By default, an elastic container instance only has a private IP address. To enable Internet access — for example, to pull a container image from a public registry — associate an elastic IP address (EIP) with the instance by adding annotations to your Knative Service.
Prerequisites
Before you begin, ensure that you have:
Knative deployed in your ACK cluster. See Deploy Knative
Internet access methods
Two methods can enable Internet access for an elastic container instance:
| Method | How it works | When to use |
|---|---|---|
| Associate an EIP with the elastic container instance | Assigns a public IP directly to one instance | Enable public access for a single instance — the only method supported in Knative |
| Associate an EIP with a NAT gateway | Routes outbound traffic through a shared gateway (separately purchased) for all instances in the virtual private cloud (VPC) | Enable Internet access for multiple instances across the VPC |
Knative supports only the first method. To enable Internet access for an elastic container instance running a Knative Service, associate an EIP directly with that instance.
For more information about enabling Internet access for elastic container instances, see Enable Internet access.
Supported annotations
Add the following annotations to the spec.template.metadata.annotations field of your Knative Service to configure the EIP.
| Annotation | Description | Default |
|---|---|---|
k8s.aliyun.com/eci-eip-instanceid | The ID of an existing EIP to associate | — |
k8s.aliyun.com/eci-with-eip | Set to "true" to automatically create and associate a new EIP | — |
k8s.aliyun.com/eip-bandwidth | Maximum bandwidth for the auto-created EIP, in Mbit/s | 5 |
k8s.aliyun.com/eip-common-bandwidth-package-id | The ID of an EIP bandwidth plan to associate with the auto-created EIP | — |
k8s.aliyun.com/eip-isp | Line type of the auto-created EIP. Valid values: BGP (BGP (Multi-ISP) line), BGP_PRO (BGP (Multi-ISP) Pro line) | — |
Associate an EIP with a Knative Service
Choose one of the following configurations based on your scenario.
Use an existing EIP
Add the k8s.aliyun.com/eci-eip-instanceid annotation and set its value to the ID of the EIP you want to associate.
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
metadata:
labels:
app: helloworld-go
annotations:
k8s.aliyun.com/eci-eip-instanceid: "eip-bp1q5n8cq4p7f6dzu****" # ID of the existing EIP to associate
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:73fbdd56Create a new EIP with a bandwidth limit
Set k8s.aliyun.com/eci-with-eip to "true" to create an EIP automatically. Use k8s.aliyun.com/eip-bandwidth to set the maximum bandwidth. If omitted, bandwidth defaults to 5 Mbit/s.
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
metadata:
labels:
app: helloworld-go
annotations:
k8s.aliyun.com/eci-with-eip: "true" # Create and associate a new EIP automatically
k8s.aliyun.com/eip-bandwidth: "10" # Maximum bandwidth in Mbit/s; omit to use the default of 5
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:73fbdd56Create a new EIP and attach an EIP bandwidth plan
Use k8s.aliyun.com/eip-common-bandwidth-package-id to associate the auto-created EIP with an existing EIP bandwidth plan. This shares bandwidth capacity across multiple EIPs in the same plan.
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
metadata:
labels:
app: helloworld-go
annotations:
k8s.aliyun.com/eci-with-eip: "true" # Create and associate a new EIP automatically
k8s.aliyun.com/eip-common-bandwidth-package-id: "cbwp-2zeukbj916scmj51m****" # ID of the EIP bandwidth plan to attach
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:73fbdd56