All Products
Search
Document Center

Create job-optimized elastic container instances

Last Updated: Dec 29, 2021

You can run short-term jobs on elastic container instances to improve resource utilization and reduce computing costs. Job-optimized elastic container instances provide multiple benefits. For example, a job-optimized elastic container instance can be started in seconds. This topic describes how to create and use a job-optimized elastic container instance.

Overview of job-optimized elastic container instances

Job-optimized elastic container instances are suitable for job-related scenarios. These instances have better performance than regular elastic container instances in terms of startup speed and concurrency. Job-optimized elastic container instances allow you to access external services only from inside the instances. For example, you can access the Internet and Apsara File Storage NAS (NAS) and Object Storage Service (OSS) in your virtual private cloud (VPC). The following table describes the network types that are supported by job-optimized elastic container instances.

Network type

Description

N/A

Instances cannot access the Internet or VPCs, but images can be pulled from image repositories in VPCs in the region where the instances reside. For example, if your instance is deployed in the China (Beijing) region, you can pull the registry-vpc.cn-beijing.aliyuncs.com/eci_open/busybox:1.30 image.

Internet

Instances can access the Internet and pull images over the Internet. You do not need to configure the NAT gateway.

VPC

Instances can access the services in VPCs. To allow the elastic container instance to access your VPC, you must configure a vSwitch and security group.

Internet and VPC

Instances can access the Internet and services in VPCs.

  • When you allow the elastic container instances to access the Internet, you do not need to configure a NAT gateway.

  • To allow the elastic container instance to access your VPC, you must configure a vSwitch and security group.

Limits

  • Region: Job-optimized elastic container instances are available only in the China (Shanghai) region.

  • Billing method: Only the pay-as-you-go billing method is supported. Preemptible instances are not supported.

  • Network: Instances can access external resources. However, instances cannot provide services to external resources.

  • Network bandwidth: The upper limit is 1 Gbit/s.

  • Instance type: A maximum of 16 vCPUs are supported. The following table describes the supported instance types.

    vCPU

    Memory (GiB)

    0.25

    0.5 and 1

    0.5

    1 and 2

    1

    2, 4, and 8

    2

    1, 2, 4, 8, and 16

    4

    2, 4, 8, 16, and 32

    8

    4, 8, 16, 32, and 64

    12

    12, 24, 48, and 96

    16

    16, 32, 64, and 128

  • Other limits:

    • The image cache feature is not supported.

    • You cannot associate an elastic IP address (EIP) with a pod.

    • You cannot assign RAM roles to job-optimized elastic container instances.

    • Elastic container instance metadata is not supported.

    • Persistent storage is not supported. If the network type is N/A or Internet, NAS persistent storage and OSS persistent storage are not supported.

Use Kubernetes to create a job-optimized elastic container instance

Notice

If you want to use job-optimized elastic container instances, the version of Virtual Kubelet in the Kubernetes cluster must be later than 2.1.0. If the version of Virtual Kubelet in the Kubernetes cluster is 2.1.0 or earlier, update Virtual Kubelet. For more information, see Update Virtual Kubelet.

You can add annotations to the pod metadata to declare the network type. The annotations specify the pod that you want to create is a job-optimized elastic container instance. The configuration item is k8s.aliyun.com/eci-network-config. Valid values:

  • none

  • nat_internet

  • nat_vpc

  • nat_internet_vpc

Sample configurations:

apiVersion: v1
kind: Pod
metadata:
  name: test-nat-vpc
  namespace: default
  labels:
    eci: "true"
  annotations:
    k8s.aliyun.com/eci-network-config: "nat_vpc"
spec:
 nodeName: virtual-kubelet-cn-shanghai-f
 containers:
 - image: registry-vpc.cn-shanghai.aliyuncs.com/eci_open/perl:5.32
   imagePullPolicy: IfNotPresent
   name: pi
   command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
 restartPolicy: OnFailure

You can use the ECI Effect feature of Elastic Container Instance Profile to automatically add annotations to pods that can be matched by tags.

Sample configurations:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "false"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"custom-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_internet"
            }
        },
        {
            "name":"custom-selector-2",
            "namespaceSelector":{  
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_vpc"
            }
          }
        }
    ]

The preceding example declares two selectors that can implement the following features:

  • If the command space in which the pod is located contains the eci=true tag, the pod uses job-optimized elastic container instances and the network type is the Internet.

  • If the pod has the eci=true tag, the pod uses job-optimized elastic container instances and the network type is VPC.

For more information, see Configure Elastic Container Instance Profile.

Call an API operation to create a job-optimized elastic container instance

When you call the CreateContainerGroup API operation to create an elastic container instance, you can use tag-related parameters to specify tags. The following table describes the parameters. For more information, see CreateContainerGroup.

Parameter

Type

Example

Description

Tag.N.Key

String

eci_networkConfig

The key of tag N. If you set Tag.N.Key to eci_networkConfig, the instance is a job-optimized elastic container instance.

Tag.N.Value

String

nat_vpc

The value of tag N. If you set Tag.N.Key to eci_networkConfig, the Tag.N.Value parameter specifies the network type of the job-optimized elastic container instance. Valid values:

  • none

  • nat_internet

  • nat_vpc

  • nat_internet_vpc

VSwitchId

String

vsw-bp1xpiowfm5vo8o3c****

The ID of the vSwitch. If you set Tag.N.Value to nat_vpc or nat_internet_vpc, you must configure the ID of the vSwitch.

SecurityGroupId

String

sg-uf66jeqopgqa9hdn****

The ID of the security group. If you set Tag.N.Value to nat_vpc or nat_internet_vpc, you must configure the ID of the security group.

Sample configurations:

  • The following code is an example when Tag.N.Value is set to none.

    Tag.1.Key = eci_networkConfig,
    Tag.1.Value = none 
  • The following code is an example when Tag.N.Value is set to nat_internet.

    Tag.1.Key = eci_networkConfig,
    Tag.1.Value = nat_internet 
  • The following code is an example when Tag.N.Value is set to nat_vpc.

    Tag.1.Key = eci_networkConfig,
    Tag.1.Value = nat_vpc
    VSwitchId = vsw-bp1xpiowfm5vo8o3c****
    SecurityGroupId = sg-uf66jeqopgqa9hdn****
  • The following code is an example when Tag.N.Value is set to nat_internet_vpc.

    Tag.1.Key = eci_networkConfig,
    Tag.1.Value = nat_internet_vpc
    VSwitchId = vsw-bp1xpiowfm5vo8o3c****
    SecurityGroupId = sg-uf66jeqopgqa9hdn****

Use the Elastic Container Instance console to create a job-optimized elastic container instance

If you set the Payment Mode parameter to Pay by Volume when you create a job-optimized elastic container instance on the elastic container instance buy page, you can set the instance type to Job Instance and then configure the network type.

Job Instance

Description on the network types:

  • If you select N/A or Internet for Network Type, you do not need to configure the VPC, vSwitch, and security group.

  • If you select VPC or Internet and VPC for Network Type, to allow the elastic container instance to access your VPC, you must configure the VPC, vSwitch, and security group.