Επεξεργασία

Κοινή χρήση μέσω


Learn how the Azure Operator Service Manager (AOSM) CLI extension discovers container images in source ACRs based on helm chart configuration

This document explains how the Azure CLI AOSM extension discovers images in helm charts, pulls them from a container registry, and uploads them to an AOSM Artifact Store. The Azure CLI AOSM extension supports both Azure Container Registry (ACR) and any container registry that supports the Docker API.

Image Discovery

The Azure CLI AOSM extension Network Function Definition Version (NFDV) input file, generated by az aosm nfd generate-config --definition-type cnf, contains one parameter that specifies the source registries (and optionally namespaces) the AOSM CLI queries during container image onboarding.

  // List of registries from which to pull the image(s).
  // For example ["sourceacr.azurecr.io/test", "myacr2.azurecr.io", "ghcr.io/path"].
  // For non Azure Container Registries, ensure you have run a docker login command before running build.
  "image_sources": [],

"image_sources" is an array of strings. Each string is a reference to a container registry and, optionally, a namespace in that registry.

The Az CLI AOSM extension:

  • Parses the Kubernetes definition files generated by helm template to discover the container image references.
  • Searches in the registries and namespaces included in the "image_sources" array for the container image references.
  • Copies the images from the source registries to the AOSM artifact store.

Important

The AOSM CLI requires that the images in your source registry match the namespace structure written in your helm chart. For example, an image included in a helm chart as core/contoso-a:1.0.0 must be available in the source registry in a path that ends in core/contoso-a:1.0.0. Any additional prefix must be included in the "image_sources" parameter in the cnf-input.jsonc file generated by the az aosm nfd generate-config --definition-type cnf command.

Worked example

This example describes a fictional Containerized Network Function (CNF). This CNF is built of three images that provide the core CNF function and one test image that can be deployed to execute test queries against the CNF. The source registry for the images is an ACR called myregistry. In this example, we onboard all four images.

The "image_sources" field in the NFDV input file is set as follows:

  // List of registries from which to pull the image(s).
  // For example ["sourceacr.azurecr.io/test", "myacr2.azurecr.io", "ghcr.io/path"].
  // For non Azure Container Registries, ensure you have run a docker login command before running build.
  "image_sources": ["myregistry.azurecr.io"],

The output of helm template against the helm charts for this CNF gives four image lines in the Kubernetes deployment definition.

image: repository/release/contoso-a:1.0.0
image: repository/release/contoso-b:1.0.0
image: repository/release/contoso-c:1.0.0
image: repository/test-release/contoso-test:1.0.0

The Azure CLI AOSM extension takes in the above image lines and removes the repository (AOSM overwrites the repository with the new registry backing the AOSM Artifact Store). Then, the Azure CLI AOSM extension searches for the images in myregistry.azurecr.io/release/contoso-a:1.0.0, myregistry.azurecr.io/release/contoso-b:1.0.0, myregistry.azurecr.io/release/contoso-c:1.0.0, and myregistry.azurecr.io/test-release/contoso-test:1.0.0. The images must be available in these paths.

Namespacing

The Azure CLI AOSM extension also supports image namespacing in source container registries. For example, the contoso-test image could be uploaded to test/test-release/contoso-test:1.0.0 in the source registry. In this case, the extra prefix, test, must be configured in the "image_sources" parameter in the NFDV input file.

  // List of registries from which to pull the image(s).
  // For example ["sourceacr.azurecr.io/test", "myacr2.azurecr.io", "ghcr.io/path"].
  // For non Azure Container Registries, ensure you have run a docker login command before running build.
  "image_sources": ["myregistry.azurecr.io", "myregistry.azurecr.io/test"],

The Azure AOSM CLI extension searches for the images in myregistry.azurecr.io, where it discovers contoso-a, contoso-b, and contoso-c. It then searches in myregistry.azurecr.io/test, where it discovers contoso-test.

Next steps