Speed Up AKS Image Pulls with ACR Artifact Streaming

AKS, ACR, Containers

It’s generally best practice to keep your container images as small as possible and only include the resources and libraries you need. If you can keep your images under 100-200MB, then you probably don’t have this problem, but large images are becoming more common, especially if you’re running complex AI models or using Windows containers. If your images are on the larger side, then the amount of time it takes to pull them is a problem, especially if the image isn’t already present on the node or instance you are trying to run it on. If you are dynamically deploying containers to match demand increases, this can result in your application not being able to keep up with the load.

Artifact streaming provides a way to speed up this process. By streaming the images to the AKS cluster in advance, the process of pulling the image can be sped up significantly. Let’s look at how to set it up.

Limitations

Artifact streaming is a feature of the Premium SKU of Azure Container Registry (ACR), so you must upgrade your ACR if necessary.

Artifact streaming is currently in preview, so there are a few limitations in this preview phase, which hopefully will go away in the future:

  • Only Linux AMD64 Images are supported; Windows and ARM64 are not supported.
  • Kubernetes version 1.26 or higher must be used for AKS.
  • Ubuntu node pools must use 20.04 or higher.
  • Customer Customer-managed keys for ACR are not supported.

Enable Streaming at ACR

The first step we need to take is to enable streaming in ACR. Streaming is enabled on a per-image basis. This can be done in the portal or with the CLI command below:

az acr artifact-streaming create --image image-name:version --name registryName

Or you can click the “Start Artifact Streaming” button in the portal:

Start Stream

You can also configure auto-conversion so that any further images published to that repository will automatically start streaming.

az acr artifact-streaming operation show --image image-name:version --name registryName

Configure Streaming In AKS

Now that the image is configured for streaming, we need to tell AKS to stream it. Whilst in preview, you will need to enable the AKS preview extension:

az extension add --name aks-preview

Or update it if it is already installed:

az extension update --name aks-preview

You will then need to register for the Artifact Streaming Preview:

az feature register --namespace Microsoft.ContainerService --name ArtifactStreamingPreview

Finally, you need to turn on streaming in the cluster. If you are creating a new cluster, you can do it at creation time:

az aks nodepool add \
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --name myNodePool \
    --enable-artifact-streaming

You can also enable it on an existing cluster node pool:

az aks nodepool update \
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --name myNodePool \
    --enable-artifact-streaming

You can check that streaming is enabled with the nodepool show command:

az aks nodepool show --resource-group myResourceGroup --cluster-name myAKSCluster --name myNodePool --query artifactStreamingProfile

You’re now set up to use artefact streaming. When you next pull an image enabled for streaming, it will use streaming.