All Products
Search
Document Center

Configure an Elastic Container Instance profile

Last Updated: Sep 08, 2021

When you deploy Elastic Container Instance based on Virtual Kubelet in Kubernetes, pods may fail to be properly scheduled to or to run on Elastic Container Instance. You can configure Elastic Container Instance profiles to resolve these issues. This topic describes Elastic Container Instance profiles and how to configure an Elastic Container Instance profile.

Introduction to Elastic Container Instance profile

When you deploy Elastic Container Instance based on Virtual Kubelet in Kubernetes, pods may fail to be properly scheduled to Elastic Container Instance. After pods are scheduled to Elastic Container Instance, you may need to add pod annotations for Elastic Container Instance features such as image cache to allow these features to take effect. Typically, these issues can be resolved by cluster administrators, but for the moment these issues can only be resolved by research and development (R&D) personnel. The R&D personnel can resolve the issues by adjusting the YAML files of pods.

You can configure Elastic Container Instance profiles to deal with the preceding issues. An Elastic Container Instance profile provides the following features:

  • ECI Scheduler

    When Elastic Container Instance are used together with regular nodes, you can configure pod labels, namespace labels, and Elastic Container Instance elastic scheduling to schedule pods to Elastic Container Instance. However, to perform these operations, you must modify existing resources. These modifications may cause vulnerabilities in your system.

    Elastic Container Instance Scheduler implements a new scheduling mechanism based on the Mutating Webhook mechanism. You can declare the namespace or pod labels to be matched in Elastic Container Instance profiles. Pods that have the declared labels are automatically scheduled to Elastic Container Instance.

  • ECI Effect

    You must add annotations and labels to pods for specific Elastic Container Instance features to take effect. Examples of the features include specifying Elastic Compute Service (ECS) instance types, enabling image cache, and configuring the Network Time Protocol (NTP) service. For more information, see Pod annotations supported by Elastic Container Instance.

    Elastic Container Instance Effect allows you to automatically add annotations and labels. In Elastic Container Instance profiles, you can declare the namespace or pod labels to be matched and specify the annotations and labels to be added. If pods have the declared labels, the specified annotations and labels are automatically added to the pods.

  • Configure hot update

    An Elastic Container Instance profile contains configurations for enabling and disabling ClusterIP, hybrid cloud mode, and PrivateZone, and configurations of resource groups, security groups, virtual private clouds (VPCs), and vSwitches. You can modify the configurations based on your requirements. The modified configurations immediately take effect without the need to restart Virtual Kubelet.

Preparations

When you use Elastic Container Instance profiles, make sure that you have the latest version of Virtual Kubelet and that webhook is enabled if you want to use Elastic Container Instance Scheduler.

Make preparations based on the types of Kubernetes clusters.

  • Serverless Kubernetes (ASK) clusters

    Virtual Kubelet is automatically updated to the latest version.

    Note

    By default, ASK clusters schedule pods to Elastic Container Instance. You do not need to use Elastic Container Instance Scheduler to schedule pods to Elastic Container Instance.

  • Container Service for Kubernetes (ACK) clusters

    • For managed ACK clusters, Virtual Kubelet is automatically updated to the latest version. After that, enable webhook.

    • For non-managed ACK clusters, modify the configuration file of Virtual Kubelet, update Virtual Kubelet to the latest version, and enable webhook.

  • Other clusters

    Modify the configuration file of Virtual Kubelet, update Virtual Kubelet to the latest version, and enable webhook.

For information about how to update Virtual Kubelet, see Update Virtual Kubelet.

Parameter description

Elastic Container Instance profiles read eci-profile configuration files from the kube-system namespace and match pods based on the selectors specified in the configuration file. If pods have the labels contained in the selectors, the pods are automatically scheduled to Elastic Container Instance, or annotations and labels are automatically added to the pods for Elastic Container Instance features to take effect.

You can use one of the following methods to edit the eci-profile configuration file:

  • Run the kubectl edit command.

    kubectl edit configmap eci-profile -n kube-system
  • Use the Container Service console.

    1. On the Clusters page of the Container Service console, find the cluster that you want to configure and click the cluster name to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > ConfigMaps.

    3. Select the kube-system namespace.

    4. Find and edit the eci-profile configuration file.

Example of the eci-profile configuration file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"default-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-2",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-3",
            "namespaceSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-4",
            "namespaceSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-5",
            "namespaceSelector":{  
                "matchLabels":{
                    "virtual-node-affinity-injection":"enabled"
                }
            },
            "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
          }
        }
    ]

In the preceding example, data contains parameters such as vpcId, vswitchIds, and selectors.

selectors contain the configurations of Elastic Container Instance Scheduler and Elastic Container Instance Effect. In each selector, you must declare the name of the selector and can declare the following fields based on your business requirements:

  • namespaceSelector: the namespace labels to match.

  • objectSelector: the pod labels to match.

  • effect: the annotations and labels to be dynamically added.

vpcId corresponds to the information of VPCs. vswitchIds corresponds to the information of vSwitches. You can modify the information based on your requirements. The following table describes the parameters that you can modify.

Annotation

Example

Description

enableClusterIp

"true"

Specifies whether to support Cluster IP.

enableHybridMode

"false"

Specifies whether to enable the hybrid cloud mode.

enablePrivateZone

"false"

Specifies whether to use PrivateZone for domain name resolution.

resourceGroupId

rg-aek2z3elfs4qghy

The ID of the resource group.

securityGroupId

sg-2ze0b9o8pjjzts4h****

The ID of the security group.

vSwitchIds

vsw-2zeet2ksvw7f14ryz****

The ID of the vSwitch. You can configure multiple vSwitches and separate them with commas (,).

vpcId

vpc-2zeghwzptn5zii0w7****

The ID of the VPC.

Example on how to configure Elastic Container Instance Scheduler

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays. The pods whose labels are matched are automatically scheduled to Elastic Container Instance.

The following sample code provides an example on how to configure Elastic Container Instance Scheduler:

  selectors: |
   [
      {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
              }
          }
      }
   ]
Notice

In a selector, you must configure namespaceSelector, objectSelector, or both. If you configure both namespaceSelector and objectSelector, only pods that have all the labels specified in both namespaceSelector and objectSelector can be automatically scheduled to Elastic Container Instance.

In the preceding selectors, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to Elastic Container Instance.

Example on how to configure Elastic Container Instance Effect

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays and specify the annotations and labels to be dynamically added. If pods have the declared labels, the specified annotations and labels are automatically added to the pods.

The following sample code provides an example on how to configure Elastic Container Instance Effect:

  selectors: |
   [
    {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
            }
        },
        "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
        }
    }
   ]
Notice

  • In a selector, you can configure namespaceSelector and objectSelector based on your needs. If none of namespaceSelector and objectSelector is specified, the effect settings take effect on all the pods that are scheduled to Elastic Container Instance.

  • If you configure multiple selectors, the selectors are matched in sequence. After pods are matched, the annotations and labels specified in the effect settings are automatically added to the pods. These annotations and labels do not overwrite existing annotations and labels of the pods. If duplicate annotations or labels exist, the higher-priority annotations or labels are used. The existing annotations and labels of the pods have a higher priority than the annotations and labels specified in the effect settings of matched selectors. The priorities of annotations or labels in the effect settings of the selectors descend in the order in which the selectors are matched.

In the preceding selectors, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to Elastic Container Instance. At the same time, the image cache feature is enabled, and the created-by-eci=true label is added to the pod.

Example on how to configure hot update

In data of the eci-profile configuration file, you can modify vSwitchIds to update the vSwitches that can be used when elastic container instances are created to implement the multi-zone feature. The following sample code provides an example on how to configure hot update:

data:
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  resourceGroupId: ""
  securityGroupId: sg-2ze0b9o8pjjzts4h****
  selectors: ""
  vSwitchIds: vsw-2zeet2ksvw7f14ryz****,vsw-2ze94pjtfuj9vaymf****  #Configure multiple vSwitches to implement the multi-zone feature.
  vpcId: vpc-2zeghwzptn5zii0w7****