This topic describes how to use Elastic Container Instance (ECI) in a user-created Kubernetes cluster on Alibaba Cloud through Virtual Kubelet.

Deploy Virtual Kubelet in a user-created Kubernetes cluster

You can deploy Virtual Kubelet in a user-created Kubernetes cluster by using a YAML file.

Before you begin

Obtain the information described in the following table before you deploy Virtual Kubelet.

Parameter Description How to obtain the value
ECI_ACCESS_KEY The AccessKey ID of your Alibaba Cloud account. For more information, see How can I obtain an AccessKey pair?
ECI_SECRET_KEY The AccessKey secret of your Alibaba Cloud account. For more information, see How can I obtain an AccessKey pair?
ALIYUN_CLUSTERID The ID of the Kubernetes cluster where Virtual Kubelet is to be deployed. You can specify a unique ID for the Kubernetes cluster.
ECI_REGION The ID of the region where ECIs are to be created. Log on to the ECI console and obtain the ID of the region. For example, cn-beijing represents the China (Beijing) region.
ECI_VPC The Virtual Private Cloud (VPC) where ECIs are to be created. Log on to the VPC console and obtain the ID of an appropriate VPC in the selected region.
ECI_VSWITCH The default VSwitch to be used by Virtual Kubelet to create ECIs. Log on to the VPC console. In the left-side navigation pane, click VSwitches. On the VSwitches page, obtain the ID of an appropriate VSwitch in the selected VPC.
ECI_SECURITY_GROUP The default security group to be used by Virtual Kubelet to create ECIs. Log on to the VPC console. On the VPCs page, click the ID of the selected VPC to go to the VPC Details page. In the Network Resources section of the page, click the number next to Security Groups. On the Security Groups page of the Elastic Compute Service (ECS) console, obtain the ID of an appropriate security group.

YAML file

$ cat deployment-vk.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: virtual-node-sa
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: virtual-node-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: virtual-node-sa
    namespace: kube-system
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: virtual-node-controller
  namespace: kube-system
  labels:
    app: virtual-node-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: virtual-node-controller
  template:
    metadata:
      labels:
        app: virtual-node-controller
    spec:
      serviceAccount: virtual-node-sa
      containers:
      - name: alicloud-virtual-kubelet
        image: registry.cn-hangzhou.aliyuncs.com/acs/virtual-nodes-eci:v1.0.0.1-aliyun
        imagePullPolicy: Always
        args: ["--provider", "alibabacloud"]
        env:
        - name: KUBELET_PORT
          value: "10250"
        - name: VKUBELET_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: VKUBELET_TAINT_KEY
          value: "virtual-kubelet.io/provider"
        - name: VKUBELET_TAINT_VALUE
          value: "alibabacloud"
        - name: VKUBELET_TAINT_EFFECT
          value: "NoSchedule"
        - name: ECI_REGION
          value: ${aliyun_region_name}
        - name: ECI_VPC
          value: ${aliyun_vpc_id}
        - name: ECI_VSWITCH
          value: ${aliyun_vswitch_id}
        - name: ECI_SECURITY_GROUP
          value: ${aliyun_sg_id}
        - name: ECI_ACCESS_KEY
          value: ${aliyun_access_key}
        - name: ECI_SECRET_KEY
          value: ${aliyun_secret_key}
        - name: ALIYUN_CLUSTERID
          value: ${custom_define_cluster_id}	

Replace the following content in the YAML file with the obtained information:

  • aliyun_region_name
  • aliyun_vpc_id
  • aliyun_vswitch_id
  • aliyun_sg_id
  • aliyun_access_key
  • aliyun_secret_key

Set the specified ID for your Kubernetes cluster and replace custom_define_cluster_id with the ID.

Deploy Virtual Kubelet

# View the information about nodes in the cluster before you deploy Virtual Kubelet.
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# kubectl get node -o wide
NAME                 STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                     KERNEL-VERSION                CONTAINER-RUNTIME
k8s-master01      Ready    <none>   50d   v1.14.2      192.168.0.15     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
k8s-master02      Ready    <none>   50d   v1.14.2      192.168.0.16     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
k8s-master03      Ready    <none>   50d   v1.14.2      192.168.0.17     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6

# Deploy Virtual Kubelet.
[root@k8s-master01 ~]# kubectl apply -f deployment-vk.yaml
serviceaccount/virtual-node-sa created
clusterrolebinding.rbac.authorization.k8s.io/virtual-node-role-binding created
deployment.apps/virtual-node-controller created

# Check whether Virtual Kubelet is deployed.
[root@k8s-master01 ~]# kubectl get deploy/virtual-node-controller -n kube-system
NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
virtual-node-controller   1/1         1                      1                  161m

# View the information about nodes in the cluster after you deploy Virtual Kubelet.
[root@k8s-master01 ~]# kubectl get node -o wide
NAME                  STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                     KERNEL-VERSION                CONTAINER-RUNTIME
k8s-master01      Ready    <none>   50d    v1.14.2      192.168.0.15     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
k8s-master02      Ready    <none>   50d    v1.14.2      192.168.0.16     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
k8s-master03      Ready    <none>   50d    v1.14.2      192.168.0.17     <none>           CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.6
virtual-kubelet    Ready     agent      82m   v1.11.2      172.30.176.3     <none>           <unknown>                  <unknown>                         <unknown>
			

Verify the installation

  1. Create a pod on the specified virtual node.
    $ cat test-pod.yaml
    apiVersion: v1
    kind: Pod
    metadata:
      name: test-pod
    spec:
      containers:
      - name: centos
        image: centos:latest
        args:
        - /bin/sh
        - -c
        - date; sleep 6000h
      nodeName: virtual-kubelet
    
    # Create a pod.
    [root@k8s-master01 ~]# kubectl create -f test-pod.yaml
    pod/test-pod created	
  2. Check whether the pod is created.
    [root@k8s-master01 ~]# kubectl get pod/test-pod -o wide
    NAME       READY   STATUS    RESTARTS   AGE   IP                    NODE                  NOMINATED NODE   READINESS GATES
    test-pod   1/1         Running   0                 95s   192.168.6.165   virtual-kubelet   <none>                      <none>
    
    # Virtual Kubelet adds annotations to the pod running on the virtual-kubelet node.
    [root@k8s-master01 ~]# kubectl  get pod -o yaml test-pod
    apiVersion: v1
    kind: Pod
    metadata:
      annotations:
        ProviderCreate: done
        k8s.aliyun.com/eci-instance-id: eci-2zeaak7c7i6xb5uqnw4m	
  3. View the corresponding container group in the ECI console.