This topic describes the configurations and limits of an Elastic Container Instance (ECI). You can customize the following configurations for an ECI: security isolation, CPU and memory resources and specifications, image pulling, storage, network modes, and log collection.

Prerequisites

Security isolation

ECI is a secure and reliable runtime environment for serverless containers. ECIs are completely isolated from each other because sandboxed containers run on lightweight virtual machines. ECIs can be scheduled to run on different hosts. This allows you to ensure high availability.

CPU and memory resources and specifications

Resources are applied and charged in the following ways:

  • Specify CPU and memory resources
    • Specify CPU and memory resources for containers: In the Container Service for Kubernetes console, you can specify CPU and memory resources for a single container by setting the resources and limits parameters. If you do not set the parameters, 1 vCPU and 2 GB of memory are allocated to each container by default. The amount of resources required by an ECI refers to the total amount of resources required by all containers in the ECI. If the specified specification is not supported, ECI automatically adjusts the CPU and memory resources accordingly. For example, if 2 vCPUs and 3 GB of memory are specified for all containers, the allocated resources are adjusted to 2 vCPUs and 4 GB. However, if four or more vCPUs are specified for all containers, the allocation is not adjusted.
    • Specify CPU and memory resources for ECIs: You can specify CPU and memory resources for an ECI by defining annotations. In this case, the CPU and memory resources required by an ECI are not the total amount of container resources. The ECI is created and billed based on the specified resources. After you specify CPU and memory resources for an ECI, you do not need to set the requests and limits parameters for each container. Containers in the ECI can use computing resources to the maximum extent.
    Currently, supported CPU and memory specifications include:
    vCPU Memory
    .25 vCPU 0.5 GB, 1 GB
    .5 vCPU 1 GB, 2 GB
    1 vCPU 2 GB, 4 GB, 8 GB
    2 vCPU 2 GB, 4 GB, 8 GB, 16 GB
    4 vCPU 4 GB, 8 GB, 16 GB, 32 GB
    8 vCPU 8 GB, 16 GB, 32 GB, 64 GB
    12 vCPU 12 GB, 24 GB, 48 GB, 96 GB
    16 vCPU 16 GB, 32 GB, 64 GB, 128 GB
    24 vCPU 48 GB, 96 GB, 192 GB
    32 vCPU 64 GB, 128 GB, 256 GB
    52 vCPU 96 GB, 192 GB, 384 GB
    64 vCPU 128 GB, 256 GB, 512 GB

    The billing period of CPU and memory resources starts when an external storage is mounted to an ECI or container images are downloaded. The billing period ends when the ECI stops running (in the Succeeded or Failed state).

    Calculation formula: ECI fee = (Number of vCPUs × Price per vCPU + Memory size × Price per GB) × ECI running duration. ECI is billed on a per-second basis. The following table lists the unit price of each billing item.

    Billing item Unit price Unit price per hour
    CPU (vCPU per second) USD 0.0000077 USD 0.02772 per hour
    Memory (GB per second) USD 0.00000096 USD 0.003456 per hour
  • Specify ECS instance types for pods

    You can specify Elastic Compute Service (ECS) instance types to create ECIs. For more information about ECS instance types, see ECS instance families. For more information about the prices of ECS instances, see Pay-as-you-go ECS pricing in different regions. You can specify ECS instance types to create ECIs with corresponding capabilities. For example, you can use instance family ecs.sn1ne to create an ECI with enhanced network performance.

    Calculation formula: ECI fee = Unit price of the ECS instance type specified for the ECI × ECI running duration. ECI is billed on a per-second basis.

    When you specify ECS instance types for ECIs, you can use reserved instances to deduct the ECI costs. For more information, see Reserved instance overview.

    The ECI cost after the reserved instances are deducted is close to the cost for monthly subscription of the ECS instance type.

  • Preemptible instances

    You can use preemptible instances by adding annotations. Preemptible instances allow you to significantly reduce the computing costs.

Image pulling

When an ECI starts, the containerd of the ECI pulls container images from a remote image repository. To allow an ECI to pull public images, you must configure a Network Address Translation (NAT) gateway for the Virtual Private Cloud (VPC) network where the ECI is deployed. You can also attach an Elastic IP Address (EIP) to the ECI to pull public images. We recommend that you store container images in Alibaba Cloud Container Registry (ACR) to reduce the time required to pull images over a VPC. In addition, You can pull private images in ACR without a password. This allows you to ensure high efficiency.

ECI supports image snapshot. ECIs cache the pulled container images as snapshots, and then use these snapshots to quickly launch containers. This avoids repeated image pulling from the remote image repository. This feature is suitable for the use of large images.

Storage

ECI supports multiple storage methods as follows:
  • FlexVolume:
    • Mount a Network Attached Storage (NAS) volume: Similar to the use of FlexVolume, you can set the nas volume Id parameter to mount the volume.
    • Mount a disk volume: Similar to the use of FlexVolume, you can set the disk volume Id parameter to mount the volume.
    • ECI supports FlexVolume that dynamically creates disk volumes when you create ECIs. This is a more flexible approach to mount disk volumes. You can specify the size of the disk volume and whether to retain the disk volume when ECI stops running.
  • Network File System (NFS): For more information, see Example.
  • Persistent volumes (PVs) or persistent volume claims (PVCs): see Example.

Network modes

By default, an ECI pod runs in the host network mode. Each ECI pod occupies one Elastic Network Interface (ENI) of the VSwitch.

In a Kubernetes cluster, you can enable an ECI pod to communicate with pods running on ECS nodes through the following methods:
  • Attach the ECI pod to Load Balancer Service: You can attach both ECI pods and pods running on ECS instances to Load Balancer Service.
  • Access Cluster IP Service: An ECI pod can access the IP address of a cluster.
  • Attach an EIP to ECI pods: An EIP can be bound to ECI pods. You can enable ECI pods to automatically create an EIP or bind an existing EIP to them.

Log collection

You can set environment variables of an ECI to collect stdous or log files and import them to Alibaba Cloud Log Service (SLS). In most cases, you do not need to deploy a sidecar container that functions as Logtail.

List of supported annotations

Note Note: You must define annotations in the Pod Spec parameter, do not define annotations in the Deployment Spec parameters.
Annotation Description Example
k8s.aliyun.com/eci-use-specs Specifies the instance types and specifications that are allowed. You can specify multiple instance types. If the stock of a specified instance type is insufficient, the system selects another instance type to create instances. The instance type can be set in the CPU-MEM format (${cpu}-${mem}Gi), ECS instance type format, and GPU type format (eci-gpu-$gputype-$gpucount). "k8s.aliyun.com/eci-use-specs": "2-4Gi,4-8Gi,ecs.c6.xlarge,ecigpu-P100-4"
k8s.aliyun.com/eci-vswitch Sets a VSwitch for an ECI. "k8s.aliyun.com/eci-vswitch" : "${your_vsw_id}"
k8s.aliyun.com/eci-security-group Sets a security group for an ECI. "k8s.aliyun.com/eci-security-group" : "${your_security_group_id}"
k8s.aliyun.com/eci-resource-group-id Sets a resource group to which an ECI belongs. "k8s.aliyun.com/eci-resource-group-id" : "${your_resource_group_id}"
k8s.aliyun.com/eci-ram-role-name Sets the role of the RAM of an ECI to allow it to access other Alibaba Cloud services. "k8s.aliyun.com/eci-ram-role-name" : "${your_ram_role_name}"
k8s.aliyun.com/eci-image-snapshot-id Specifies the ID of a cached image to accelerate ECI creation. k8s.aliyun.com/eci-image-snapshot-id: "${your_image_cache_id}"
k8s.aliyun.com/eci-image-cache Automatically matches existing cached images. The default value is false. k8s.aliyun.com/eci-image-cache: "true"
k8s.aliyun.com/eci-with-eip Creates an EIP and binds it to an ECI. "k8s.aliyun.com/eci-with-eip": "true"
k8s.aliyun.com/eip-bandwidth Sets the bandwidth for an EIP. The default value is 5 Mbit/s. "k8s.aliyun.com/eci-with-eip": "true""k8s.aliyun.com/eip-bandwidth": 10
k8s.aliyun.com/eci-eip-instanceid Binds an existing EIP to an ECI. "k8s.aliyun.com/eci-eip-instanceid": "${your_eip_Instance_Id}"
k8s.aliyun.com/eci-spot-strategy

If you set this parameter to SpotAsPriceGo: automatically bids based on the current market price.

If you set this parameter to SpotWithPriceLimit: sets the highest price of the preemptible instance.

k8s.aliyun.com/eci-spot-strategy: "SpotAsPriceGo"
k8s.aliyun.com/eci-spot-price-limit Valid only when k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit. Sets the highest price within one hour. The price can be accurate to three decimal places. k8s.aliyun.com/eci-spot-price-limit: "0.250"
k8s.aliyun.com/eci-ntp-server Sets one or more Network Time Protocol (NTP) servers. k8s.aliyun.com/eci-ntp-server: 100.100.5.1,100.100.5.2 # Specify the IP addresses of your NTP servers.
k8s.aliyun.com/eci-set-diskvolume Converts the volume to a dynamic disk. For example, emptyDir and hostPath volumes can be converted to dynamic disks. The format is $volumeName:$type:$size. k8s.aliyun.com/eci-set-diskvolume: "cache-volume:ext4:500Gi"

Limits on ECI

ECI and virtual nodes support most pod features. However, ECI does not support the following:
  • Running DaemonSet pods on virtual nodes.
  • Setting the hostPath and hostPID parameters.
  • Adding privileged permissions.
  • Creating oversized configmaps or mounting oversized secret volumes.
  • Enabling NodePort service.
  • Setting network policies.