All Products
Search
Document Center

Elastic Container Instance:Connect ACK to Elastic Container Instance

Last Updated:Mar 29, 2024

Elastic Container Instance provides a basic pod runtime environment to Kubernetes clusters. Other capabilities such as dependencies between services, load balancing, auto scaling, and regular scheduling must still be provided by Kubernetes. This topic describes how to connect Container Service for Kubernetes (ACK) clusters to Elastic Container Instance and run pods on elastic container instances.

Connection methods

Elastic Container Instance provides a hierarchical solution to manage Kubernetes resources. Elastic Container Instance schedules and manages pods at the infrastructure layer, whereas Kubernetes manages workloads such as Deployments, Services, StatefulSets, and CronJobs on the platform layer.

Elastic Container Instance is connected to Kubernetes by using virtual nodes based on Virtual Kubelet provided by the Kubernetes community. This way, Kubernetes clusters are empowered with high elasticity and are no longer limited by the computing capacity of cluster nodes. After you connect Kubernetes clusters to Elastic Container Instance, Elastic Container Instance takes over the management of pods, including the infrastructure and resource availability. Kubernetes no longer needs to manage the lifecycle and resources of the underlying virtual machines (VMs).

Elastic Container Instance is seamlessly integrated into ACK. You can use ACK Serverless clusters or ACK clusters to experience the capabilities of Elastic Container Instance in terms of running containers.

ACK Serverless clusters (pods only run on elastic container instances)

In this connection method, all Kubernetes pods run on elastic container instances. Elastic Container Instance manages the underlying infrastructure. Kubernetes only manages workloads to ensure the reliability of the business, without the need to focus on the O&M and capacity of the underlying VMs.

If you are selecting a type of Kubernetes clusters, we recommend that you select ACK Serverless clusters. ACK Serverless clusters are optimized to run pods only on elastic container instances. ACK Serverless clusters are fully managed and cost-effective Kubernetes clusters. ACK Serverless clusters are suitable for online and offline business, simulation environments, and development and test environments.

  • Cost-effectiveness

    ACK Serverless clusters allow you to deploy containerized applications without the need to purchase and manage nodes and plan node capacity. You are charged only for the amount of CPU and memory resources that you allocate to your applications.

  • Zero O&M

    You can use API operations or command lines of Kubernetes to manage containerized applications. ACK Serverless clusters are integrated with other Alibaba Cloud services to help you simplify the development on Kubernetes and focus on your applications instead of the management of underlying resources.

In ACK Serverless clusters, you can create Elastic Container Instance-based pods without manually deploying virtual nodes. Pods in ACK Serverless clusters run in a secure and isolated container runtime environment based on Elastic Container Instance. Each pod is an elastic container instance. For more information, see What is ACK Serverless?

ASK

ACK clusters (Pods run on elastic container instances and Elastic Compute Service (ECS) instances)

ACK is one of the first services to participate in the Certified Kubernetes Conformance Program in the world. ACK is integrated with the virtualization, storage, networking, and security capabilities provided by Alibaba Cloud, simplifies the creation and expansion of clusters, and allows you to focus on the development and management of containerized applications.

If you have created an ACK cluster, you can deploy virtual nodes in the cluster to use elastic container instances. After you deploy virtual nodes, you can create elastic container instances on demand in the virtual nodes to extend your ACK clusters, without the need to plan the computing capacities of the virtual nodes. The elastic container instances can communicate with the pods on real nodes of the clusters. You can schedule the excess traffic of long-lived workloads to run on elastic container instances. This accelerates the progress of scaling, and reduces idle resources and scaling costs. When business traffic decreases, you can release Elastic Container Instance-based pods to reduce costs.

In ACK clusters, you must use the Virtual Kubelet component to manually deploy virtual nodes before you create Elastic Container Instance-based pods. Pods on virtual nodes run in a secure and isolated container runtime based on Elastic Container Instance. Each pod is an elastic container instance. For more information, see ACK cluster overview.

ACK+ECI

Note

If you deploy self-managed Kubernetes clusters in your data centers or ECS, you must deploy VNode-based virtual nodes to use elastic container instances. For more information, see Overview.

Management tools

After you connect elastic container instances to Kubernetes by using the Virtual Kubelet technology and deploying virtual nodes, you can use one of the following tools to manage Kubernetes clusters and view the running status of elastic container instances:

  • Elastic Container Instance console

    You can view the running status of elastic container instances in the Elastic Container Instance console. Procedure:

    1. Log on to the Elastic Container Instance console.

    2. In the top navigation bar, select a region.

    3. On the Container Group page, you can view the existing elastic container instances in the region.

  • ACK console

    You can manage ACK Serverless clusters and ACK clusters and view the running status of elastic container instances in the ACK console. To view the running status of elastic container instances, perform the following steps:

    1. Log on to the ACK console.

    2. In the left-side navigation pane, click Clusters.

    3. On the Clusters page, find the cluster that you want to view and click the cluster name to go to the details page.

    4. In the left-side navigation pane, choose Workloads > Pods.

    5. On the Pods page, select a namespace from the Namespace drop-down list. Then, you can view elastic container instances in the namespace.

  • Cloud Shell

    You can access Kubernetes clusters by using Cloud Shell provided by Alibaba Cloud and use kubectl on Cloud Shell to manage the clusters. For more information, see Use kubectl to manage ACK clusters on Cloud Shell.

  • kubectl client

    You can use the kubectl client on your computer to access remote Kubernetes clusters and run kubectl commands to manage the clusters. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

Limits

Elastic Container Instance does not support some Kubernetes features such as hostPaths and DaemonSets due to security limits of Alibaba Cloud public cloud and limits imposed by virtual nodes. The following table describes the unsupported features.

Unsupported feature

Description

Recommended alternative

HostPath

Allows you to mount files from on-premises hosts to containers.

Use emptyDir volumes, disks, or Apsara File Storage NAS (NAS) file systems.

HostNetwork

Allows you to map a host port to a container.

Create a Service of the LoadBalancer type.

DaemonSet

Allows you to deploy a static pod on the host of a container.

Deploy multiple images in a pod by using sidecar containers.

Privileged permissions

Allows you to grant privileged permissions to a container.

Use a security context to grant permissions to a pod.

Service of the NodePort type

Allows you to map a host port to a container.

Create a Service of the LoadBalancer type.

When you use elastic container instances based on ACK, take note of the following items:

  • To simplify image pulling, you can upload your container images to the image repository in advance. We recommend that you use Alibaba Cloud Container Registry (ACR) and the image address (registry-vpc.xxx) in a virtual private cloud (VPC) to upload your container images.

  • Both connection methods described in this topic support common controllers such as Deployments, ReplicaSets, CronJobs, and StatefulSets.

  • Both connection methods described in this topic use PrivateZone to implement service discovery. We recommend that you enable PrivateZone when you create a cluster.

  • Both connection methods described in this topic support load balancing, which indicates that the type of Service is LoadBalancer.

Use elastic container instances

ACK Serverless clusters

  1. Create an ACK Serverless cluster. For more information, see Create an ACK Serverless cluster.

  2. Prepare a container image.

  3. Create an Elastic Container Instance-based pod. For more information about Elastic Container Instance-based pods, see Overview.

ACK clusters

  1. Create an ACK cluster. For more information, see Create an ACK managed cluster.

  2. Deploy the ack-virtual-node component to generate a virtual node. For more information, see Step 1: Deploy ack-virtual-node in ACK clusters.

    Note

    To use Elastic Container Instance features, you must update ack-virtual-node.

  3. Prepare a container image.

  4. Create an Elastic Container Instance-based pod. For more information about Elastic Container Instance-based pods, see Overview.

Scheduling methods

For ACK Serverless clusters, pods only run on elastic container instances. You do not need to schedule pods. For ACK clusters, pods run on elastic container instances and ECS instances. You can schedule pods to run on elastic container instances based on your requirements. The following list describes the scheduling methods:

  • Manually schedule pods to run on elastic container instances

    You can manually schedule pods to run on elastic container instances by configuring namespace labels, pod labels, or the elastic scheduling feature that is provided by Elastic Container Instance. For more information, see Schedule pods to an x86-based virtual node.

  • Automatically schedule pods to run on elastic container instances

    eci-profiles provide the ECI Scheduler feature to implement a new scheduling mechanism based on mutating webhooks. You can specify the namespace or pod labels to be matched in an eci-profile. Pods that have the specified labels are automatically scheduled to run on elastic container instances. For more information, see Configure an eci-profile.

  • Automatically re-schedule pods that fail to be scheduled to run on elastic container instances

    If the virtual-kubelet-autoscaler add-on is deployed in ACK clusters, the system automatically re-schedules pods that fail to be scheduled due to insufficient worker nodes to run on elastic container instances. For more information, see Install the virtual-kubelet-autoscaler add-on in an ACK cluster.

  • Automatically schedule excess pods to run on elastic container instances

    After the ack-kubernetes-elastic-workload add-on is deployed in an ACK cluster, the system can control the fine-grained distribution of workloads such as Deployments and StatefulSets at the pod level. The system schedules the excess pods to run on elastic container instances. For more information, see Deploy and use ack-kubernetes-elastic-workload in an ACK cluster.

Implement the features of Elastic Container Instance

When you schedule pods of a Kubernetes cluster to run on elastic container instances, you can add annotations to the pods to make full use of the features of Elastic Container Instance. Make sure that the annotations that you want to add comply with the Kubernetes syntax. You must add annotations to the metadata in the configuration files of pods. For information about the annotations that you can add and configuration examples of the annotations, see Pod annotations.

Note

You can manually add annotations when you create pods. You can also edit the eci-profile configuration file. Then, Elastic Container Instance automatically adds annotations to pods that have the specified labels.