All Products
Search
Document Center

Configure Elastic Container Instance Profile

Last Updated: Nov 04, 2021

When you deploy an elastic container instance in Kubernetes based on Virtual Kubelet, pods may fail to be properly scheduled to or run on the elastic container instance. You can configure Elastic Container Instance Profile to resolve the issue. This topic describes what is Elastic Container Instance Profile and how to configure the feature.

Introduction to Elastic Container Instance Profile

When you deploy an elastic container instance in Kubernetes based on Virtual Kubelet, pods may fail to be properly scheduled to the elastic container instance. After pods are scheduled to the elastic container instance, you need to add pod annotations for Elastic Container Instance features such as image cache to take effect. Typically, cluster administrators fix the issue that pods fail to be scheduled, and add pod annotations to make Elastic Container Instance features take effect. R&D personnel can adjust the pod configuration files to prevent the scheduling failure or add the pod annotations.

Elastic Container Instance Profile allows cluster administrators to schedule pods and modify pod configuration files. Elastic Container Instance Profile provides the following features:

  • ECI Scheduler

    If elastic container instances are used together with regular nodes, you can configure pod labels, namespace labels, and Elastic Container Instance elastic scheduling to schedule pods to the elastic container instances. However, to perform these operations, you must modify existing resources. These modifications may expose your system to vulnerabilities.

    Elastic Container Instance Scheduler implements a new scheduling mechanism based on mutating webhooks. You can declare the namespace or pod labels to be matched in Elastic Container Instance Profile. Pods that have the declared labels are automatically scheduled to elastic container instances.

  • ECI Effect

    You must add annotations or labels to pods for some Elastic Container Instance features to take effect. Examples of the features include specifying Elastic Compute Service (ECS) instance types, enabling image caches, and configuring the Network Time Protocol (NTP) service. For more information, see Use pod annotations to implement features of Elastic Container Instance.

    Elastic Container Instance Effect can automatically add annotations and labels. In Elastic Container Instance Profile, you can declare the namespace or pod labels to be matched and specify the annotations and labels to be added. If a pod has the declared labels, the specified annotations and labels are automatically added to the pod.

  • Configure hot update

    In Elastic Container Instance Profile, you can configure the Cluster IP, hybrid cloud mode, PrivateZone, resource group, security group, virtual private cloud (VPC), and vSwitch. You can also modify the parameter settings in Elastic Container Instance Profile based on your business requirements. The new parameter settings take effect without the need to restart Virtual Kubelet.

Preparations

Before you use Elastic Container Instance Profile, make sure that your Virtual Kubelet is of the latest version, and that mutating webhooks are enabled if you want to use Elastic Container Instance Scheduler.

Make preparations based on the types of your Kubernetes clusters.

  • Serverless Kubernetes (ASK) clusters

    Virtual Kubelet is automatically updated to the latest version.

    Note

    Pods on ASK clusters are automatically scheduled to elastic container instances. You do not need to use Elastic Container Instance Scheduler to schedule pods to elastic container instances.

  • Container Service for Kubernetes (ACK) clusters

    • For managed ACK clusters, Virtual Kubelet is automatically updated to the latest version. Mutating webhooks are automatically enabled.

    • For non-managed ACK clusters, you must modify the configuration file of Virtual Kubelet to update Virtual Kubelet to the latest version, and then enable mutating webhooks.

  • Other clusters

    You must modify the configuration file of Virtual Kubelet to update Virtual Kubelet to the latest version, and then enable mutating webhooks.

For information about how to update Virtual Kubelet, see Update Virtual Kubelet.

Parameter description

Elastic Container Instance Profile reads the eci-profile configuration file from the kube-system namespace and matches pods based on the selectors specified in the configuration file. If a pod has the labels contained in the selectors, the pod is automatically scheduled to the elastic container instance, or annotations and labels are automatically added to the pod for Elastic Container Instance features to take effect.

You can use one of the following methods to edit the eci-profile configuration file:

  • Run the kubectl edit command.

    kubectl edit configmap eci-profile -n kube-system
  • Use the ACK console.

    1. On the Clusters page of the Container Service - Kubernetes console, find the cluster that you want to configure and click the cluster name to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > ConfigMaps.

    3. Select the kube-system namespace.

    4. Find and edit the eci-profile configuration file.

Example of the eci-profile configuration file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"default-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-2",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-3",
            "namespaceSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-4",
            "namespaceSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-5",
            "namespaceSelector":{  
                "matchLabels":{
                    "virtual-node-affinity-injection":"enabled"
                }
            },
            "effect":{ 
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
          }
        }
    ]

In the preceding example, data contains parameters such as vpcId, vswitchIds, and selectors.

Selectors contain the configurations of Elastic Container Instance Scheduler and Elastic Container Instance Effect. In each selector, you must declare the name of the selector and can declare the following fields based on your business requirements:

  • namespaceSelector: the namespace labels to match.

  • objectSelector: the pod labels to match.

  • effect: the annotations and labels to be dynamically added.

After you configure selectors, you can run the following command to check whether the selectors take effect. If the returned YAML file contains the configured selectors, the selectors are configured. If the returned YAML file does not contain the configured selectors, check whether the format of the selectors is correct.

kubectl get mutatingwebhookconfigurations -o yaml vk-webhook

vpcId specifies the ID of the VPC. vswitchIds specifies the IDs of vSwitches. You can modify the parameters based on your business requirements. The following table describes the parameters that you can modify.

Parameter

Example

Description

enableClusterIp

"true"

Specifies whether to support Cluster IP.

enableHybridMode

"false"

Specifies whether to enable the hybrid cloud mode.

enablePrivateZone

"false"

Specifies whether to use PrivateZone for domain name resolution.

resourceGroupId

rg-aek2z3elfs4qghy

Specifies the ID of the resource group.

securityGroupId

sg-2ze0b9o8pjjzts4h****

Specifies the ID of the security group.

vSwitchIds

vsw-2zeet2ksvw7f14ryz****

Specifies the IDs of the vSwitches. Separate multiple IDs with commas (,).

vpcId

vpc-2zeghwzptn5zii0w7****

Specifies the ID of the VPC.

Example on how to configure Elastic Container Instance Scheduler

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays. The pods that have matching labels are automatically scheduled to elastic container instances.

The following sample code shows how to configure Elastic Container Instance Scheduler:

Notice

Remove annotations when you configure your Elastic Container Instance Scheduler.

  selectors: |
   [
      {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
              }
          }
      }
   ]
Notice

In a selector, you must configure namespaceSelector, objectSelector, or both. If you configure both namespaceSelector and objectSelector, only pods that have all the labels specified in both namespaceSelector and objectSelector can be automatically scheduled to the elastic container instance.

In the preceding example, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to the elastic container instance.

Example on how to configure Elastic Container Instance Effect

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays and specify the annotations and labels to be dynamically added. If a pod has the declared labels, the specified annotations and labels are automatically added to the pod.

The following sample code shows how to configure Elastic Container Instance Effect:

Notice

Remove annotations when you configure your Elastic Container Instance Effect.

  selectors: |
   [
    {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels have logical AND relations.
                "type":"offline-task"
            }
        },
        "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
        }
    }
   ]
Notice

  • In a selector, you can configure namespaceSelector and objectSelector based on your business requirements. If none of namespaceSelector and objectSelector is configured, the effect settings take effect on all the pods that are scheduled to the elastic container instance.

  • If you configure multiple selectors, the selectors are matched in sequence. After pods are matched, the annotations and labels specified in the effect settings are automatically added to the pods. These annotations and labels do not overwrite existing annotations and labels of the pods. If duplicate annotations or labels exist, the annotations or labels that have higher priorities are used. The existing annotations and labels of the pods have a higher priority than the annotations and labels specified in the effect settings of matched selectors. The priorities of annotations or labels in the effect settings of the selectors descend in the order in which the selectors are matched.

In the preceding example, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to the elastic container instance. At the same time, the image cache feature is enabled, and the created-by-eci=true label is added to the pod.

Example on how to configure hot update

In data of the eci-profile configuration file, you can modify vSwitchIds to update the vSwitches that can be used to create elastic container instances. The vSwtichIds parameter can be specified to implement the multi-zone feature. The following sample code shows how to configure hot update:

data:
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  resourceGroupId: ""
  securityGroupId: sg-2ze0b9o8pjjzts4h****
  selectors: ""
  vSwitchIds: vsw-2zeet2ksvw7f14ryz****,vsw-2ze94pjtfuj9vaymf****  #Configure multiple vSwitches to implement the multi-zone feature.
  vpcId: vpc-2zeghwzptn5zii0w7****