy is enforced.

Policy Action Indicates whether to add, reduce, or set an instance for thecontainerized application.Value:l Addl Deletel Set

Instances Number of instances to be added, deleted, or set.Value range: 1–10

OverridePeriod

Cool-down period after a periodic policy takes effect, whichindicates that no dynamic policy is enforced in this period.Value range: 0 to 86400 seconds

Operation Click to delete the periodic scaling policy.

d. (Optional) Click Add More and repeat c to add other periodic scaling policies.



67

e. Click Create to create the periodic scaling policies.l Timed policy

a. In the Scheduled Policy area, expand the Timed Policy section.b. Specify parameters of the timed scaling policy.

Table 4-7 Timed policy parameters


Policy name Name of the timed scaling policy.The policy name must begin with a letter and containonly letters, digits, and underscores (_).

Triggered at Time at which the timed scaling policy is enforced.

Policy Action Indicates whether to add, reduce, or set an instance forthe containerized application.Value:l Addl Deletel Set

Instances Number of instances to be added, deleted, or set.Value range: 1–10

Override Period Cool-down period after a timed policy takes effect,which indicates that no dynamic policy is enforced in thisperiod.Value range: 0 to 86400 seconds

Operation Click to delete the timed scaling policy.

c. (Optional) Click Add More and repeat b to add other timed scaling policies.d. Click Create to create the timed scaling policies.

l Policy listExpand the Policy List area to view scheduled scaling policies.

l Scaling history

a. Choose Scheduled Policy > Scaling History after scaling policies take effect.b. Click Show Scaling History to view scaling history.

Figure 4-40 Scaling history



68

Table 4-8 Query result


Policy Name Name of the scaling policy. -

Policy ID ID of the scaling policy. -

Policy Type Type of the scaling policy. -

Policy Action An indicator of whether ascale-in or scale-out istriggered.

l scale_in: A scale-in istriggered.

l scale_out: A scale-out istriggered.

Status Status of dynamic scaling. l Pending: Auto scaling isunderway.

l Blocked: Auto scaling isblocked because themaximum or minimuminstance limit has beenreached.

l Success: Auto scaling issuccessful.

l Error: An error wasencountered during autoscaling.

Description Details about the dynamicscaling.

-

Scaling starttime

Time at which dynamicscaling starts.

-

Scaling endtime

Time at which dynamicscaling finishes.

-

4.4.3.5 Log AnalysisOn the Log Analysis tab page, you can query logs, configure log aging time, and export logs.

Querying Logs

Step 1 Click the Log Analysis tab.

The Log Analysis tab page is displayed.

Step 2 Specify query criteria.



69

Table 4-9 Log query criteria


Keyword Keyword in logs to be queried.A maximum of 64 characters.

Log Type Type of logs to be queried.Value:l *: all logsl stdout: standard output logsl stderr: standard error logsDefault value: *

Log Lines Per Instance Number of log lines per instance.Value range: 1–1000Default value: 100

Instance Name Name of the instance.

Start Time Query start time.

End Time Query end time.

NOTE

If Start Time and End Time are left unspecified, log query starts from the current time.

Step 3 Click Search to query matching logs.

Figure 4-41 Example log query results

----End

Configuring Aging Time

If log aging time is specified, logs older than the aging time are deleted to free up the diskspace. If you change the log aging time of a containerized application in a container cluster,the log aging time of all the applications in the cluster will be changed accordingly.



70

Step 1 On the Log Analysis tab page, click Configure Aging Time.

The Configure Aging Time dialog box is displayed.

Figure 4-42 Configure aging time

By default, the aging time is 7 days.

Step 2 To change the aging time, specify a new aging time.

The value range is 1 to 30 days.

NOTE

For logs generated prior to the aging time change, the old aging time is applied. For logs generated afterthe aging time change, the new aging time is applied.For example, if you change the aging time from 7 days to 1 day at 15:30, June 1 2016, the logsgenerated prior to that time are retained for 7 days. The logs generated after that time are retained foronly one day.

Step 3 Click Yes.

----End

Exporting LogsAfter you click Export on the Log Analysis tab page, the CCE exports logs that meet thesearch criteria to a .log file. For example, if Log Lines Per Instance is 100, the .log filecontains only 100 log lines.

A .log file is in the JavaScript object notation (JSON) format. Every line in the file is a log.You can use the JSON formatting tool to format logs before viewing them.

Example .log file:



71

Example log:

{ "@timestamp": "2016-06-21T10:01:21.569Z", "@version": "1", "app_guid": "a8a35018-233d-4155-9757-0202d5f93d63", "docker": { "container_id": "9c3c4a41c910ed3299b5a48a2ad9bb3acc3ffd998081f071a46278995b082b5c" }, "instance_id": "*", "kubernetes": { "container_name": "container01", "host": "192.168.100.85", "labels": { "deployment": "a6db7c2b-d7d9-45a7-97ef-eec441aa4ed9", "name": "testnode2", "version": "1" }, "namespace_name": "default", "pod_id": "a9fec059-37ba-11e6-a790-fa163e21a9dc", "pod_name": "testnode2-0jqfn" }, "log": "172.16.94.0 - - [21/Jun/2016:17:59:43 +0000] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://192.168.136.37:31343/\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" \"-\"", "loglevel": "*", "message": "* * a8a35018-233d-4155-9757-0202d5f93d63 * * {\"log\":\"172.16.94.0 - - [21/Jun/2016:17:59:43 +0000] \\\"GET /favicon.ico HTTP/1.1\\\" 404 571 \\\"http://192.168.136.37:31343/\\\" \\\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\\\" \\\"-\\\"\\n\",\"stream\":\"stdout\",\"docker\":{\"container_id\":\"9c3c4a41c910ed3299b5a48a2ad9bb3acc3ffd998081f071a46278995b082b5c\"},\"kubernetes\":{\"namespace_name\":\"default\",\"pod_id\":\"a9fec059-37ba-11e6-a790-fa163e21a9dc\",\"pod_name\":\"testnode2-0jqfn\",\"container_name\":\"container01\",\"labels\":{\"deployment\":\"a6db7c2b-d7d9-45a7-97ef-eec441aa4ed9\",\"name\":\"testnode2\",\"version\":\"1\"},\"host\":\"192.168.100.85\"},\"time\":\"1466503183\"}", "node_id": "*", "origin": "*", "stream": "stdout", "syslog_message": "{\"log\":\"172.16.94.0 - - [21/Jun/2016:17:59:43 +0000] \\\"GET /favicon.ico HTTP/1.1\\\" 404 571 \\\"http://192.168.136.37:31343/\\\" \\\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\\\" \\\"-\\\"\\n\",\"stream\":\"stdout\",\"docker\":{\"container_id\":\"9c3c4a41c910ed3299b5a48a2ad9bb3acc3ffd998081f071a46278995b082b5c\"},\"kubernetes\":{\"namespace_name\":\"default\",\"pod_id\":\"a9fec059-37ba-11e6-a790-fa163e21a9dc\",\"pod_name\":\"testnode2-0jqfn\",\"container_name\":\"container01\",\"labels\":{\"deployment\":\"a6db7c2b-d7d9-45a7-97ef-eec441aa4ed9\",\"name\":\"testnode2\",\"version\":\"1\"},\"host\":\"192.168.100.85\"},\"time\":\"1466503183\"}", "tags": [ "ops_log" ], "time": "1466503183", "type": "syslog"}

Table 4-10 Parameters in a log


timestamp Time at which Logstash converts the log.



72


version Version number of Logstash schema.

app_guid ID of the container cluster.

docker container_id ID of the container on which the containerizedapplication runs.

instance_id Instance ID of the component of the containerizedapplication.

kubernetes container_name Name of the container on which the containerizedapplication runs.

host IP address of the node where the pod resides.

labels A label is used for establishing association between aservice, replication controller, and pod.l deployment: label of the replication controllerl name: label namel version: API version number

namespace_name Namespace used for user isolation.

pod_id Pod uuid.

pod_name Pod name.

log Log content.

loglevel Log level.

message Variable for log information storage.

node_id Node guid.

origin Origin of the log.

stream Log stream, which can be either stdout or stderr.

syslog_message Used for storing a certain field value in the loginformation.

tags Label used by Logstash to identify attributes of theevent.

time Time at which the log is generated.

type Log type.

4.4.4 Viewing an Application TopologyStep 1 On the App Manager page, choose More > Topology for the containerized application

whose topology you want to view.



73

The Topology page is displayed.

Figure 4-43 Open the Topology page

Step 2 View the topology of the containerized application.

The left-hand area displays the component status, components, and instances of thecontainerized application.

The right-hand area displays the application status.

l Running: The containerized application or component is running.

l Pending: The containerized application or component is suspended.

l Error: The containerized application or component encounters an error.

l Terminated: The containerized application or component stops running.

l Unknown: Status of the containerized application or component is unknown.

Figure 4-44 Open the Topology page

----End

4.4.5 Deleting a Containerized ApplicationYou can delete created containerized applications.



74

NOTICEl Containerized applications cannot be restored after they are deleted. Therefore, exercise

caution when deleting applications.l Deleting a containerized application with Elastic Load Balance (ELB) service may cause

the failure to delete the ELB listener. In this case, go to the ELB console, and manuallydelete the listener instance.

Step 1 On the App Manager page, select the containerized application to be deleted, and chooseMore > Delete, as shown in Figure 4-45.

Figure 4-45 Deleting the containerized application

Step 2 Click Yes in the displayed dialog box.

----End

4.5 App Designer

4.5.1 Graphic App DesignThe App Designer is a graphic orchestration tool that allows you to drag-and-drop to design acomplex containerized application and its topology. The graphic application design is saved asan application template. With the template, you can quickly create multi-containerapplications, making application deployment easier and more efficient.

Graphic App Design AreaThe Graphic App Design area is divided into Basic App Type (left side) and the orchestrationgrid area (right side).

You can drag components, containers, volumes, and ports to the orchestration grid area andlink them logically as a whole.

Figure 4-46 Graphic App Design



75

NOTICEThe name of any element in the graphic application design must be globally unique and 1 to24 characters long. It must begin with a lowercase letter and contain only lowercase letters,digits, and hyphens (-).

4.5.1.1 AppComponentAn AppComponent is a component of a containerized application. A single containerizedapplication consists of one or more components. In graphic app design, a component isallowed to have only one type of container and every container can have multiple instances.

Procedure

Step 1 Drag a component to the orchestration grid area on the right-hand side.

Figure 4-47 Design a component

Step 2 Click the component and specify component parameters.

The configuration page is displayed.

Figure 4-48 Specify component parameters



76

The following parameters are user configurable:

l Node nameName of a TOSCA node. If you do not want to use the default name, type a new namewhere the red rectangle is shown in Figure 4-48.

l composer.instancesNumber of instances that the component has. Every instance is shipped as a container.Value range: 1 to 10 (inclusive)

l nameComponent name.

l descriptionComponent description.

l DeleteClick to delete the component.

----End

4.5.1.2 ContainerIn a container design, you can specify environment variables, container images, and containerspecifications. Every container must have at least one port.

Procedure

Step 1 Drag a container to the orchestration grid area on the right-hand side.

Figure 4-49 Design a container

Step 2 Click the container and specify container parameters.



77

Figure 4-50 Specify container parameters



l nameName of the container.

l imagesourceSource of the image used by the container.Both internal and external container images are supported. Internal container images arestored in the container registry provided by CCE, and external container images arestored in container registries from other sources.

l imageAddress of the image used by the container.– For internal container images

An image address must be fewer than 256 characters and in the format:registry_address/image-name:tag.For example, user1000/frontend:latest.

– For external container images from Docker HubAn image address can be simply mysql:5.6.

– For external container images from other sourcesAn image address must be in the format: registry_address/user_name/image-name:tag.



78

l resourcesContainer specifications in the format of {"limits":{"cpu":"100mcore","memory":"10MB"}}, where 100mcore and 10MB are merely forillustrative purposes.

l container_envEnvironment variables of the container in the format of[{"name":"env_name1","value":"env_value1"},{"name":"env_name2","value":"env_value2"}].For example, if the environment variable is named os and takes the value hello, theenvironment variable is written as [{"name":"os","value":"hello"}].

NOTE

– To protect information confidentiality, do not include sensitive information such as usernamesand passwords into environment variables.

– If sensitive information needs to be contained in environment variables, encrypt theinformation before writing it into environment variables. The sensitive information isdecrypted only when a containerized application uses the environment variables.

l DeleteClick to delete the container.

----End

4.5.1.3 PortPorts are used for container communication. Every container must have at least one port.

Procedure

Step 1 Drag a port into a container.

Figure 4-51 Design a port

Step 2 Click the port and specify port parameters.



79

Figure 4-52 Specify port parameters



l protocolNetwork protocol used by the component.

Value: TCP or UDP.

l portListening port of the containerized application.

l serviceNameA service name serves a similar purpose as a domain name. Components access eachother using their service names.

l publicIndicates whether the port is accessible to external networks.

l DeleteClick to delete the port.

----End

4.5.1.4 Volume

A volume is a specially-designated directory within one or more containers that bypasses theUnion File System. A volume is sharable and reusable by containers.

It is your choice whether to use a volume.



80

Procedure

Step 1 Drag a volume into a container.

Figure 4-53 Design a volume

Step 2 Click the volume and specify volume parameters.

Figure 4-54 Specify volume parameters


l nameName of the volume.

l hostPathAbsolute path on the host (also called a node).Using a volume means mounting an absolute path on a host to a path on a container. Thisachieves sharing between the host and the container.



81

l mountPathPath on the container.

l readOnlyIndicates whether the volume is read-only.

l DeleteClick to delete the volume.

----End

4.5.1.5 Example: Creating an Application Template for Guestbook

The graphic App Designer is an intuitive, easy-to-use tool for creating application templates.

This section describes how to create an application template for Guestbook using the AppDesigner.

Procedure

Step 1 On the CCE console, choose App Designer > Create App Design.

Step 2 Create an application template.

1. Click the Add tab.An application template is created.

Figure 4-55 Add an application template

2. Rename the newly created template.The template name is automatically assigned, for example, template-51. To rename thetemplate, click Rename next to the Add button, type a new template name in the inputbox, and then click Rename next to the input box.

Figure 4-56 Rename an application template

Step 3 Drag required elements, such as AppComponents, containers, ports, and volumes, to theorchestration grid area on the right-hand side. Configure parameters of these requiredelements.

Step 4 Link the elements according to their logical relationship.



82

Step 5 Click Validate to check whether the graphic application design is correct.

Figure 4-57 Verify a graphic application design

l If error information is displayed, resolve the error as prompted.

l If the verification is successful, go to Step 6.

Step 6 Click Save to save the graphic application design as an application template.

Figure 4-58 Save a graphic application design as an application template

NOTE

Click Deploy to deploy the application template. For details, see 4.5.2 Deploying a ContainerizedApplication.

----End

ExampleThe following example describes how to create the Guestbook application template using theGraphic App Design.

Step 1 On the CCE console, choose App Designer > Create App Design.

Step 2 Create an application template.

1. Click the Add tab.An application template is created.

Figure 4-59 Add an application template



83

2. Rename the newly created template.The template name is automatically assigned, for example, template-10. To rename thetemplate, click Rename next to the Add button, type a new template name in the inputbox, and then click Rename next to the input box. In the Guestbook example, the newtemplate name is guestbook.

Figure 4-60 Rename an application template

Step 3 Design components of the Guestbook application.

1. Drag three AppComponents to the orchestration grid area.

Figure 4-61 Drag components

2. Click each component and specify component parameters.

Figure 4-62 Specify component parameters



84

The following parameters are optional:– Node name

Name of a TOSCA node. If you do not want to use the default name, type a newname where the red rectangle is shown in Figure 4-62.The components of the Guestbook application are Frontend, Redis_master, andRedis_slave.

– composer.instancesNumber of instances that the component has. Every instance is shipped as acontainer. In the Guestbook example, the default value is retained.

– nameComponent name. In the Guestbook example, the default value is retained.

– descriptionComponent description.

After component parameters are specified, the three components are displayed.

Figure 4-63 Configured components

Step 4 Design containers.

1. Drag a container into each of the three components.



85

Figure 4-64 Drag containers

2. Click the containers and specify container parameters.

Figure 4-65 Specify container parameters


Name of a TOSCA node. If you do not want to use the default name, type a newname where the red rectangle is shown in Figure 4-65. In the Guestbook example,the default value is retained.



86

– nameName of the container. In the Guestbook example, the default value is retained.

– imagesourceSource of the image used by the container. In the Guestbook example, internal isselected.

– imageAddress of the image used by the container. Images of these three containers areuser1000/frontend:latest, user1000/redis:latest, and user1000/redisslave:latest,respectively.

– resourcesContainer specifications in the format of {"limits":{"cpu":"100mcore","memory":"10MB"}}, where 100mcore and 10MB are merelyfor illustrative purposes.In the Guestbook example, the specifications of every container are {"limits":{"cpu":"100mcore","memory":"64MB"}}.

– container_envEnvironment variables of the container in the format of[{"name":"env_name1","value":"env_value1"},{"name":"env_name2","value":"env_value2"}]. In the Guestbook example, thedefault value is retained.

NOTE

n To protect information confidentiality, do not include sensitive information such asusernames and passwords into environment variables.

n If sensitive information needs to be contained in environment variables, encrypt theinformation before writing it into environment variables. The sensitive information isdecrypted only when a containerized application uses the environment variables.

Step 5 Design ports.

1. Drag a port into each of the three containers.2. Click the ports and specify port parameters.

Figure 4-66 Specify port parameters



87


Name of a TOSCA node. If you do not want to use the default name, type a newname where the red rectangle is shown in Figure 4-66. In the Guestbook example,the default value is retained.

– protocolNetwork protocol used by the component. In the Guestbook example, TCP isselected.

– portListening port of the containerized application. The port number of the Frontendcomponent can be 80. The port number of Redis_master and Redis_slavecomponents must be 6379.

NOTE

The default port number of the Redis components is 6379. The port number must be thesame as that defined in section 3.3 Building Container Images.

– serviceNameComponents access each other using their service names. For the Frontendcomponent, the default value is retained. For the Redis_master component, theservice name is redis-master. For the Redis_slave component, the service name isredis-slave.

– publicIndicates whether the port is accessible to external networks. In the Guestbookexample, true is selected for the Frontend component and False for Redis_masterand Redis_slave components.

Step 6 Connect components.



88

Figure 4-67 Connect components

Step 7 Click Validate to check whether the graphic application design is correct.

Figure 4-68 Verify a graphic application design

l If error information is displayed, resolve the error as prompted.

l If the verification is successful, go to Step 8.

Step 8 Click Save to save the graphic application design as an application template.



89

Figure 4-69 Save a graphic application design as an application template

NOTE

Click Deploy to deploy the application template. For details, see 4.5.2 Deploying a ContainerizedApplication.

----End

4.5.2 Deploying a Containerized ApplicationAfter you save a graphic application design as an application template, you can use theapplication template to deploy containerized applications.

ProcedureStep 1 On the App Designer page, click Deploy for the application template you want to deploy.

Figure 4-70 Open the application deployment page

Step 2 On the application deployment page, configure parameters of the application template youwant to use.

Figure 4-71 Specify application template parameters



90

The application template name is not configurable. Parameters which are configurableinclude:

l Container ClusterContainer cluster on which the application template will run.

NOTICEIf a containerized application is created from an application template, the applicationmust be deployed on a container cluster in which all nodes have a public IP address.Otherwise, the application will be inaccessible to users.

l App NameName of the containerized application you want to create by using the applicationtemplate.An application name must be globally unique. It must begin with a lowercase letter andcontain only lowercase letters, digits, and hyphens (-).

Step 3 Click Yes.

The CCE console returns you to the deployment history page. On that page, the status of theapplication template is Deploying.

When the status of the application template is Deployed, the application template issuccessfully deployed.

----End

4.5.3 Viewing an Application TemplateOn the App Designer page, choose More > History for the application template you want toview.

Figure 4-72 View deployment history of an application template



91

Figure 4-73 Application template information

4.5.4 Modifying an Application TemplateYou can modify an application template that has already been created.

Procedure

Step 1 In the navigation pane of CCE console, click App Designer.

The App Designer page is displayed, with a list of application templates that have beencreated.

Figure 4-74 Open the App Designer page

Step 2 On the list of application templates, click Modify for the application template you want tomodify.

The Graphic App Design area is displayed.

Figure 4-75 Modify an application template



92

Step 3 In the orchestration grid area (right side), modify the application template.

----End

4.5.5 Deleting an Application TemplateYou can delete an application template that has been created.

Procedure

Step 1 In the navigation pane of CCE console, click App Designer.

The App Designer page is displayed, with a list of application templates that have beencreated.

Figure 4-76 Open the App Designer page

Step 2 On the list of application templates, choose More > Delete for the application template youwant to delete.

A message is displayed, prompting you to confirm whether to delete the application template.

Figure 4-77 Delete an application template

Step 3 Click Yes to confirm the deletion.

----End

4.6 Container RegistryCCE provides a private container registry for users to upload private container images.

4.6.1 Building a Container ImageBefore you upload a container image to CCE's container registry, build the image on yourlocal Docker client.

Docker can build container images automatically by reading the instructions from aDockerfile, a text file that contains all the commands needed to build a given image. For



93

details on how to write a Dockerfile, visit https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/.

For details on how to build a container image from a Dockerfile, see the Building an imagefrom a Dockerfile section at https://docs.docker.com/engine/tutorials/dockerimages/.

Section 3.3 Building Container Images presents an example of how to build containerimages of the Guestbook application.

NOTICEDocker 1.10.0 or a later version must be installed on the virtual or physical machine that youuse to build container images.To check the Docker version, run the following command:docker versionExample command output:Version: 1.12.1API version: 1.24Go version: go1.6.3Git commit: 23cf638Built: Thu Aug 18 05:22:43 2016OS/Arch: linux/amd64Where the Version field indicates the Docker version.If the displayed version is earlier than 1.10.0 or the Docker is not installed, download Docker1.10.0 or a later version at https://www.docker.com/ and install it by following theinstructions provided at https://docs.docker.com/.

4.6.2 Connecting to the Private Container RegistryBefore you upload container images, ensure that your local Docker client has access to theprivate container registry.

NOTE

The steps in this section are applicable only to:l Ubuntu and similar distributions (e.g. Debian)l CentOS and similar distributions (e.g. RHEL, Fedora)

Prerequisitesl You have registered an account to the management console.l Docker 1.10.0 or a later version has been installed.


l The AK/SK file has been uploaded to the CCE.

ProcedureNOTE

The default validity period of a certificate file is one year. If the certificate file has expired, download anew one.



94

https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

https://docs.docker.com/engine/tutorials/dockerimages/





Step 1 On the CCE console, choose Container Registry > Upload Container Image > Download acertificate file to download the dockercfg file.

Figure 4-78 Download a certificate file

NOTE

After you click Download a certificate file, different browsers will respond differently. For somebrowsers, the browser downloads the dockercfg file to the local default directory automatically. Forother browsers, you are prompted to confirm whether to open or save the downloaded dockercfg file.

Example content in the dockercfg file:{"auths":{"172.20.124.81:443":{"auth":"X2F1dGhfdG9rZW46YTljYWI4YmNiZWJjNGNmMDhjZjkwODI1ODQxYzBhZWItVUdGS1Y4VVlVR09KSUZRVEw0VUwtMjAxNjA2MTcxODAzNTgtZTc1ZmJiNmFlNTIwYjA3ZTA4ZjY5OThiOGEyZGFiNTJiYjgyNWI4YjRhNDQ4YzMwNjRmNDBiZGI5OWE3NDQxMA==","email":""}}}

Where 172.20.124.81:443 is an example address of the container registry.

Step 2 Log in to the Docker client as the root user and run the following command to enter the~/.docker directory:

cd ~/.docker

NOTE

l You may also log in as any other user who is authorized to perform Docker operations.

l If the ~/.docker directory does not exist on the Docker client, run the mkdir -p ~/.docker commandto create the ~/.docker directory.

Step 3 Run the vi config.json command to copy the content of the dockercfg file to the config.jsonfile.

Step 4 Configure Docker parameters to authorize the Docker client to access the private containerregistry.

NOTE

For more information on how to configure Docker parameters, visit https://docs.docker.com/docker-trusted-registry/configure/config-security/.

l Ubuntu and similar distributions (e.g. Debian):Run the following command to add the container image address obtained in Step 1 to theend of the DOCKER_OPTS="--insecure-registry" line.vi /etc/default/dockerExpected settings:# Use DOCKER_OPTS to modify the daemon startup options.DOCKER_OPTS="--insecure-registry 172.20.124.81:443"

l CentOS and similar distributions (e.g. RHEL, Fedora):



95



Run the following command to add the container image address obtained in Step 1 to theend of the ExecStart=/.../--insecure-registry line.vi /usr/lib/systemd/system/docker.serviceExpected settings:[Service]Type=notifyExecStart=/usr/bin/docker daemon -H fd:// --insecure-registry 172.20.124.81:443MountFlags=slaveLimitNOFILE=1048576LimitNPROC=1048576LimitCORE=infinity

Step 5 Run the following command to restart the Docker client so that the configured Dockerparameters can take effect:

service docker restart

NOTICEFor CentOS7, run the systemctl daemon-reload command to update the docker.service filebefore you restart the Docker client.

----End

4.6.3 Uploading a Private Container ImageBefore you upload a private container image, tag the image. A tag contains the address of theprivate container registry to which the image will be uploaded.

NOTE

Container images are uploaded using Docker commands. For details about Docker commands, seehttps://docs.docker.com/engine/reference/commandline/cli/.

Prerequisitesl Docker 1.10.0 or a later version has been installed.


l The Docker client has access to the private container registry.For details about connecting the Docker client to the private container registry, see 4.6.2Connecting to the Private Container Registry.

l The container image to be uploaded has been built.

Procedure

Step 1 Launch the local Docker client.

Step 2 Run the docker tag command to tag the container images that you want to upload.

Command syntax:

docker tag images_id 172.20.124.81:443/username/image_name:version



96

https://docs.docker.com/engine/reference/commandline/cli/



l images_id is the image ID.

l 172.20.124.81:443 is the address of the private container registry acquired in Step 1.

l username is the username used for uploading a container image.

l version is the container image version.

Example command:

docker tag c9fd36df346a 172.20.124.81:443/user1000/frontend:latest

Step 3 Run the docker push command to upload container images.

Command syntax:

docker push 172.20.124.81:443/username/image_name:version

Where

l 172.20.124.81:443 is the address of private container registry.

l username is the username used for uploading a container image.

l image_name is the container image name.

l version is the version number of the container image.

Example command:

docker push 172.20.124.81:443/user1000/frontend:latest

If information similar to the following is displayed, the container images are uploadedsuccessfully:

The push refers to a repository [172.20.124.81:443/user1000/redisslave]......latest: digest: sha256:e59050aa3ed5c08fe9907a3ca0198cc85892c77ae17d90f4c54775691432827a size: 12019

A list of uploaded container images is displayed on the Container Registry page.

Figure 4-79 List of private container images

----End

4.6.4 Viewing a Private Container ImageAfter a container image is uploaded, you can view its details in the private container registryof CCE.



97

ProcedureStep 1 On the CCE console, click Container Registry.

A list of uploaded private container images is displayed.

Figure 4-80 A list of private container images

Step 2 Click View for the container image you want to view.

Details about the container image are displayed, including the image name, version,description, and download address.

----End

4.6.5 Modifying a Private Container ImageYou can modify description of a private container image and delete its tag.

ProcedureStep 1 On the CCE console, click Container Registry.



Step 2 Click Modify for the image you want to modify.l On the Description tab page, type new description and click Update to complete the

update.

Figure 4-82 Update container image description



98

l On the Tags tab page, click Delete to delete the container image tag.

Figure 4-83 Delete a container image tag

----End

4.6.6 Deleting a Private Container ImageYou can delete a private container image that has been uploaded.

Each Docker image is usually composed of layers. After an image is deleted from a containerregistry, files at certain layers of the image may be preserved in the container registry forfuture use. These preserved files are called residual image files. If the container image youwant to upload contains residual files, the container registry prompts you that these filesalready exist and do not need to be uploaded again.

For more information on how to delete residual image files, see 4.6.7 Deleting ResidualPrivate Image Files.

NOTICEPrivate container images cannot be recovered after they are deleted.

Procedure

Step 1 On the CCE console, click Container Registry.



Step 2 Click Delete for the container image you want to delete.

A message is displayed, prompting you to confirm whether to delete the container image.

Step 3 Click Yes to confirm the deletion.

----End



99

4.6.7 Deleting Residual Private Image FilesIt is your choice whether to delete residual container image files from the container registry.

NOTICEPrivate container images cannot be uploaded or deleted while residual image files are beingdeleted.

Procedure

Step 1 Log in to the CCE console. Click Container Registry in the navigation pane.

Step 2 On the Container Registry page, click the Delete Residual Files button.

The amount of time required to complete the deletion varies, depending on the amount andsize of residual files. If "100% deleted" is displayed on the Delete Residual Files button, allresidual files have been deleted.

Figure 4-85 Deleting residual container image files

----End



100

user guide...2016/11/21 · you can also customize ecs access rules within the security group and...

Documents