ACS pod overview - Container Compute Service - Alibaba Cloud Documentation Center

In modern cloud computing and containerization environments, a pod is the smallest deployable unit in Kubernetes and usually consists of one or more containers. The compute class and computing power of a pod affect application performance and resource utilization. Container Compute Service (ACS) provides a variety of compute classes and computing quality of service (QoS) classes to meet diverse business requirements. This topic describes the prerequisites, limits, and key features of ACS pods. The key features of ACS pods include security isolation, configurations for CPU, memory, and GPU resources, image pulling, storage, networking, and log collection.

Compute classes

ACS provides cost-effective CPU and GPU compute classes. The compute classes may differ in resource supply and are suitable for different business scenarios.

Compute class	Label	Benefit
General-purpose (default)	general-purpose	This compute class is suitable for most stateful microservices applications, Java web applications, and computing tasks.
Performance-enhanced	performance	This compute class is suitable for scenarios that require higher performance, such as CPU-based AI and machine learning model training and inference and high-performance computing (HPC) batch processing.
GPU-accelerated	gpu	This compute class is suitable for heterogeneous computing scenarios such as AI and HPC scenarios. For example, you can use GPU-accelerated pods to perform inference on a one-pod-one-GPU basis or on a one-pod-multi-GPU basis. You can also use GPU-accelerated pods to run GPU parallel computing tasks.
GPU-HPN	gpu-hpn	This compute class is suitable for AI, HPC, and other heterogeneous computing scenarios, such as GPU-accelerated distributed training, distributed inference, and GPU-accelerated high-performance computing.

To specify the compute class of a pod, add the alibabacloud.com/compute-class label to the pod. The following code block shows the sample code of an NGINX application that runs pods of the general-purpose, gpu, and gpu-hpn compute classes.

General-purposes

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
        alibabacloud.com/compute-class: general-purpose 
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest

GPU-accelerated

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
        # Set the compute class to gpu.
        alibabacloud.com/compute-class: "gpu"
        # example-model indicates the GPU model. Replace it with the actual GPU model, such as T4.
        alibabacloud.com/gpu-model-series: "example-model"
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        resources:
          limits:
            cpu: 4
            memory: "8Gi"
            nvidia.com/gpu: "1" # Specify the number of GPUs. Set the resource label and quantity based on the actual business requirement. 
          requests:
            cpu: 4
            memory: "8Gi"
            nvidia.com/gpu: "1" # Specify the number of GPUs. Set the resource label and quantity based on the actual business requirement.

Note

For more information about the GPU models supported by ACS and their specifications, see Computing-accelerated.

GPU-HPN

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
        # Set the compute class to gpu-hpn.
        alibabacloud.com/compute-class: "gpu-hpn"
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        resources:
          limits:
            cpu: 4
            memory: "8Gi"
            nvidia.com/gpu: "1" # Specify the number of GPUs. Set the resource label and quantity based on the actual business requirement.
          requests:
            cpu: 4
            memory: "8Gi"
            nvidia.com/gpu: "1" # Specify the number of GPUs. Set the resource label and quantity based on the actual business requirement.

Note

To use HPN GPUs in ACS, you need to first create GPU-HPN capacity reservations.

QoS classes

ACS supports two QoS classes. The resource supply for a pod also varies based on the QoS class of the pod.

QoS class	Label	Benefit	Scenario
Default	default	Computing power allocation may be unstable. ACS does not forcefully evict pods assigned the default computing power QoS class. If issues occur in a pod, ACS performs a hot migration to migrate the workloads in the pod to a new one or notifies you to manually trigger an eviction.	Microservices applications Web applications Computing tasks
BestEffort	best-effort	Computing power allocation may be unstable. ACS forcefully preempts and evicts pods in specific cases. ACS sends an event notification 5 minutes before it preempts or evicts a pod.	Big data computing Audio and video transcoding Batching processing

To assign a computing power QoS class to a pod, add the alibabacloud.com/compute-qos label to the pod. The following code block shows the sample code of an NGINX application that runs in pods assigned the default computing power QoS class.

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
        alibabacloud.com/compute-qos: default
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest

Note

The computing power QoS classes defined by ACS are different from the pod QoS classes defined by Kubernetes. The default computing power QoS class in ACS corresponds to the Guaranteed pod QoS class in Kubernetes.
BestEffort instances use a dynamic stock. We recommend that you prioritize BestEffort instances in the stock in a production environment and automatically switch to the default QoS class when BestEffort instances are out of stock. For more information, see Custom resource scheduling policies.

Mappings between compute classes and computing power QoS classes

Compute class (label)	Supported QoS class (label)
General-purpose (general-purpose)	Default (default) and BestEffort (best-effort)
Performance-enhanced (performance)	Default (default) and BestEffort (best-effort)
GPU-accelerated (gpu)	Default (default) and BestEffort (best-effort)
GPU-HPN	Default (default)

Key features

Feature	Description
Security isolation	ACS pods provide a secure and reliable runtime environment for containers by running sandboxes at the underlying layer to isolate pods from each other. In addition, ACS preferentially schedules different pods to different physical machines to ensure the high availability of the pods.
CPU, memory, GPU, and ephemeral storage configurations	You can use Kubernetes standard definitions to configure CPU, memory, GPU, and ephemeral storage requests in the `resources.requests` parameter for each container. The resource request of a pod equals the sum of the resource requests of all containers that run in the pod. ACS automatically adjusts the resource request of a pod. You can use Kubernetes standard definitions to configure CPU, memory, GPU, and ephemeral storage limits in the `resources.limits` parameter for each container. The default resource limit of a container in a pod equals the sum of the adjusted resource requests of all containers that run in the pod.
Images	By default, each time an ACS pod is restarted, it pulls an image from a remote container registry through the virtual private cloud (VPC) where the pod is deployed. If the registry is publicly accessible, you must configure a NAT gateway for the VPC. We recommend that use Container Registry (ACR) to host container images. This can accelerate image pulling through VPCs. In addition, ACS allows you to pull private images from Container Registry without using Secrets.
Storage	ACS supports disk volumes, NAS volumes, and Cloud Parallel File Storage (CPFS) volumes for data persistence. Cloud disk Supports Enterprise SSDs (ESSDs), ESSD AutoPL disks, standard SSDs, and ultra disks. You can select the preceding disk types based on your business requirements. For more information, see Disk volume overview. ACS allows you to dynamically provision disks as persistent volumes (PVs). For more information, see Mount a dynamically provisioned disk volume. NAS You can use statically provisioned NAS volumes to mount Capacity and Extreme NAS file systems as volumes. If you use dynamically provisioned NAS volumes, Capacity NAS file systems are mounted by default. For more information, see Details. ACS allows you to statically and dynamically provision disks as PVs. For more information, see NAS volume overview OSS ACS allows you to statically provision disks as PVs. For more information, see Mount a statically provisioned OSS volume. CPFS ACS allows you to statically provision disks as PVs. For more information, see Mount a statically provisioned CPFS for LINGJUN volume
Networks	By default, each ACS pod is assigned a separate IP address and a separate elastic network interface (ENI) from a vSwitch. ACS pods use the following methods to communicate with each other: Pods use IP addresses to communicate with each other. A pod can use a LoadBalancer Service to access the backend pods of the Service. For more information, see Use an existing SLB instance to expose an application. A pod can use the cluster IP address of a ClusterIP Service to access the backend pods of the Service. For more information, see Create ClusterIP Services. After you associate an elastic IP address (EIP) with a pod, other pods can use the EIP to access the pod. For more information, see Associate an exclusive EIP with a pod.
Log collection	You can specify pod environment variables to collect `stdout` or log files from pods to Simple Log Service.

Resource specifications

General-purpose

vCPU	Memory (GiB)	Memory step size (GiB)	Bandwidth (bidirectional), Gbit/s	Storage
0.25	0.5, 1, and 2	N/A	0.08	30 30 GiB or less is free of charge. If the capacity exceeds 30 GiB, you must pay for the overage. The maximum capacity is 512 GiB. You can expand the storage space by mounting NAS volumes.
0.5	1~4	1	0.08
1	1~8		0.1
1.5	2~12		1
2	2~16		1
2.5	3~20		1.5
3	3~24
3.5	4~28
4	4~32
4.5	5~36
5	5~40
5.5	6~44
6	6~48
6.5	7~52		2.5
7	7~56
7.5	8~60
8	8~64
8.5	9~68
9	9~72
9.5	10~76
10	10~80
10.5	11~84
11	11~88
11.5	12~92
12	12~96
12.5	13~100		3
13	13~104
13.5	14~108
14	14~112
14.5	15~116
15	15~120
15.5	16~124
16	16~128
24	24, 48, 96, and 192	N/A	4.5
32	32, 64, 128, and 256	N/A	6
48	48, 96, 192, and 384	N/A	12.5
64	64, 128, 256, and 512	N/A	20

Performance-enhanced

vCPU	Memory (GiB)	Memory step size (GiB)	Bandwidth (bidirectional), Gbit/s	Storage
0.25	0.5, 1, and 2	N/A	0.1	30 30 GiB or less is free of charge. If the capacity exceeds 30 GiB, you must pay for the overage. The maximum capacity is 512 GiB. You can expand the storage space by mounting NAS volumes.
0.5	1~4	1	0.5
1	1~8
1.5	2~12
2	2~16		1.5
2.5	3~20
3	3~24
3.5	4~28
4	4~32		2
4.5	5~36
5	5~40
5.5	6~44
6	6~48		2.5
6.5	7~52
7	7~56
7.5	8~60
8	8~64		3
8.5	9~68
9	9~72
9.5	10~76
10	10~80		3.5
10.5	11~84
11	11~88
11.5	12~92
12	12~96		4
12.5	13~100
13	13~104
13.5	14~108
14	14~112		4.5
14.5	15~116
15	15~120
15.5	16~124
16	16~128		6
24	24, 48, 96, and 192	N/A	8
32	32, 64, 128, and 256	N/A	10
48	48, 96, 192, and 384	N/A	16
64	64, 128, 256, and 512	N/A	25

Important

To create ACS pods that use more than 16 vCPUs or more than 128 GiB of memory, submit a ticket.

If you do not specify .resources.requests or .resources.limits for containers, 2 vCPUs and 4 GiB of memory are allocated to each pod by default.

ACS automatically rounds the pod specification to the nearest .resources.requests or .resources.limits value listed in the preceding table based on the step size and exposes the value with the alibabacloud.com/pod-use-spec annotation. If the pod specification is rounded up to the nearest value listed in the preceding table, ACS also adjusts .resources.requests or .resources.limits to ensure that all paid resources are in use.

How ACS adjusts pod specifications

For example, the steps of the .resources.requests and .resources.limits values are 2 vCPUs and 3.5 GiB of memory. When ACS launches a pod, it automatically sets the pod specification to 2 vCPUs and 4 GiB of memory. The additional resources are allocated to the first container and the alibabacloud.com/pod-use-spec=2-4Gi annotation is added to the pod. Resource requests before adjustment:

apiVersion: apps/v1 
kind: Pod
metadata:
  labels:
    app: nginx
    alibabacloud.com/compute-class: general-purpose
    alibabacloud.com/compute-qos: default
spec:
  containers:
  - name: nginx
    resources:
      requests:
        cpu: 2 # Request 2 vCPUs.
        memory: "3.5Gi" #Request 3.5 GiB of memory.
        ephemeral-storage: "30Gi" # Request 30 GiB of storage space.

Resource requests after adjustment:

apiVersion: apps/v1 
kind: Pod
metadata:
  annotations;
    alibabacloud.com/pod-use-spec: "2-4Gi"
  labels:
    app: nginx
    alibabacloud.com/compute-class: general-purpose
    alibabacloud.com/compute-qos: default
spec:
  containers:
  - name: nginx
    resources:
      requests:
        cpu: 2 # Request 2 vCPUs.
        memory: "4Gi" # Request 4 GiB of memory.
        ephemeral-storage: "30Gi" # Request 30 GiB of storage space.

Computing-accelerated

ACS supports the following GPU models. The specifications of different GPU models may vary. For more information, submit a ticket.

8th-gen GPU A

Instance family	GPU	vCPU	Memory (GiB)	Memory step size (GiB)	Storage (GiB)
Standalone instance family	1 (96 GB of GPU memory)	2	2 ~ 16	1	30 ~ 256
		4	4 ~ 32	1
		6	6 ~ 48	1
		8	8 ~ 64	1
		10	10 ~ 80	1
		12	12 ~ 96	1
		14	14 ~ 112	1
		16	16 ~ 128	1
		22	22, 32, 64, 128	N/A
	2 (192 GB of GPU memory)	16	16 ~ 128	1	30 ~ 512
		32	32, 64, 128, 230	N/A
		46	64, 128, 230, 512	N/A
	4 (384 GB of GPU memory)	32	32, 64, 128, 256	N/A	30 ~ 1024
		64	64, 128, 256, 460	N/A
		92	128, 256, 460, 1024	N/A
	8 (768 GB of GPU memory)	64	64, 128, 256, 512	N/A	30 ~ 2048
		128	128, 256, 512, 920	N/A
		184	256, 512, 920	N/A

8th-gen GPU B

Instance family	GPU	vCPU	Memory (GiB)	Memory step size (GiB)	Storage (GiB)
Standalone instance family	1 (48 GB of GPU memory)	2	2 ~ 16	1	30 ~ 256
		4	4 ~ 32	1
		6	6 ~ 48	1
		8	8 ~ 64	1
		10	10 ~ 80	1
		12	12 ~ 96	1
		14	14 ~ 112	1
		16	16 ~ 128	1
	2 (96 GB of GPU memory)	16	16 ~ 128	1	30 ~ 512
	2 (96 GB of GPU memory)	32	32, 64, 128, 230	N/A	30 ~ 512
	4 (192 GB of GPU memory)	32	32, 64, 128, 256	N/A	30 ~ 1024
	4 (192 GB of GPU memory)	64	64, 128, 256, 460	N/A	30 ~ 1024
	8 (384 GB of GPU memory)	64	64, 128, 256, 512	N/A	30 ~ 2048
	8 (384 GB of GPU memory)	128	128, 256, 512, and 920	N/A	30 ~ 2048

T4

Instance family	GPU	vCPU	Memory (GiB)	Memory step size (GiB)	Storage (GiB)
Standalone instance family	1 (16 GB of GPU memory)	2	2~8	1	30 ~ 1536
		4	4~16	1
		6	6~24	1
		8	8~32	1
		10	10~40	1
		12	12~48	1
		14	14~56	1
		16	16~64	1
		24	24~64	1	30 ~ 1536
	2 (32 GB of GPU memory)	16	16~64	1
		24	24, 48, 96	N/A
		32	32, 64, 128	N/A
		48	48, 96, 180	N/A

Important

The preceding GPU models share the same specifications in pay-as-you-go, capacity reservation, and BestEffort scenarios. The figure provides the following information:

For specifications with 16 GB of memory or less, the memory overheads are allocated to ACS. For specifications with more than 16 GB of memory, the memory overheads are allocated to the corresponding pods. Make sure that sufficient resources are reserved for the application to ensure its stability.
For system disks of 30 GB or less (including the image size), no additional fee is charged. For system disks larger than 30 GB, the overage is billed.

Automatic specification adjustment

The default resource request of a GPU-accelerated pod is 2 vCPUs, 2 GiB of memory, and 1 GPU.

If the request is not included in the preceding table, ACS automatically adjusts the resource request of a container. The adjustment does not change the value of the .resources.requests parameter. However, the .alibabacloud.com/pod-use-spec annotation is added to the pod configurations to indicate the adjustment. If the resource limit (.resources.limits) of a container in a pod is greater than the resource request of the pod, ACS resets the resource limit of the container to the value of the resource request of the pod.

Note

If a pod requests 2 vCPUs and 3.5 GiB of memory, ACS adjusts the resource request to 2 vCPUs and 4 GiB of memory. The additional resources are allocated to the first container in the pod. The .alibabacloud.com/pod-use-spec=2-4Gi annotation is added to the pod. In this case, if the resource limit of a container in the pod is 3 vCPUs and 5 GiB of memory, ACS resets the resource limit to 2 vCPUs and 5GiB of memory.
If the GPU resource request of a pod is not included in the preceding table, the pod creation request cannot be submitted.

Limits on Kubernetes

ACS is seamlessly integrated with Kubernetes based on virtual nodes. ACS pods are not collectively deployed on a physical machine, but are spread across Alibaba Cloud resource pools. Due to the purpose of public cloud security and the limits of virtual nodes, ACS does not support Kubernetes features such as hostPath volumes and DaemonSets. The following table describes the details.

Limit	Description	Solution to validation failures	Recommended alternative
DaemonSet	DaemonSets are not supported.	Pods can run but cannot work as expected.	Deploy sidecar containers in the pod.
NodePort Services	NodePort Services are not supported. NodePort Services can expose containers by using the ports on the host.	You cannot submit requests for creating NodePort Services.	Create `type=LoadBalancer` Services.
HostNetwork	The hostNetwork mode is not supported. The hostNetwork mode can expose containers by using the ports on the host.	Specify `HostNetwork=false` to disable the hostNetwork mode.	None
HostIPC	The hostIPC mode is not supported. The hostIPC mode can enable processes in containers to communicate with the processes on the host.	Specify `HostIPC=false` to disable the hostIPC mode.	None
HostPID	The hostPID mode is not supported. The hostIPC mode can enable processes in containers to access the process ID (PID) namespace on the host.	Specify `HostPID=false` to disable the hostPID mode.	None
HostUsers	User namespaces are not supported.	Leave the hostUsers parameter empty.	None
DNSPolicy	Only specific DNS policies are supported. Note None Default ClusterFirst	If you specify the ClusterFirstWithHostNet policy, ACS automatically replaces the policy with the ClusterFirst policy. You cannot submit requests for configuring other DNS policies.	Specify the supported DNS policies.

Port usage

The following table describes the ports used by ACS. Do not use the following ports for your applications.

Port	Description
111, 10250, and 10255	ACS clusters use the ports to perform the following operations: exec, logs, and metrics.