All Products
Search
Document Center

Use Elastic Container Instance in self-managed Kubernetes clusters

Last Updated: Mar 02, 2021

If you have self-managed Kubernetes clusters in Elastic Computer Service (ECS), you must deploy Virtual Kubelet before Elastic Container Instance can be used in the clusters. This topic describes how to deploy Virtual Kubelet.

Preparations

The following table describes the parameters that you must obtain before you deploy Virtual Kubelet.

Parameter

Description

Obtaining method

ECI_ACCESS_KEY

The AccessKey ID of your Alibaba Cloud account.

For more information, see Obtain an AccessKey pair.

ECI_SECRET_KEY

The AccessKey secret of your Alibaba Cloud account.

For more information, see Obtain an AccessKey pair.

ALIYUN_CLUSTERID

The ID of the cluster.

You can customize the ID of the cluster. The ID is the unique identifier of the cluster.

ECI_REGION

The ID of the region.

You can query available regions by using the Elastic Container Instance console or calling the DescribeRegions operation.

ECI_VPC

The ID of the VPC.

You can query the VPC ID on the VPCs page in the VPC console.

ECI_VSWITCH

The ID of the vSwitch.

You can query the ID of the vSwitch on the VSwitches page in the VPC console based on the selected VPC.

ECI_SECURITY_GROUP

The ID of the security group.

You can log on to the VPC console and find the selected VPC. Click the VPC ID to go to the VPC details page. On the Resources tab in the lower part of the page, click the number corresponding to the security group to go to the Security Groups page and obtain the ID of the security group.

Deploy Virtual Kubelet

  1. Create the vk.yaml template file required to deploy Virtual Kubelet.

    The following code provides an example of the YAML file content. You must replace the parameter values with your own information.

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: virtual-node-sa
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: virtual-node-role-binding
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
        name: virtual-node-sa
        namespace: kube-system
    ---
    apiVersion: apps/v1
    kind:  Deployment
    metadata:
      name: virtual-node-controller
      namespace: kube-system
      labels:
        app: virtual-node-controller
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: virtual-node-controller
      template:
        metadata:
          labels:
            app: virtual-node-controller
        spec:
          serviceAccount: virtual-node-sa
          containers:
          - name: alicloud-virtual-kubelet
           # The image and its version required to deploy Virtual Kubelet.
            image: registry.cn-beijing.aliyuncs.com/acs/virtual-nodes-eci:v2.0.0.34-252556a33-aliyun
            imagePullPolicy: Always
            args: ["--provider", "alibabacloud"]
            env:
            - name: KUBELET_PORT
              value: "10250"
            - name: VKUBELET_POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: VKUBELET_TAINT_KEY
              value: "virtual-kubelet.io/provider"
            - name: VKUBELET_TAINT_VALUE
              value: "alibabacloud"
            - name: VKUBELET_TAINT_EFFECT
              value: "NoSchedule"
            - name: ECI_REGION
              value: ${aliyun_region_name}
            - name: ECI_VPC
              value: ${aliyun_vpc_id}
            - name: ECI_VSWITCH
              value: ${aliyun_vswitch_id}
            - name: ECI_SECURITY_GROUP
              value: ${aliyun_sg_id}
            - name: ECI_ACCESS_KEY
              value: ${aliyun_access_key}
            - name: ECI_SECRET_KEY
              value: ${aliyun_secret_key}
            - name: ALIYUN_CLUSTERID
              value: ${custom_define_cluster_id} 
  2. Deploy Virtual Kubelet.

    kubectl apply -f vk.yaml
  3. View the deployment status.

    kubectl get deploy/virtual-node-controller -n kube-system

    The following code provides an example of the returned result after the deployment is complete:

    NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
    virtual-node-controller   1/1         1                      1                  161m
  4. View node information after Virtual Kubelet is deployed.

    kubectl get node -o wide

    If the virtual-kubelet node is displayed in the Ready state, Virtual Kubelet is deployed. Example:

    NAME                  STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                     KERNEL-VERSION                CONTAINER-RUNTIME
    k8s-master01      Ready    <none>   50d    v1.14.2      192.168. *.*     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
    k8s-master02      Ready    <none>   50d    v1.14.2      192.168. *.*     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
    k8s-master03      Ready    <none>   50d    v1.14.2      192.168. *.*     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
    virtual-kubelet    Ready     agent      82m   v1.11.2      172.30. *.*     <none>           <unknown>                  <unknown>                         <unknown>

Check the result

To verify whether the deployment is successful, you can create a pod on a specific virtual node.

  1. Create a YAML file for a specific node.

    vim test-pod.yaml

    The following code provides an example of the YAML file:

    apiVersion: v1
    kind: Pod
    metadata:
      name: test-pod
    spec:
      containers:
      - name: centos
        image: centos:latest
        args:
        - /bin/sh
        - -c
        - date; sleep 6000h
      nodeName: virtual-kubelet
  2. Create a pod.

    kubectl create -f test-pod.yaml
  3. View the creation status of the pod.

    kubectl get pod/test-pod -o wide

    Sample response:

    NAME       READY   STATUS    RESTARTS   AGE   IP                    NODE                  NOMINATED NODE   READINESS GATES
    test-pod   1/1         Running   0                 95s   192.168. *.*   virtual-kubelet   <none>                      <none>
  4. View the YAML file of the pod.

    kubectl  get pod -o yaml test-pod

    Virtual Kubelet adds annotations to pods that run on virtual nodes. Example:

    apiVersion: v1
    kind: Pod
    metadata:
      annotations:
        ProviderCreate: done
        k8s.aliyun.com/eci-instance-id: eci-2ze428yrni34mggb****
  5. View the pod in the Elastic Container Instance console.

    After the pod is created, it is displayed in the Elastic Container Instance console as a container group. The ID of the container group is the value of k8s.aliyun.com/eci-instance-id in the YAML file. The name of the container group is concatenated by using the namespace and name of the pod.Self-managed Kubernetes cluster

Upgrade Virtual Kubelet

If you want to use new features, you may need to update the image version of Virtual Kubelet.

You can run the following command to edit corresponding resources and modify the value of the image tag to the desired version:

kubectl edit deployment -n kube-system virtual-node-controller