A sandboxed container runtime runs each application pod inside a lightweight virtual machine, giving it a dedicated kernel and fine-grained isolation from the host and other containers. This prevents vulnerabilities or malicious attacks in one container from affecting adjacent workloads. This topic describes how to create a sandboxed container node pool and scale it out.
Limitations
| Constraint | Details |
|---|---|
| Cluster type | ACK managed clusters and ACK dedicated clusters only |
| Cluster version | 1.16–1.34. If your cluster version is outside this range, upgrade the cluster before proceeding. |
| Operating system | Custom images are not supported. See the OS support matrix below. |
| Instance types | ECS Bare Metal Instance types only |
| Network plugins | Flannel and Terway (in some modes). When using Terway, dedicated ENI mode and DataPath v2 are not supported. |
OS support matrix
| Cluster version | Supported OS |
|---|---|
| Earlier than 1.30 | Alibaba Cloud Linux 3 and Alibaba Cloud Linux 2 (maintenance has stopped) |
| 1.30 and later | Alibaba Cloud Linux 3 only |
Create a sandboxed container node pool
When creating a node pool, set the container runtime to Sandboxed Container. For the full node pool creation procedure, see Create and manage node pools.
Scale out a sandboxed container node pool
-
Log on to the Container Service console. In the left navigation pane, click Clusters.
-
Click the name of your cluster. In the left navigation pane, choose Nodes > Node Pools.
-
In the Actions column of the target node pool, click Scale. Select Manual mode, set Expected Nodes, and follow the on-screen instructions to submit the changes.
After the scale-out completes, the node pool's node count updates to the number you specified.
What's next
-
Deploy a workload on your sandboxed container node pool: Create stateless workloads (Deployment)
-
Create a cluster or node pool using the API: CreateCluster and CreateClusterNodePool