All Products
Search
Document Center

Configure an Elastic Container Instance profile

Last Updated: Apr 30, 2021

When you use Elastic Container Instance based on Virtual Kubelet in Kubernetes scenarios, pods may fail to be seamlessly scheduled to or to run on Elastic Container Instance. You can configure Elastic Container Instance profiles to resolve these issues. This topic describes what an Elastic Container Instance profile is and how to configure an Elastic Container Instance profile.

Introduction to Elastic Container Instance profile

When you use Elastic Container Instance based on Virtual Kubelet in Kubernetes scenarios, pods may fail to be seamlessly scheduled to Elastic Container Instance. After pods are scheduled to Elastic Container Instance, you may need to add pod annotations for Elastic Container Instance features such as image cache to take effect. Typically, these issues are to be resolved by cluster administrators, but now these issues need to be resolved by research and development (R&D) personnel. The R&D personnel can resolve the issues by adjusting the YAML files of pods.

You can configure Elastic Container Instance profiles to deal with the preceding issues. An Elastic Container Instance profile provides the following features:

  • Elastic Container Instance Scheduler

    When you use Elastic Container Instance in conjunction with regular nodes, you can use one of the following methods to schedule a pod to Elastic Container Instance:

    These methods are not intrusion-free and require modifications to existing resources.

    Elastic Container Instance Scheduler implements a new scheduling mechanism based on the Mutating Webhook mechanism. You can declare the namespace or pod labels to be matched in Elastic Container Instance profiles. Pods that have matching labels are automatically scheduled to Elastic Container Instance.

  • Elastic Container Instance Effect

    You must add annotations and labels to pods for specific Elastic Container Instance features to take effect. Examples of the features include specifying Elastic Compute Service (ECS) instance types, enabling image cache, and configuring the Network Time Protocol (NTP) service. For more information, see Pod annotations supported by Elastic Container Instance.

    Elastic Container Instance Effect provides the capability of automatically adding annotations and labels. In Elastic Container Instance profiles, you can declare the namespace or pod labels to be matched and specify the annotations and labels to be added. If pods have the declared labels, the specified annotations and labels are automatically added to the pods.

Preparations

When you use Elastic Container Instance profiles, make sure that Virtual Kubelet is of the latest version and that webhook is enabled if you want to use Elastic Container Instance Scheduler.

Make preparations based on the types of Kubernetes clusters.

  • Serverless Kubernetes (ASK) clusters

    Have Virtual Kubelet in the cluster automatically upgraded to the latest version.

    Note

    By default, ASK clusters schedule pods to Elastic Container Instance. You do not need to use Elastic Container Instance Scheduler to schedule pods to Elastic Container Instance.

  • Container Service for Kubernetes (ACK) clusters

    • For managed ACK clusters, have Virtual Kubelet automatically upgraded to the latest version and enable webhook.

    • For non-managed ACK clusters, modify the configuration file of Virtual Kubelet, upgrade Virtual Kubelet to the latest version, and enable webhook.

  • Other clusters

    Modify the configuration file of Virtual Kubelet, upgrade Virtual Kubelet to the latest version, and enable webhook.

You can run the following command to modify the configuration file of Virtual Kubelet:

kubectl edit deployment -n kube-system virtual-node-controller

The following sample code provides an example on how to modify the configuration file of Virtual Kubelet:

spec:
  replicas: 1
  selector:
    matchLabels:
      app: virtual-node-controller
  template:
    metadata:
      labels:
        app: virtual-node-controller
    spec:
      containers:
      - name: virtual-node-controller
        image: registry.cn-beijing.aliyuncs.com/acs/virtual-nodes-eci:v2.******-aliyun  #Change the tag of the image to the latest version.
  env:  #Use the environment variable to enable webhook.
        - name: WEBHOOK
          value: "true"

Configuration description

Elastic Container Instance profiles read eci-profile configuration files from the kube-system namespace and match pods based on the selectors specified in the configuration file. If pods have the labels contained in the selectors, the pods are automatically scheduled to Elastic Container Instance, or annotations and labels are automatically added to the pods for Elastic Container Instance features to take effect.

You can use one of the following methods to edit the eci-profile configuration file:

  • Run the kubectl edit command.

    kubectl edit configmap eci-profile -n kube-system
  • Use the Container Service console.

    1. On the Clusters page of the Container Service console, find the cluster that you want to configure and click the cluster name to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > ConfigMaps.

    3. Select the kube-system namespace.

    4. Find and edit the eci-profile configuration file.

Example of the eci-profile configuration file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"default-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-2",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-3",
            "namespaceSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-4",
            "namespaceSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-5",
            "namespaceSelector":{  
                "matchLabels":{
                    "virtual-node-affinity-injection":"enabled"
                }
            },
            "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
          }
        }
    ]

In the preceding example, selectors contain the configurations of Elastic Container Instance Scheduler and Elastic Container Instance Effect. In each selector, you must declare the name of the selector and can declare the following fields based on your needs:

  • namespaceSelector: the namespace labels to be matched.

  • objectSelector: the pod labels to be matched.

  • effect: the annotations and labels to be dynamically added.

Note

In eci-profile, you can configure Elastic Container Instance Scheduler and Elastic Container Instance Effect. You can also configure and dynamically update other settings such as security groups, vSwitches, and resource groups without the need to restart Virtual Kubelet. This topic focuses on how to configure Elastic Container Instance Scheduler and Elastic Container Instance Effect by using selectors in the eci-profile configuration file.

Example on how to configure Elastic Container Instance Scheduler

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels to be matched in the form of arrays. The pods that have matching labels are automatically scheduled to Elastic Container Instance.

The following sample code provides an example on how to configure Elastic Container Instance Scheduler by using selectors:

   selectors: |
   [
      {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
              }
          }
      }
   ]
Notice

In a selector, you must configure namespaceSelector, objectSelector, or both. If you configure both namespaceSelector and objectSelector, only pods that have all the labels specified in both namespaceSelector and objectSelector can be automatically scheduled to Elastic Container Instance.

In the preceding selectors, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to Elastic Container Instance.

Example on how to configure Elastic Container Instance Effect

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels to be matched in the form of arrays and specify the annotations and labels to be dynamically added. If pods have the declared labels, the specified annotations and labels are automatically added to the pods.

The following sample code provides an example on how to configure Elastic Container Instance Effect by using selectors:

   selectors: |
   [
    {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
            }
        },
        "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
        }
    }
   ]
Notice

  • In a selector, you can configure namespaceSelector and objectSelector based on your needs. If namespaceSelector and objectSelector are not specified, the effect settings take effect on all the pods that are scheduled to Elastic Container Instance.

  • If you configure multiple selectors, these selectors are matched in sequence. After matching pods are found, the annotations and labels specified in the effect settings are automatically added to the pods. These annotations and labels do not overwrite existing annotations and labels of the pods. If duplicate annotations or labels exist, the higher-priority annotations or labels are used. The existing annotations and labels of the pods have a higher priority than the annotations and labels specified in the effect settings of matched selectors. The priorities of annotations or labels in the effect settings of the selectors descend in the order in which the selectors are matched.

In the preceding selectors, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to Elastic Container Instance. At the same time, the image cache feature is enabled, and the created-by-eci=true label is added to the pod.