Skip to content

Commit

Permalink
fixed all broken anchors #180
Browse files Browse the repository at this point in the history
  • Loading branch information
@akyriako
akyriako committed Dec 5, 2024
1 parent 096cc22 commit 896490f
Show file tree
Hide file tree
Showing 5 changed files with 111 additions and 141 deletions.
42 changes: 21 additions & 21 deletions docs/best-practices/containers/software-repository/migrating-container-images.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Containers are growing in popularity. Many enterprises choose to build their own
This blueprint describes three different scenarios for migrating image repositories to SWR smoothly. You can select one as required:

| Solution | Application Scenario | Precautions |
| ----------------- | ---------------------------------- | ------------ |
| ----------------- | ---------------------------------- | ------------ |
| Migrating images to SWR using **[Docker commands](#migrating-images-to-swr-using-docker-commands)** | Small quantity of images | - Disk storage leads to the timely deletion of local images and time-cost flushing. |
| | | - Docker daemon strictly restricts the number of concurrent pull/push operations, so high-concurrency synchronization cannot be performed. |
| | | - Scripts are complex because HTTP APIs are needed to perform the operations that cannot be implemented through Docker CLI. |
Expand All @@ -24,13 +24,13 @@ This blueprint describes three different scenarios for migrating image repositor
| | | - Docker or other programs are not required. |
| Synchronizing images across clouds [from **Harbor** to SWR](#synchronizing-images-across-clouds-from-harbor-to-swr) | A customer deploys services in multiple clouds and uses Harbor as their image repository. | Only Harbor v1.10.5 and later versions are supported. |

## Migrating Images to SWR using Docker Commands
## Migrating Images to SWR using Docker Commands

SWR provides easy-to-use image hosting and efficient distribution
services. If small quantity of images need to be migrated, enterprises
can use the **docker pull/push** command to migrate images to SWR:

1. Pull images from the source repository.
1. Pull images from the source repository.
Run the `docker pull` command to pull the images.

:::note Example
Expand All @@ -46,7 +46,7 @@ can use the **docker pull/push** command to migrate images to SWR:
nginx latest 22f2bf2e2b4f 5 hours ago 22.8MB
```

2. Push the images pulled to SWR.
2. Push the images pulled to SWR.

a. Log in to the VM where the target container is located and log
in to SWR. For details, see [Uploading an Image Through a Container Engine Client](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/uploading_an_image_through_the_client.html).
Expand Down Expand Up @@ -82,15 +82,15 @@ can use the **docker pull/push** command to migrate images to SWR:

To view the pushed image, refresh the *My Images* page.

## Migrating Images to SWR using image-syncer {#cce_bestpractice_0331}
## Migrating Images to SWR using image-syncer

If small quantity of images need to be migrated, you can use Docker
commands. However, for thousands of images and several TBs of image
repository data, it takes a long time and even data may be lost. In this
case, you can use the open-source image migration tool
[image-syncer](https://github.com/AliyunContainerService/image-syncer):

1. Download, decompress, and run image-syncer.
1. Download, decompress, and run image-syncer.

The following uses **image-syncer v1.3.1** as an example.

Expand All @@ -99,7 +99,7 @@ case, you can use the open-source image migration tool
tar -zvxf image-syncer-v1.3.1-linux-amd64.tar.gz
```

2. Create **auth.json**, the authentication information file of the
2. Create **auth.json**, the authentication information file of the
image repositories.

image-syncer supports the Docker image repository based on Docker
Expand Down Expand Up @@ -135,10 +135,10 @@ case, you can use the open-source image migration tool

In the above figure :
- `eu-de_otc@9LA\...\...` is the `username`
- `077be\...\...\...\.....` is the `password` and
- `077be\...\...\...\.....` is the `password` and
- `swr.eu-de.otc.t-systems.com` is the image repository address.

3. Create **images.json**, the image synchronization description file.
3. Create **images.json**, the image synchronization description file.

In the following example, the source repository address is on the
left, and the target repository address is on the right.
Expand All @@ -151,15 +151,14 @@ case, you can use the open-source image migration tool
}
```

4. Run the following command to migrate the images to SWR:
4. Run the following command to migrate the images to SWR:

```bash
./image-syncer \--auth=./auth.json \--images=./images.json
\--namespace=dev-container \--registry=swr.eu-de.otc.t-systems.com
\--retries=3 \--log=./log
```


<!-- | Parameter | Description |
| -------------- | -------------------------------------------------------------------- |
|\--config | Path of the configuration file. This file needs to be created before you start the synchronization. By default, the configuration file is \
Expand Down Expand Up @@ -199,6 +198,7 @@ case, you can use the open-source image migration tool
target image repository to view the migrated images. -->

## Synchronizing Images Across Clouds from Harbor to SWR

[Harbor](https://goharbor.io/) is an open-source enterprise-class Docker Registry server
developed by VMware. It extends the Docker Distribution by adding the
functionalities such as role-based access control (RBAC), image
Expand All @@ -208,7 +208,7 @@ and distribute container images.
Our scenarion in this blueprint is a customer that deploys services in **multiple clouds** and uses Harbor as their
image repository. We are going to be accessing SWR through a **public** network.

1. Configure a registry endpoint on Harbor.
1. Configure a registry endpoint on Harbor.

:::note
Open Telekom Cloud SWR has not yet integrated with Harbor. You need clone [this repo](https://github.com/akyriako/harbor/tree/opentelekomcloud_adapter) and build it from branch **opentelekomcloud\_adapter**.
Expand All @@ -218,19 +218,19 @@ image repository. We are going to be accessing SWR through a **public** network.

![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418569120.png)

- `Provider`: Select `Open Telekom Cloud SWR`.
- `Name`: Enter a customized name.
- `Endpoint URL`: Enter the public network domain name of
- `Provider`: Select `Open Telekom Cloud SWR`.
- `Name`: Enter a customized name.
- `Endpoint URL`: Enter the public network domain name of
SWR in the format of `https://{SWR image repository
address}`. To obtain the image repository address, log in
to the SWR console, choose *My Images*, and click *Upload
Through Client*. You can view the image repository address
of the current region on the page that is displayed.
- `Access ID`: Enter an access ID in the format of `Regional project name@\[AK\]`.
- `Access Secret`: Enter an AK/SK. To obtain an AK/SK, see [Obtaining a Long-Term Valid Login Command](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/obtaining_a_long-term_valid_login_command.html).
- `Verify Remote Cert`: *Deselect* the option.
- `Access ID`: Enter an access ID in the format of `Regional project name@\[AK\]`.
- `Access Secret`: Enter an AK/SK. To obtain an AK/SK, see [Obtaining a Long-Term Valid Login Command](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/obtaining_a_long-term_valid_login_command.html).
- `Verify Remote Cert`: *Deselect* the option.

2. Configure a replication rule.
2. Configure a replication rule.

a. Create a replication rule.

Expand All @@ -256,7 +256,7 @@ image repository. We are going to be accessing SWR through a **public** network.
executing the replication rule. The value `-1` indicates
no limitation.

3. After creating the replication rule, select it and click
3. After creating the replication rule, select it and click
*REPLICATE* to complete the replication.

![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418729104.png)
![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418729104.png)
88 changes: 42 additions & 46 deletions ...-practices/management-and-deployment/cloud-create/google-cloud/google-deploy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,55 +5,51 @@ tags: [multi-cloud, google, gcp, cloud-create]
---

# How to deploy your application on Google Cloud
Prerequisites
----------------------------------------------------------------

## Prerequisites

To deploy on Google Cloud, you need to:

* Have a Google Cloud account.
* Your account has one of the following roles `roles/compute.admin`, `roles/editor`, or `roles/owner` assigned to a Google project. This role allows you to create a compute resource in the given project.
* Your account has one of the following roles `roles/browser`, `roles/editor`, or `roles/owner`. This role allows Telekom Cloud Create to read the [IAM access control policy](https://cloud.google.com/resource-manager/docs/access-control-proj) of the project to check for access permissions before a deployment can start.
* Enable the **Compute Engine API** and **Cloud Resource Manager API** in your google project.

* Have a Google Cloud account.
* Your account has one of the following roles `roles/compute.admin`, `roles/editor`, or `roles/owner` assigned to a Google project. This role allows you to create a compute resource in the given project.
* Your account has one of the following roles `roles/browser`, `roles/editor`, or `roles/owner`. This role allows Telekom Cloud Create to read the [IAM access control policy](https://cloud.google.com/resource-manager/docs/access-control-proj) of the project to check for access permissions before a deployment can start.
* Enable the **Compute Engine API** and **Cloud Resource Manager API** in your google project.

### How to assign a role to a principal

* Go to: **IAM & Admin** / **IAM**
* Go to **Principal**, click **Edit** and assign roles. The following example assigns the role `roles/browser` and `roles/compute.admin` to a principal.

* Go to: **IAM & Admin** / **IAM**
* Go to **Principal**, click **Edit** and assign roles. The following example assigns the role `roles/browser` and `roles/compute.admin` to a principal.

[![../_images/set-roles.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/set-roles.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/set-roles.png)

Figure 1. Set IAM roles for a user

### How to enable an API on Google Cloud

* Go to: **APIs & Services** / **Library**
* Search for an API (e.g., `Compute Engine` or `Cloud Resource`)
* Click **Enable**
* Go to: **APIs & Services** / **Library**
* Search for an API (e.g., `Compute Engine` or `Cloud Resource`)
* Click **Enable**

[![../_images/enable-api.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/enable-api.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/enable-api.png)

Figure 2. Enable Compute Engine API

How to deploy
----------------------------------------------------------------
## How to deploy

### Choose the Google Cloud location

1. Go to: **Deploy**
2. Choose **Google**

1. Go to: **Deploy**
2. Choose **Google**

[![../_images/deploy-step1.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step1.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step1.png)

Figure 3. Choose Google Cloud location

### Authenticate for the first time

* The first time you deploy an application on Google Cloud, Cloud Create redirects you to Google Cloud to loggin.
* After logging sucessfully, click on the **allow** button to grant the permissions for Cloud Create to manage compute resources on Google Cloud on your behalf.
* The first time you deploy an application on Google Cloud, Cloud Create redirects you to Google Cloud to loggin.
* After logging sucessfully, click on the **allow** button to grant the permissions for Cloud Create to manage compute resources on Google Cloud on your behalf.


[![../_images/deploy-step2.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step2.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step2.png)

Expand All @@ -62,41 +58,42 @@ Figure 4. Authenticate and grant permissions
:::important
By clicking the allow button, you allow Cloud Create to access the following information:

1. Read your email address for authentication purpose.
2. List your Google projects so you can choose a Google project to deploy.
3. Manage compute resources on Google Cloud (e.g., to create and delete a VM).
1. Read your email address for authentication purpose.
2. List your Google projects so you can choose a Google project to deploy.
3. Manage compute resources on Google Cloud (e.g., to create and delete a VM).

In particular, Cloud Create requests the following OAuth scopes:

* `https://www.googleapis.com/auth/userinfo.email`
* `https://www.googleapis.com/auth/cloudplatformprojects.readonly`
* `https://www.googleapis.com/auth/compute`
:::
* `https://www.googleapis.com/auth/userinfo.email`
* `https://www.googleapis.com/auth/cloudplatformprojects.readonly`
* `https://www.googleapis.com/auth/compute`

:::

:::tip
You can revoke access any time later. See [3\. How to revoke access](#google-revoke-access).
You can revoke access any time later. See [3\. How to revoke access](#how-to-revoke-access).
:::

### Choose a Google project to deploy

* Cloud Create displays a list of the Google projects, which you have the permissions to create a compute resource.
* Choose one Google project you want to deploy your app into.
* Cloud Create displays a list of the Google projects, which you have the permissions to create a compute resource.
* Choose one Google project you want to deploy your app into.

[![../_images/deploy-step3.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step3.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step3.png)

Figure 5. Choose a google project to deploy

:::note
If no projects are dislayed, it means you do not have the roles mentioned in the [1\. Prerequisites](#google-prerequisites). In such a case, ask your Google administrators to assign a role in a Google project for you.
If no projects are dislayed, it means you do not have the roles mentioned in the [1\. Prerequisites](#prerequisites). In such a case, ask your Google administrators to assign a role in a Google project for you.
:::

### Choose an availability zone and keypair (optional)

1. Click **Configure cloud provider**
2. Choose a **Compute**.
3. Choose an availability **zone** from the dropbox. The default availability zone is `europe-west1-c` if not set.
4. Choose a **keypair** from the dropbox.
1. Click **Configure cloud provider**
2. Choose a **Compute**.
3. Choose an availability **zone** from the dropbox. The default availability zone is `europe-west1-c` if not set.
4. Choose a **keypair** from the dropbox.

[![../_images/deploy-step4.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step4.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step4.png)

Figure 6. Choose a zone and keypair
Expand All @@ -107,18 +104,17 @@ If the keypair dropbox is empty, you can create a keypair from the Open Telekom

### Deploy

* Click **Deploy** to start.

How to revoke access
------------------------------------------------------------------------------
* Click **Deploy** to start.

## How to revoke access

In step 2, you grant Cloud Create the permissions to manage compute resources on your behalf. You can revoke this access anytime.

To revoke:

* Go to: 1. **Manage your Google account** / 2. **Security** / 3. **Third party apps with account access**.
* Click on **Revoke access** button.
* Go to: 1. **Manage your Google account** / 2. **Security** / 3. **Third party apps with account access**.
* Click on **Revoke access** button.

[![../_images/deploy-revoke.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-revoke.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-revoke.png)

Figure 7. Revoke token
Expand Down
6 changes: 3 additions & 3 deletions ...best-practices/management-and-deployment/cloud-eye/resource-group-monitoring.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
id: resource-group-monitoring
title: Resource Group Monitoring
tags: []
tags: [cloud-eye]
---

# Resource Group Monitoring
Expand Down Expand Up @@ -91,14 +91,14 @@ When resource exceptions occur, an alarm notification can be sent to the configu

![**Figure 5** Configuring an alarm rule](/img/docs/best-practices/management-and-deployment/cloud-eye/en-us_image_0229987653.png)

Set **Group** to *Development group resources* created in [Step 1 Creating a Resource Group](#step-1-creating-a-resource-group).
Set **Group** to *Development group resources* created in [Step 1 Creating a Resource Group](#creating-a-resource-group).

3. Set **Alarm Notification** parameters.

![**Figure 6** Configuring alarm notification](/img/docs/best-practices/management-and-deployment/cloud-eye/en-us_image_0229987913.png)

:::note
Note: When configuring **Notification Object**, select **Mytopic** created in [Step 2 Creating a Topic and Configuring the Notification Object](#step-2-creating-a-topic-and-configuring-the-notification-object).
Note: When configuring **Notification Object**, select **Mytopic** created in [Step 2 Creating a Topic and Configuring the Notification Object](#creating-a-topic-and-configuring-the-notification-object).
:::

4. Click *Create*.
Expand Down
Loading

0 comments on commit 896490f

Please sign in to comment.