SoftWare Repository for Container

Service Overview

Issue 01

Date 2020-08-28

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Introduction.............................................................................................................................. 1

2 Advantages............................................................................................................................... 3

3 Basic Concepts.......................................................................................................................... 5

4 Notes and Constraints............................................................................................................ 7

5 Permissions Management..................................................................................................... 8

6 Related Services.....................................................................................................................10

SoftWare Repository for ContainerService Overview Contents

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. ii

1 Introduction

SoftWare Repository for Container (SWR) provides easy, secure, and reliablemanagement over container images throughout their lifecycle, facilitating thedeployment of containerized applications. You can push, pull, and managecontainer images through SWR console, SWR APIs, or community Command LineInterface (CLI).

SWR can work with Cloud Container Engine (CCE) or Cloud Container Instance(CCI) to facilitate image deployment, apart from serving as an image repository.

For SWR pricing details, go to Product Pricing Details.

Figure 1-1 How SWR works

Features● Lifecycle management over container images

SWR manages the whole lifecycle of your container images, including push,pull, and deletion.

● Private image repository and access control

Private image repository and fine-grained permission management allow youto grant different access permissions, namely, read, write, and edit, todifferent users.

● Accelerated image pull through nodes around the globe

Images can be automatically scheduled onto appropriate nodes around theworld to significantly speed up your image pull.

● P2P acceleration of large scale image distribution

SoftWare Repository for ContainerService Overview 1 Introduction

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 1

Proprietary acceleration technology brings faster image pull for CCE clustersduring high concurrency.

● Automatic deployment update through triggersImage deployment can be triggered automatically upon image update. Simplyset a trigger to the desired image. Every time the image is updated, theapplication deployed with this image will be automatically updated.

● Automatic pipelines of image build from source code, image deployment,and container rollout from source code by integrating ContainerOps

● Image security scanning by integrating Container Guard Service (CGS)

SoftWare Repository for ContainerService Overview 1 Introduction

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 2

2 Advantages

Ease of UseSWR provides an easy-to-use management console for full lifecycle managementover container images.

Security and Reliability● SWR supports HTTPS to ensure secure image transmission, and provides

multiple security isolation mechanisms between and inside accounts.● Based on professional storage services provided by Huawei, SWR provides

highly reliable storage service for your container images.

Image Acceleration● Proprietary acceleration technology brings faster image pull for CCE clusters

during high concurrency.● Intelligent node scheduling around the globe ensures that your image build

tasks can be automatically assigned to the idle nodes nearest to the imagerepository.

SoftWare Repository for ContainerService Overview 2 Advantages

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 3

Figure 2-1 Node scheduling around the globe

SoftWare Repository for ContainerService Overview 2 Advantages

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 4

3 Basic Concepts

ImageContainer images are like templates that include everything needed to runapplications. When deploying containerized applications, you can use images fromthe image center and your private image registries. For example, a containerimage can contain a complete Ubuntu operating system, in which only therequired programs and dependencies are installed. Container images are used tocreate containers. A container engine provides an easy way to create and updateyour own images. You can also pull images created by other users.

ContainerA container is a running instance of a container image. Multiple containers canrun on one node. Containers are actually software processes. Unlike traditionalsoftware processes, containers have separate namespaces and do not run directlyon a host.

Images become containers at runtime, that is, containers are created from images.Containers can be created, started, stopped, deleted, and suspended.

OrganizationOrganizations are used to isolate image repositories. With each organization beinglimited to one company or department, images can be managed in a centralizedand efficient manner. A user can access different organizations as long as the userhas corresponding permissions. Different permissions, namely read, write, andmanage, can be assigned to different users in the same account.

SoftWare Repository for ContainerService Overview 3 Basic Concepts

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 5

Figure 3-1 Organization

SoftWare Repository for ContainerService Overview 3 Basic Concepts

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 6

4 Notes and Constraints

QuotasQuotas are imposed on the number of organizations a user can add. For moreinformation on quotas, see Quotas.

Table 4-1 lists the quotas imposed by SWR. To apply for more quotas oforganizations, create a service ticket.

Table 4-1 SWR resource quotas

Resource Type Quota

Organization 5

SoftWare Repository for ContainerService Overview 4 Notes and Constraints

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 7

5 Permissions Management

If you need to assign different permissions to employees in your enterprise toaccess your SWR resources, Identity and Access Management (IAM) is a goodchoice for fine-grained permissions management. IAM provides identityauthentication, permissions management, and access control, helping you secureaccess to your HUAWEI CLOUD resources.

With IAM, you can use your HUAWEI CLOUD account to create IAM users, andassign permissions to the users to control their access to specific resources. Forexample, some software developers in your enterprise need to use SWR resourcesbut should not be allowed to delete the resources or perform any other high-riskoperations. In this scenario, you can create IAM users for the software developersand grant them only the permissions required for using SWR resources.

If your HUAWEI CLOUD account does not require individual IAM users forpermissions management, skip this section.

IAM can be used free of charge. You pay only for the resources in your account.For more information about IAM, see IAM Service Overview.

SWR PermissionsBy default, new IAM users do not have permissions assigned. You need to add auser to one or more groups, and attach permissions policies or roles to thesegroups. Users inherit permissions from the groups to which they are added andcan perform specified operations on cloud services based on the permissions.

SWR is a project-level service deployed and accessed in specific physical regions.To assign SWR permissions to a user group, specify the scope as region-specificprojects and select projects for the permissions to take effect. If All projects isselected, the permissions will take effect for the user group in all region-specificprojects. When accessing SWR, the users need to switch to a region where theyhave been authorized to use the SWR service.

Table 5-1 lists all the system-defined roles and policies supported by SWR.

SoftWare Repository for ContainerService Overview 5 Permissions Management

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 8

Table 5-1 System-defined roles and policies supported by SWR

Role/PolicyName

Description Type

SWR Admin SWR administrator, which includes all SWRpermissions.

System-definedrole

TenantAdministrator

SWR administrator, which includes all SWRpermissions.

System-definedpolicy

TenantGuest

SWR developer, which includes permissionssuch as image pulling.● Granting user permissions enables you to

grant different permissions, namely, read,write, and manage, to different users forthem to access either a specific image orimages of a specific organization.

System-definedpolicy

SvcStgDeveloper

SWR developer, which includes permissionssuch as image pulling.● Granting user permissions enables you to

grant different permissions, namely, read,write, and manage, to different users forthem to access either a specific image orimages of a specific organization.

System-definedrole

Helpful Links● IAM Service Overview

SoftWare Repository for ContainerService Overview 5 Permissions Management

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 9

6 Related Services

SWR works with other cloud services and requires permissions to access them. Fordetails, see Figure 6-1.

Figure 6-1 Relationship between SWR and other services

● Cloud Container Engine (CCE)CCE is a high-performance and high-reliability service through whichenterprises can manage containerized applications. It supports Kubernetes-native applications and tools, allowing you to easily set up a containerruntime environment in the cloud.SWR works seamlessly with CCE to allow you to deploy your images held bySWR on CCE clusters.

● Cloud Container Instance (CCI)CCI is a serverless container engine that allows you to run containers withoutcreating and managing server clusters.SWR works seamlessly with CCI to allow you to deploy your images held bySWR on CCI.

● Cloud Trace Service (CTS)CTS generates traces to enable you to get a history of operations performedon cloud service resources. The content of a trace includes operation requestssent using the management console or open APIs as well as the operation

SoftWare Repository for ContainerService Overview 6 Related Services

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 10

results. You can view all generated traces to query, audit, and backtrackperformed operations.With CTS, you can record operations associated with SWR for future query,audit, and backtrack operations. For details on the operations supported byCTS, see Key Operations on SWR.

SoftWare Repository for ContainerService Overview 6 Related Services

Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 11