All Products
Search
Document Center

FAQ

Last Updated: Apr 14, 2021

This topic provides answers to some commonly asked questions about Elastic Container Instance, such as questions about billing, instances, containers, images, network, and storage.

How is an elastic container instance that runs jobs billed?

After job or CronJob containers run to completion, the elastic container instances enter the Succeeded or Failed state. You are not charged for these instances regardless of whether they are deleted.

The billing duration of the elastic container instances starts when container images are downloaded by using the docker pull command and ends when these instances stop running and enter the Succeeded or Failed state. For more information, see Overview.

How do I view vCPU quotas and quota usage by virtual nodes?

The maximum number of elastic container instances that you can create and the maximum number of pods allowed on a virtual node are determined by your quota and usage of vCPUs within a specific region. Elastic Container Instance share vCPU quotas with ECS. If a quota cannot meet your business requirements, you can submit a ticket to apply for a quota increase.

You can perform the following operations to view quotas in the Elastic Container Instance console:

  1. Log on to the Elastic Container Instance console.

  2. In the top navigation bar, select a region.

  3. In the left-side navigation pane, click Privileges and Quotas.

The quotas and quota usage are displayed on the Privileges and Quotas page, as shown in the following figure.

Image 2

How do I troubleshoot a ValueExceeded error?

If the quota is insufficient when you create an elastic container instance, a ValueExceeded error occurs. You can submit a ticket to apply for a quota increase.

How do I accelerate the creation of elastic container instances?

Problem description:

On a standard node, a pod can be created within 3 seconds. However, it takes more than 10 seconds to start an elastic container instance that was created from an image cache.

Cause analysis:

This situation is normal. When you request to create a pod on a standard node, the system does not apply for resources but directly creates containers on the node. When you request to create an elastic container instance, the system first applies for the required resources. If you specify multiple zones, the system tries the specified zones one by one to find a zone where available resources are sufficient to create the instance.

The system must spend more time in creating the instance if the system has to retry in different zones due to insufficient resources. To avoid this problem, we recommend that you start with a zone that has sufficient available resources when you specify multiple zones.

Why do the instance specifications displayed in the Elastic Container Instance console differ from those displayed in monitoring data?

Problem description:

You have created an elastic container instance that has 0.5 vCPUs and 1 GiB of memory. However, the instance specifications displayed in monitoring data are 2 vCPUs and 2 GiB of memory.

Cause analysis:

This situation is normal. Two vCPUs and 2 GiB of memory are the specifications of the virtual machine, not the specifications of the elastic container instance. If you specify 0.5 vCPUs and 1 GiB of memory as the specifications for an elastic container instance when you purchase the instance, the instance can use only the resources of the specified specifications.

How do I avoid an OperationDenied.NoStock error?

If resources are sold out in the current region and zone when you create an elastic container instance, an OperationDenied.NoStock error occurs. We recommend that you specify multiple instance types across multiple zones when you create elastic container instances. For more information, see Create an elastic container instance by specifying multiple zones and Create an elastic container instance by specifying multiple instance types.

What do I do if the "Back-off restarting failed container" event repeatedly occurs?

If a container created from a specified image does not have a daemon process, the container exits immediately after it starts. As a result, the container continuously restarts and the "Back-off restarting failed container" event keeps occurring.

You must configure commands used to start the containers that are created from base images such as CentOS and BusyBox images. For more information, see Create an elastic container instance by using a CentOS image.

A pod is scheduled to the virtual-kubelet node but fails to run on the node. What do I do?

Problem description:

In a Kubernetes cluster deployed with the virtual-kubelet node or a Serverless Kubernetes (ASK) cluster, the following issue may occur: A pod is scheduled to the virtual-kubelet node but no events are generated. In this case, you must query the logs of the virtual-kubelet node and troubleshoot the issue based on the logs.

Note

If an event is generated, you can troubleshoot the issue based on the event.

Solution:

  1. On the Clusters page of the Container Service for Kubernetes (ACK) console, find the cluster and choose More >Open Cloud Shell in the Actions column.

  2. Run the following command to obtain the name of the virtual-kubelet pod:

    kubectl -n kube-system get pods

    faq-vk-log-4
  3. Run the following command to obtain the logs of the pod. Replace ack-virtual-node-controller-xxxxxxxxxx with the pod name obtained in Step 2.

    kubectl -n kube-system logs ack-virtual-node-controller-xxxxxxxxxx

    faq-vk-log-5
  4. Troubleshoot the issue based on the latest error messages in the logs. Alternatively, submit a ticket and provide the request ID and error messages to Alibaba Cloud technical support.

    faq-vk-log-6

What do I do if a pod remains in the Pending state after it is created?

Problem description:

A pod remains in the Pending state for several hours after it was created. Check the pod event list or instance event list. The issue occurs because the connection to the API server times out when you mount a volume.

Solution:

This issue is caused by a poor connection between the instance and the API server. You can perform the following operations to troubleshoot the issue:

  • Check whether the pod and the API server of the cluster are deployed in the same VPC.

  • If you have configured access control for the server load balancer (SLB) instance of the cluster, make sure that the CIDR block of the pod is added to the access control list (ACL).

In a Kubernetes cluster, kube-proxy and CoreDNS are scheduled to the virtual node but fail to start. What do I do?

When Kubernetes schedules kube-proxy and CoreDNS, Kubernetes ignores their taints and may schedule kube-proxy and CoreDNS to virtual nodes. To solve this issue, you can add the following content to the YAML files of kube-proxy and CoreDNS:

affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet

Why does the authentication configured in the ingress controller of an ASK cluster not take effect?

Problem description:

The nginx.ingress.kubernetes.io/auth-url annotation is set in nginx-ingress but does not take effect.

Cause analysis:

In ASK, ingress controllers provide load balancing capabilities based on SLB instances and do not support URL authentication.

ACK supports URL authentication.

Does Elastic Container Instance support private images?

Yes, Elastic Container Instance supports private images.

You can create your own images in Alibaba Cloud Container Registry. You can also build your own image repositories.

Can I update image caches?

No, you cannot modify or update image caches. To modify or update an image cache, we recommend that you create a desired image cache and delete the original one.

Can I change the security group of an elastic container instance?

No, you cannot change the security groups of elastic container instances. To use an elastic container instance in a different security group, create an identical elastic container instance in that security group.

How do I access an elastic container instance over the Internet?

To allow your elastic container instance to communicate with the Internet, you must configure an elastic IP address (EIP) or a NAT gateway for the instance. For more information, see Enable Internet access.

Do elastic container instances support port mapping?

No, elastic container instances do not support port mapping.

You can use the IP address of an elastic container instance and a container port number to access the instance from a client within the same VPC. The container port is enabled by default.

To allow access from the Internet, you can configure an EIP or a NAT gateway for the elastic container instance. For more information, see Enable Internet access.

After a cluster is upgraded, the service IP address cannot be pinged. What do I do?

Before October 2020, each service IP address was assigned to a virtual network interface controller and could be pinged. As of October 2020, service IP addresses were made present only in IP Virtual Server (IPVS) rules to optimize high concurrency. Service IP addresses can no longer be pinged. IPVS forwards requests based on IP addresses and port numbers and cannot forward ping packets.

Can an elastic container instance share an Apsara File Storage NAS file system with an ECS instance?

Yes, elastic container instances can share Apsara File Storage NAS file systems with ECS instances. You can configure mount targets for the file systems and mount them to different services. For more information, see NAS (FlexVolume).

Do elastic container instances support data persistence?

Yes, elastic container instances support data persistence. You can create stateful applications on elastic container instances. You can add volumes when you create elastic container instances, and then write data to the volumes for persistence. For more information, see Volume.

How do I attach volumes?

If an elastic container instance requires high I/O performance of the storage and needs to store large numbers of temporary files such as log files generated at runtime, we recommend that you attach an external volume to the instance.

When you create an elastic container instance, you can select a volume of one of the following categories to add to the instance. The volume type is FlexVolume.

Does Elastic Container Instance support the ephemeral-storage parameter to modify temporary storage?

No, Elastic Container Instance does not support the ephemeral-storage parameter. By default, 40 GiB of temporary storage is provided. You can perform the following operations to increase the temporary storage capacity:

  1. Create an image cache and specify the image cache size.

  2. Create an elastic container instance by using the image cache.

    The created instance has a temporary storage capacity equal to the image cache size.

Why are elastic container instance logs not collected?

If you have set the aliyun_logs_{Logstore name} environment variable of Log Service in a pod but no elastic container instance logs are found in Log Service, it may be due to the following causes:

  • Short runtime of the elastic container instance

If the job container is running to completion within 20 seconds after the elastic container is started, the container may exit and the log-related volume may be unmounted before logs are collected. As a result, Log Service fails to collect logs.

  • Collection path error

If you specify the environment variable for a pod to collect logs for the first time, Elastic Container Instance automatically creates a Logstore and a path in Log Service. Only this path can be used when you create another pod. If another path is used, Log Service does not collect logs. You can change the path together with the Logstore itself. Elastic Container Instance then automatically creates a new Logstore in Log Service.