Use ASM to manage applications in ECI-based pods running on virtual nodes of ACK clusters - Container Service for Kubernetes

Container Service for Kubernetes (ACK) provides various serverless containers based on virtual nodes and Elastic Container Instance (ECI). For example, virtual nodes can be deployed in ACK clusters to enable seamless integration between Kubernetes and ECI. You can create ECI-based pods as needed to avoid the planning of cluster capacity. This topic describes how to use Service Mesh (ASM) to manage applications in ECI-based pods that run on the virtual nodes of ACK clusters.

Prerequisites

An ASM instance whose version is 1.7.5.41 or later is created. For more information, see Create an ASM instance.
The ack-virtual-node component is deployed and properly runs in your ACK cluster. For more information, see Step 1: Deploy ack-virtual-node in ACK clusters.
The ACK cluster is added to your ASM instance.
The kubeconfig file of the cluster is obtained and used to connect to the cluster through kubectl.

Step 1: Enable automatic sidecar proxy injection for a namespace

After you enable automatic sidecar injection for a namespace in the ASM console, an Envoy proxy is automatically injected as a sidecar into each pod that is created in the namespace. These Envoy proxies comprise the data plane of the ASM instance.

In this example, automatic sidecar proxy injection is enabled for the default namespace and the vk namespace. For more information, see Manage global namespaces.

Step 2: Create ECI-based pods for an application

Note

After an application is deployed in a pod that runs on an elastic container instance, ASM can manage the application on the data plane by using sidecars.

Method 1: Use a pod label to create ECI-based pods

Add the alibabacloud.com/eci=true label to the application pod that you want to create. This way, the pod is scheduled to an elastic container instance that serves as a virtual node.

Run the following command to check whether the istio-injection=enabled label is added to the default namespace:

kubectl get ns default --show-labels

Expected output:

NAME      STATUS   AGE   LABELS
default   Active   16d   istio-injection=enabled,kubernetes.io/metadata.name=default,provider=asm

Run the following command to deploy the NGINX application:

kubectl run nginx -n default --image nginx -l alibabacloud.com/eci=true

Expected output:

pod/nginx created

Run the following command to view the information about the pod that runs on the virtual node:

kubectl get pod -n default -o wide|grep virtual-kubelet

Expected output:

nginx                             2/2     Running            0              8m49s    192.168.XXX.XXX   virtual-kubelet-cn-beijing-i   <none>           <none>

Method 2: Use a namespace label to create ECI-based pods

Add the alibabacloud.com/eci=true label to the namespace to which the application pod that you want to create belongs. This way, the pod is scheduled to an elastic container instance that servers as a virtual node.

Run the following command to check whether the istio-injection=enabled label is added to the vk namespace:

kubectl get ns vk --show-labels

Expected output:

NAME   STATUS   AGE   LABELS
vk     Active   96m   istio-injection=enabled,kubernetes.io/metadata.name=vk,provider=asm

Run the following command to add a label to the vk namespace:
```
kubectl label namespace vk alibabacloud.com/eci=true
```
Expected output:
```
namespace/vk labeled
```
Run the following command to deploy the NGINX application:
```
kubectl -n vk run nginx --image nginx
```
Expected output:
```
pod/nginx created
```

Run the following command to view the information about the pod that runs on the virtual node:

kubectl -n vk get pod -o wide|grep virtual-kubelet

Expected output:

nginx   2/2     Running   0          38s   192.168.XXX.XXX   virtual-kubelet-cn-beijing-i   <none>           <none>