How does a Kubernetes cluster use an elastic container instance (ECI)?
The virtual node realizes the seamless connection between Kubernetes and the elastic container instance ECI, which allows Kubernetes cluster to easily obtain great elastic capacity without being limited to the node computing capacity of the cluster. You can flexibly and dynamically create ECI Pods on demand to avoid the trouble of cluster capacity planning. This article mainly introduces virtual nodes and ECI, how to deploy virtual nodes through the ack-virtual-node component and how to create ECI Pods.
prerequisite
• The self-built Kubernetes cluster version needs to be higher than 1.14.
• You need to create a registered cluster and connect the self-built Kubernetes cluster to the registered cluster. For details, see Creating an AliCloud registration cluster and accessing the self-built Kubernetes cluster.
• You need to activate the elastic container instance service. Log in to the elastic container instance console to activate the corresponding services.
• You need to confirm that the region where the cluster is located is in the list of regions supported by ECI. Log in to the elastic container instance console to view the supported regions and availability zones.
Virtual node and elastic container instance ECI
Alibaba Cloud Elastic Container Instance ECI (Elastic Container Instance) is a container-oriented serverless elastic computing service that provides a container operation environment that is maintenance-free, strongly isolated and quickly started. The use of ECI eliminates the need to purchase and manage the underlying ECS server, which allows you to pay more attention to the maintenance of container applications rather than the underlying infrastructure. You can create ECI on demand and pay only for the resources configured by the container (per second).
Virtual node realizes the seamless connection between Kubernetes and the elastic container instance ECI, which allows Kubernetes cluster to easily obtain great elastic capacity without being limited to the node computing capacity of the cluster. You can flexibly and dynamically create ECI Pods on demand to avoid the trouble of cluster capacity planning. It is very suitable for running in the following scenarios, helping users greatly reduce computing costs and improve computing flexibility efficiency.
• The elastic expansion of online business peaks and valleys: such as online education, e-commerce and other industries have obvious peaks and valleys computing characteristics. The use of virtual nodes can significantly reduce the maintenance of fixed resource pools and reduce computing costs.
• Data computing: Virtual nodes are used to carry Spark, Presto and other computing scenarios, effectively reducing computing costs.
• CI/CD Pipeline:Jenkins、Gitlab-Runner。
• Job tasks: scheduled tasks, AI.
Alibaba Cloud Container Service provides a variety of Serverless Container product forms based on virtual nodes and ECI, including Serverless Kubernetes (ASK) and ACK on ECI, fully supporting user demands in various flexible and node-free operation and maintenance scenarios.
Step 1: Configure the RAM permissions of the ack-virtual-node component in the self-built cluster
Before installing components in the registration cluster, you need to set the permissions of AK to access cloud services in the access cluster. Before setting AK, you need to create RAM users and add permissions to access relevant cloud resources.
1. Create RAM user. For specific steps on how to create RAM users, see Creating RAM Users.
2. Create a permission policy. For specific steps to create a permission policy, see Creating a Custom Policy. Please authorize the AliyunECIFullAccess policy of RAM.
3. Add permissions for RAM users. For specific steps on how to authorize RAM users, see Authorizing RAM Users.
4. Create AK for RAM users. For how to create an AK for a sub-account, see Getting AccessKey.
5. Use AK to create a secret resource named alibaba-addon-secret in the self-built Kubernetes cluster. The ack-virtual-node component installed in step 2 will automatically reference this AK to access the corresponding cloud service resource.
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=' --from-literal='access-key-secret='
You need to replace the above code and with the AK information you obtained.
Step 2: deploy the ack-virtual-node component in the registered cluster
The steps to deploy the ack-virtual-node component in the registered cluster are as follows:
1. Log in to the container service management console.
2. Find the target registered cluster on the cluster list page, and click to enter the cluster details page.
3. Click Operation and Maintenance Management ->Component Management, find the ack-virtual-node component and click Install
4. Wait for the prompt of successful installation.
Step 3: Create ECI Pod
You can create ECI Pod in the following two ways.
• Configure the Pod tag. Add the tag alibabacloud. com/eci=true to Pod. Pod will run in ECI mode, and its node is a virtual node. The example is as follows:
A. Execute the following command to add a label to Pod.
A. Execute the following command to view Pod.
A. Expected output:
• Configure namespace labels. Add the label alibabacloud. com/eci=true to the namespace where Pod is located. Pod will run in ECI mode, and its node is a virtual node. The example is as follows:
A. Execute the following command to create a virtual node.
A. Execute the following command to add a label to the namespace where Pod is located.
A. Execute the following command to schedule the Pod in the namespace to the virtual node.
A. Execute the following command to view Pod.
A. Expected output:
Related operations
Modify the ACK virtual node configuration
The configuration of the virtual node controller determines its behavior of scheduling ECI Pod and ECI running environment configuration, including virtual switch and security group configuration. You can flexibly modify the controller configuration as needed. After modifying the configuration, the running ECI Pod will not be affected, and it will take effect immediately on the new ECI Pod.
Execute the following command to modify the configuration of the virtual node controller.
kubectl -n kube-system edit deployment ack-virtual-node-controller
Common change operations are as follows:
• Update the virtual-node controller version. When you use the update virtual node function, you need to update the virtual node controller image to the latest version.
• Modify the security group configuration ECI_ SECURITY_ GROUP。 You can modify this environment variable to change the security group of ECI Pod.
• Modify virtual switch configuration ECI_ VSWITCH。 You can modify this environment variable to change the virtual switch where the ECI Pod is located. It is recommended to configure multiple virtual switches to support multiple availability zones. When the inventory of a single availability zone is insufficient, the controller will select another availability zone to create an ECI Pod.
• Modify the kube-proxy configuration ECI_ KUBE_ PROXY。 The default value of this environment variable is true, which means that ECI Pod can access the ClusterIP service in the cluster by default. If the ECI Pod does not need to access the ClusterIP service, such as the job calculation scenario, you can set this environment variable to false to turn off the kube-proxy function. In addition, in some large-scale scenarios, such as when a large number of ECI Pods need to be started in the cluster, the number of concurrent connections between kube-proxy and kubernetes apiserver in ECI will also increase significantly. You can also choose to turn off the kube-proxy function to reduce the pressure on the API server and improve scalability.
• Modify the kube-system/eci-profile configmap. You can modify this ConfigMap to configure more ECI-related parameters, such as virtual switches, security groups, etc.
Delete virtual node
1. Uninstall the ack-virtual-node component.
• In the self-built cluster, after deleting all ECI Pods, uninstall the ack-virtual-node component on the component management page.
2. Delete the relevant virtual node by using the command kubectl delete no.
It indicates that when ECI Pod exists in the cluster, uninstalling the ack-virtual-node component will cause the ECI instance to remain.
prerequisite
• The self-built Kubernetes cluster version needs to be higher than 1.14.
• You need to create a registered cluster and connect the self-built Kubernetes cluster to the registered cluster. For details, see Creating an AliCloud registration cluster and accessing the self-built Kubernetes cluster.
• You need to activate the elastic container instance service. Log in to the elastic container instance console to activate the corresponding services.
• You need to confirm that the region where the cluster is located is in the list of regions supported by ECI. Log in to the elastic container instance console to view the supported regions and availability zones.
Virtual node and elastic container instance ECI
Alibaba Cloud Elastic Container Instance ECI (Elastic Container Instance) is a container-oriented serverless elastic computing service that provides a container operation environment that is maintenance-free, strongly isolated and quickly started. The use of ECI eliminates the need to purchase and manage the underlying ECS server, which allows you to pay more attention to the maintenance of container applications rather than the underlying infrastructure. You can create ECI on demand and pay only for the resources configured by the container (per second).
Virtual node realizes the seamless connection between Kubernetes and the elastic container instance ECI, which allows Kubernetes cluster to easily obtain great elastic capacity without being limited to the node computing capacity of the cluster. You can flexibly and dynamically create ECI Pods on demand to avoid the trouble of cluster capacity planning. It is very suitable for running in the following scenarios, helping users greatly reduce computing costs and improve computing flexibility efficiency.
• The elastic expansion of online business peaks and valleys: such as online education, e-commerce and other industries have obvious peaks and valleys computing characteristics. The use of virtual nodes can significantly reduce the maintenance of fixed resource pools and reduce computing costs.
• Data computing: Virtual nodes are used to carry Spark, Presto and other computing scenarios, effectively reducing computing costs.
• CI/CD Pipeline:Jenkins、Gitlab-Runner。
• Job tasks: scheduled tasks, AI.
Alibaba Cloud Container Service provides a variety of Serverless Container product forms based on virtual nodes and ECI, including Serverless Kubernetes (ASK) and ACK on ECI, fully supporting user demands in various flexible and node-free operation and maintenance scenarios.
Step 1: Configure the RAM permissions of the ack-virtual-node component in the self-built cluster
Before installing components in the registration cluster, you need to set the permissions of AK to access cloud services in the access cluster. Before setting AK, you need to create RAM users and add permissions to access relevant cloud resources.
1. Create RAM user. For specific steps on how to create RAM users, see Creating RAM Users.
2. Create a permission policy. For specific steps to create a permission policy, see Creating a Custom Policy. Please authorize the AliyunECIFullAccess policy of RAM.
3. Add permissions for RAM users. For specific steps on how to authorize RAM users, see Authorizing RAM Users.
4. Create AK for RAM users. For how to create an AK for a sub-account, see Getting AccessKey.
5. Use AK to create a secret resource named alibaba-addon-secret in the self-built Kubernetes cluster. The ack-virtual-node component installed in step 2 will automatically reference this AK to access the corresponding cloud service resource.
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=
You need to replace the above code and with the AK information you obtained.
Step 2: deploy the ack-virtual-node component in the registered cluster
The steps to deploy the ack-virtual-node component in the registered cluster are as follows:
1. Log in to the container service management console.
2. Find the target registered cluster on the cluster list page, and click to enter the cluster details page.
3. Click Operation and Maintenance Management ->Component Management, find the ack-virtual-node component and click Install
4. Wait for the prompt of successful installation.
Step 3: Create ECI Pod
You can create ECI Pod in the following two ways.
• Configure the Pod tag. Add the tag alibabacloud. com/eci=true to Pod. Pod will run in ECI mode, and its node is a virtual node. The example is as follows:
A. Execute the following command to add a label to Pod.
A. Execute the following command to view Pod.
A. Expected output:
• Configure namespace labels. Add the label alibabacloud. com/eci=true to the namespace where Pod is located. Pod will run in ECI mode, and its node is a virtual node. The example is as follows:
A. Execute the following command to create a virtual node.
A. Execute the following command to add a label to the namespace where Pod is located.
A. Execute the following command to schedule the Pod in the namespace to the virtual node.
A. Execute the following command to view Pod.
A. Expected output:
Related operations
Modify the ACK virtual node configuration
The configuration of the virtual node controller determines its behavior of scheduling ECI Pod and ECI running environment configuration, including virtual switch and security group configuration. You can flexibly modify the controller configuration as needed. After modifying the configuration, the running ECI Pod will not be affected, and it will take effect immediately on the new ECI Pod.
Execute the following command to modify the configuration of the virtual node controller.
kubectl -n kube-system edit deployment ack-virtual-node-controller
Common change operations are as follows:
• Update the virtual-node controller version. When you use the update virtual node function, you need to update the virtual node controller image to the latest version.
• Modify the security group configuration ECI_ SECURITY_ GROUP。 You can modify this environment variable to change the security group of ECI Pod.
• Modify virtual switch configuration ECI_ VSWITCH。 You can modify this environment variable to change the virtual switch where the ECI Pod is located. It is recommended to configure multiple virtual switches to support multiple availability zones. When the inventory of a single availability zone is insufficient, the controller will select another availability zone to create an ECI Pod.
• Modify the kube-proxy configuration ECI_ KUBE_ PROXY。 The default value of this environment variable is true, which means that ECI Pod can access the ClusterIP service in the cluster by default. If the ECI Pod does not need to access the ClusterIP service, such as the job calculation scenario, you can set this environment variable to false to turn off the kube-proxy function. In addition, in some large-scale scenarios, such as when a large number of ECI Pods need to be started in the cluster, the number of concurrent connections between kube-proxy and kubernetes apiserver in ECI will also increase significantly. You can also choose to turn off the kube-proxy function to reduce the pressure on the API server and improve scalability.
• Modify the kube-system/eci-profile configmap. You can modify this ConfigMap to configure more ECI-related parameters, such as virtual switches, security groups, etc.
Delete virtual node
1. Uninstall the ack-virtual-node component.
• In the self-built cluster, after deleting all ECI Pods, uninstall the ack-virtual-node component on the component management page.
2. Delete the relevant virtual node by using the command kubectl delete no.
It indicates that when ECI Pod exists in the cluster, uninstalling the ack-virtual-node component will cause the ECI instance to remain.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00