Swarm mode clusters have certain dependencies on the machine environment when being created, no matter you select to create nodes together with the cluster or add existing Elastic Compute Service (ECS) instances to the cluster after the creation.
To guarantee the high availability, we recommend that at least 3 Manager nodes are in a swarm mode cluster.
Note: Currently, Container Service allows you to create a cluster with a single node, but does not support multi-node orchestration scheduling commands, and the cluster is unavailable if the ECS instance malfunctions.
- The ECS instance to be added must be in the same region and use the same network type (classic or Virtual Private Cloud (VPC)) as the cluster.
When adding an existing ECS instance, make sure that your ECS instance has a public IP if the network type is classic or an Elastic IP (EIP) if the network type is VPC. Otherwise, the ECS instance fails to be added.
The ECS instance to be added must be under the same account as the cluster.
The Docker Engine installed on the ECS instance must be in version 1.12 or later. Make sure Docker Engine daemon is run on each node.
If you select to manually add the ECS instance, note that:
If you have installed Docker Engine on your ECS instance, you are prompted whether or not to delete the Docker Engine.
You must delete the Docker Engine if the ECS instance has been added to a cluster.
In swarm mode clusters, you must use the Docker Engine provided by Alibaba Cloud Container Service. The official Docker Engine is not compatible. Therefore, you must delete the Docker Engine if you have installed the official Docker Engine on your ECS instance.
Commands to delete Docker Engine are as follows:
apt-get remove -y docker-engine,
rm -fr /etc/docker/ /var/lib/docker /etc/default/docker
yum remove -y docker-engine,
rm -fr /etc/docker /var/lib/docker
Container Service nodes have special requirements for the operating system of the ECS instance. We recommend that you use Ubuntu 14.04/16.04 64bit or CentOS 7 64bit as the operating system. We have strictly tested the stability and compatibility of these operating systems.
For the Container Service clusters created after February 28, 2017, the security groups created by default have been reinforced. Alibaba Cloud Container Service only sets the inbound security group rules. For more information, see Container Service security group rules. The opening rules are as follows:
|Security group||Function||Configuration strategy|
|Port 80 and 443||Facilitates your business Web services. You can open or close these ports as per your needs.||Opened by default. You can open or close these ports.|
|Port 22||Container Service depends on port 22 to initialize the ECS instance, which allows you to use SSH to log on to the ECS instance and configure the clusters.||Opened by default.|
|ICMP rule||This rule is used for communication between nodes and the convenience of troubleshooting. Some tools also depend on ICMP.||Opened by default.|
|Authorization object of VPC security group||The basic address of the container ClasslessInter-Domain Routing (CIDR) block. This is related to the initial CIDR block of Container Service that you set when creating the VPC cluster. The authorization object guarantees the communication between containers.||Configure the CIDR block on your own.|