A serverless Service Mesh (ASM) gateway is provided based on virtual nodes and Elastic Container Instance. It is applicable to service scenarios that require elastic resources and do not require node maintenance. This topic describes how to deploy a serverless ASM gateway.
A Container Service for Kubernetes (ACK) cluster (an ACK standard cluster, an ACK Pro cluster, or an ACK dedicated cluster) is added to the ASM instance. For more information, see Add a cluster to an ASM instance.Note
If you create an ASM gateway in a Serverless Kubernetes (ASK) cluster in the ASM console, the pods run on elastic container instances, and you do not need to perform the operations described in this topic. For more information about how to create a gateway, see Create an ingress gateway service.
The ack-virtual-node component is deployed. For more information, see Deploy the virtual node controller and use it to create Elastic Container Instance-based pods.
Elastic Container Instance
Elastic Container Instance is a serverless elastic computing service. This container service provided by Alibaba Cloud frees you from O&M and provides strong isolation and fast startup for container runtime environments. Elastic Container Instance allows you to focus on container applications without the need to purchase and manage underlying Elastic Compute Service (ECS) servers or maintain the underlying infrastructure. You can create elastic container instances based on your business requirements and pay only for resources that you configure for containers based on the quantity and seconds. For more information, see What is Elastic Container Instance? and Billing overview.
A virtual node helps you significantly reduce computing costs and improve elastic computing efficiency in scenarios with obvious computing load fluctuations.
A taint allows a node to repel a set of pods.
By default, all virtual nodes in an ACK cluster are added with the
Tolerations are applied to pods and allow the pods to be scheduled to nodes with matching taints.
To allow pods in an ACK cluster to use elastic container instances, configure the following
Taints and tolerations work together to prevent the system from scheduling pods to inappropriate nodes. One or more taints can be applied to a node.
For more information, see Taints and Tolerations.
Node affinity attracts pods to a set of nodes. Node affinity rules can be required or preferred. If no soft rules or preferred rules are met, the pods are scheduled to other nodes.
Step 1: Add a label to the desired node
Run the following command to obtain the names of the nodes in the specific cluster:
kubectl get nodes
Run the following command to add a label to the desired node:
# Command format kubectl label nodes <node-name> <label-key>=<label-value> # Sample command kubectl label nodes node1 mykey4pod=asmgateway
Step 2: Add a taint to the node
Run the following command to add a taint to the node:
kubectl taint nodes node1 mykey=myvalue:NoSchedule
This command adds a taint to
node1. The key is
mykey, the value is
myvalue, and the effect is
NoSchedule. This way, only pods that tolerate the taint can be scheduled to
Step 3: Set node affinity and tolerations for the ASM gateway
nodeAffinity-related parameters of the ASM gateway so that pods of the ASM gateway are scheduled to the corresponding nodes. Configure the
tolerations-related parameters to match the taint created in Step 2 so that pods of the ASM gateway can be scheduled to node1.
- Log on to the ASM console. In the left-side navigation pane, choose .
- On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the Ingress Gateway page, find the gateway that you want to set and click YAML on the right.
In the Edit dialog box, add the following content to the
specfield and click OK.
affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: type operator: In values: - virtual-kubelet weight: 20 - preference: matchExpressions: - key: mykey4pod operator: In values: - asmgateway weight: 80 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: mykey4pod operator: In values: - asmgateway - matchExpressions: - key: type operator: In values: - virtual-kubelet tolerations: - effect: NoSchedule key: virtual-kubelet.io/provider operator: Equal value: alibabacloud - effect: NoSchedule key: mykey operator: Equal value: myvalue
The following table describes key parameters. For more information about the parameters, see Assigning Pods to Nodes.
The scheduler tries to find a node that meets the rule. If no matching nodes are found, the scheduler still schedules the pods. This parameter is associated with two
matchExpressionsfields. The values of the
weightfield are relative values, and the configuration with a greater value is preferred. If the configuration with
20is used, the pods are scheduled to use elastic container instances. If the configuration with
80is used, the pods are scheduled to the ECS node with the specified label.
The scheduler schedules the pods only when the rule is met. This parameter is associated with two
matchExpressionsfields. One indicates that the pods are scheduled to the ECS node with the specified label, and the other one indicates that the pods are scheduled to use elastic container instances.
The configurations in the preceding example indicate that the pods tolerate the
virtual-kubelet.io/provider=alibabacloud:NoScheduletaint and can use elastic container instances.
Check whether the node of the gateway pods meets expectations.
Log on to the ACK console and click Clusters in the left-side navigation pane.
On the Clusters page, click the name of a cluster and choose in the left-side navigation pane.
In the upper part of the Pods page, select istio-system from the Namespace drop-down list and check the node of the gateway pods.
If the node of the gateway pods meets expectations, the desired node affinity and tolerations are set for the ASM gateway.