You can add existing Elastic Compute Service (ECS) instances to a Container Service for Kubernetes (ACK) cluster in the ACK console. ECS instances can be added only as worker nodes to an ACK cluster. This topic describes how to manually add ECS instances to an ACK cluster. This topic also describes how to configure ACK to automatically add ECS instances to an ACK cluster.

Prerequisites

Limits

  • Make sure that you have a sufficient node quota in the cluster. To increase the quota, Submit a ticket. For more information about the quota limits related to ACK clusters, see Limits.
  • The ECS instances that you want to add to the ACK cluster must be deployed in the same region and virtual private cloud (VPC) as the cluster.
  • The ECS instances that you want to add must belong to the account that owns the cluster.
  • Nodes that run the following operating systems can be added to an ACK cluster:
    • Alibaba Cloud Linux 2
    • CentOS 7.x
      Note CentOS 8.x and later are not supported.
    • Windows Server 2019 and Windows Server version 1809 and later.

Limits on ECS instances

Number of security groups

When an existing instance is added to a node pool, the instance is also added to the security group of the node pool. The system skips this step if the instance is already in the security group. Make sure that the number of security groups to which the instance belongs does not exceed the upper limit after the instance is added to the node pool. For information about limits on ECS, see Limits.

Limits on security group rules

A security group acts as a virtual firewall to control the inbound and outbound traffic of Elastic Compute Service (ECS) instances to improve security.

Security groups are classified into basic security groups, advanced security groups, and managed security groups. Managed security groups are created by cloud services. The rules of a managed security group can be modified only by the cloud service that created the managed security group. When you create a node pool, do not select a managed security group. Otherwise, you fail to create the node pool. The following table compares basic security groups and advanced security groups.
Item Basic security group Advanced security group
Access control policy when the security group does not contain rules
  • Inbound: denies all requests.
  • Outbound: allows all requests.
  • Inbound: denies all requests.
  • Outbound: denies all requests.
Maximum number of private IP addresses 2000 65536
Mutual access between instances within the same security group By default, instances within the same security group can access each other over the internal network. By default, instances within the same security group are isolated from each other by internal networks. You must manually add security group rules to allow mutual access between the instances.
Access to or from other security groups Access to or from other security groups is allowed. Rules cannot be added to control access to or from other security groups.

When you create a node pool, the system automatically adds rules to the security group of the node pool to enable communication within the cluster. For more information about how to configure rules of basic security groups and advanced security groups, see Configure security group rules to enforce access control on ACK clusters.

When you add an instance to a security group, make sure that the following rules do not conflict with the rules of the security groups to which the instance already belongs. Otherwise, pods cannot communicate with each other.
  • The pod CIDR block
  • The secondary IPv4 CIDR block of the VPC

Automatically add ECS instances

In auto mode, all ECS instances that are available within your account are listed. You can select, configure, and add one or more ECS instances to a cluster in the ACK console. After you complete the configurations, the ECS instances are automatically added to the cluster.

Note If your cluster does not have a node pool, create a node pool before you add existing nodes to the cluster. For more information, see Create a node pool.
  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Nodes > Node Pools.
  5. On the Node Pools page, find the node pool to which you want to add nodes and click Add Existing Node in the Actions column.
  6. On the Add Existing ECS Instance wizard page, select the auto mode to automatically add ECS instances to the cluster.
    Set Mode to Auto and select the ECS instances that you want to add in the Select Existing ECS Instance section.
  7. Click Next Step and set the parameters on the Specify Instance Information wizard page.
    Parameter Description
    Cluster ID/Name Information about the cluster to which the instances are to be added. This parameter is automatically set.
    Data Disk Specify whether to store the container and image data on a data disk.
    • If the ECS instances have data disks mounted and the file system of the last data disk is not initialized, the system automatically formats the data disk to ext4. Then, the system uses the disk to store the data in /var/lib/docker and /var/lib/kubelet.
      Notice Data on a disk is lost after you format the disk. Before the system formats the data disk, we recommend that you back up the data on the data disk.
    • If no data disk is attached to the ECS instances, the system does not purchase a new data disk.
    Retain Instance Name By default, Retain Instance Name is turned on. If you do not want to retain the instance name, you can turn off Retain Instance Name. After you disable this feature, the nodes are renamed based on the node naming rules.
    Instance Information The IDs and names of the instances to be added.
  8. Click Next Step. In the Confirm message, click Confirm.

Manually add ECS instances

Notice ECS instances that are manually added to an ACK cluster are not released when the ACK cluster is deleted.

In manual mode, you must obtain the installation command, log on to an ECS instance, and then run the command to add the ECS instance to an ACK cluster. You can add only one ECS instance at a time.

Note If your cluster does not have a node pool, create a node pool before you add existing nodes to the cluster. For more information, see Create a node pool.
  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Nodes > Node Pools.
  5. On the Node Pools page, find the node pool to which you want to add nodes and click Add Existing Node in the Actions column.
  6. On the Select Existing ECS Instance wizard page, select the manual mode to add ECS instances to the cluster.
    Set Mode to Manual and select the ECS instances that you want to add in the Select Existing ECS Instance section.
  7. Click Next Step and set the parameters on the Specify Instance Information wizard page.
    Parameter Description
    Cluster ID/Name Information about the cluster to which the instances are to be added. This parameter is automatically set.
    Data Disk Specify whether to store the container and image data on a data disk.
    • If the ECS instances have data disks mounted and the file system of the last data disk is not initialized, the system automatically formats the data disk to ext4. Then, the system uses the disk to store the data in /var/lib/docker and /var/lib/kubelet.
      Notice Data on a disk is lost after you format the disk. Before the system formats the data disk, we recommend that you back up the data on the data disk.
    • If no data disk is attached to the ECS instances, the system does not purchase a new data disk.
    Retain Instance Name By default, Retain Instance Name is turned on. If you do not want to retain the instance name, you can turn off Retain Instance Name. After you disable this feature, the nodes are renamed based on the node naming rules.
    Instance Information The IDs and names of the instances to be added.
  8. Click Next Step to go to the Complete wizard page. On the Complete wizard page, copy the command and click Done.
  9. Log on to the ECS console. In the left-side navigation pane, choose Instances & Images > Instances. Then, select the region where the cluster is deployed and select the ECS instances that you want to add.
  10. Click Connect in the Actions column. In the Connection and Command dialog box, select a connection method and go to the connection page.
    The following table describes the connection methods.
    Connection method Description
    VNC Connection For more information about how to connect to an ECS instance by using Virtual Network Computing (VNC), see Connect to a Linux instance by using password authentication or Connect to a Windows instance by using password authentication.
    Send Remote Commands (Cloud Assistant) This is the recommended method. This method allows you to run remote commands on an instance. You can perform operations such as viewing disk capacity, installing software, and starting or stopping services without logging on to the instance. This feature is implemented by using Cloud Assistant. For more information about how to install and activate the Cloud Assistant client, see Install the Cloud Assistant client.
  11. On the connection page, follow the instructions and paste the command that you copied in Step 8. Then, click Run to execute the script.
    After the script is executed, the ECS instance is added to the cluster.

Result

  1. In the left-side navigation pane of the cluster details page, choose Nodes > Node Pools.
  2. On the Node Pools page, find the node pool that you want to manage and click Details in the Actions column.
  3. On the node pool details page, click the Nodes tab.

    You can view the newly added nodes.