Elastic Container Instance provides basic container runtimes for Kubernetes clusters. Each elastic container instance is a pod.
Virtual nodes power this model. Built on Virtual Kubelet, an open source Kubernetes Kubelet implementation, virtual nodes let elastic container instances appear as standard pods in your cluster. Virtual nodes support the full range of pod configuration options: specs, images, storage, and networking.
On this page: Basic configurations | Lifecycle | Limitations | Pod orchestration | Extended features
Basic configurations
Specifications
Specify CPU and memory when creating a pod, or choose an Elastic Compute Service (ECS) instance type for workloads with specific hardware requirements — GPU-accelerated inference or local disk access, for example. Billing varies based on which specification type you select. For details, see Billing of elastic container instances.
For available creation methods, see Create an elastic container instance.
Images
A pod supports up to 20 containers. Before deploying a containerized application, prepare a container image that bundles the programs, libraries, and configuration the application needs.
Pulling images
When an elastic container instance starts, containerd pulls container images from a remote image repository. Public image pulls require Internet access — configure a public Network Address Translation (NAT) gateway for the Virtual Private Cloud (VPC), or associate an Elastic IP Address (EIP) with the instance.
For faster pulls over a private network, store images in Container Registry. Private images in Container Registry can be pulled without a Kubernetes Secret, which speeds up image retrieval. For details, see Pull images from a Container Registry instance without using a Secret and Use managed-aliyun-acr-credential-helper to pull images without using a secret.
Image cache
The image cache feature creates a snapshot from a container image. Subsequent instance creation uses that snapshot instead of re-downloading image layers, accelerating the creation process. ACK Serverless clusters deploy with the ImageCache CustomResourceDefinition (CRD) enabled by default. For details, see Use ImageCache to accelerate the creation of elastic container instances.
Storage
Temporary storage
Each pod gets 30 GiB of temporary storage by default, which the container image uses during startup. Scale this up based on your workload's needs. For details, see Scale up the temporary storage space.
Persistent storage
Mount volumes to share or retain data across pod restarts. In ACK Serverless clusters, use the CSI (Container Storage Interface) plug-in to mount Alibaba Cloud storage: disks, File Storage NAS (NAS) file systems, and Object Storage Service (OSS) buckets. For an overview of storage options, see CSI overview.
For the full list of storage configurations, see Storage.
Networks
Private IP address
Each pod gets an elastic network interface (ENI) from a vSwitch in its VPC, with a private IP address assigned from that vSwitch. The vSwitch selection order is: k8s.aliyun.com/eci-vswitch annotation → PodNetworking → eci-profile configuration. To pin a specific private IP address, see Specify a private IP address for a pod and Configure a fixed IP address for a pod.
Internet access
Pods are assigned internal IP addresses only by default. For Internet access — pulling public images, for example — associate an EIP with the pod, or add a NAT gateway to the VPC. For details, see Enable Internet access for pods.
IPv6
Elastic Container Instance supports IPv6, giving you a significantly larger address pool than IPv4. For details, see Assign an IPv6 address to an Elastic Container Instance-based pod.
For the full list of network configurations, see Network.
Containers
Configure container startup commands, liveness and readiness probes, and security contexts — the same way you would in standard Kubernetes. For details, see Container configurations.
Lifecycle
Pods move through distinct states during their lifecycle. For a mapping between Elastic Container Instance pod states and standard Kubernetes pod states, see Lifecycle of a pod.
Limitations
Elastic Container Instance does not support certain Kubernetes features due to Alibaba Cloud public cloud security constraints and virtual node restrictions.
| Unsupported feature | Description | Recommended alternative |
|---|---|---|
| hostPath | Mount files from on-premises hosts to containers | Use emptyDir volumes, disks, or File Storage NAS (NAS) file systems |
| hostNetwork | Map a host port to a container | Create a Service of the LoadBalancer type |
| DaemonSet | Deploy a static pod on the host of a container | Deploy multiple images in a pod using sidecar containers |
| Service of the NodePort type | Map a host port to a container | Create a Service of the LoadBalancer type |
For the complete list of limitations, see Limits.
Pod orchestration
Modifying pod YAML files directly can cause unexpected behavior. Use eci-profile instead — configuration files that let you apply settings to elastic container instances cluster-wide and select which pods to target using label selectors. For details, see Configure eci-profile.
Extended features
Data cache
Cache large datasets — model training data, for example — so pods can mount and use the data immediately on startup. This prevents repeated downloads and reduces both startup time and cost. For details, see Data cache overview.
ECI pod annotations
Add annotations to pods scheduled on elastic container instances to enable ECI-specific features. Annotations must comply with Kubernetes syntax. Add them manually at pod creation time, or configure eci-profile to apply them automatically to pods matching specific labels. For the full list of supported annotations, see ECI pod annotation.