To minimize changes to the YAML file, ECI provides the ECI Profile feature. This feature allows you to configure elastic container instances within a cluster and help you orchestrate pods based on selectors. This topic describes how to configure an ECI Profile.
Introduction to ECI profile
The ECI Profile feature provides the following capabilities:
ECI Scheduler
In scenarios in which both real nodes and virtual nodes (VNodes) are used, you can configure pod labels or namespace labels to schedule pods to a VNode, and then run the pods on the elastic container instances that are deployed in the VNode. You can also configure the nodeSelector and tolerations parameters to perform the same operations. To use these methods, you must modify your existing resources. These modifications may cause vulnerabilities in your system.
ECI Scheduler uses a scheduling mechanism based on Mutating Webhook. You can declare the namespace labels or pod labels to be matched in the eci-profile component. Pods that have the declared labels are automatically scheduled to VNodes and then are run on the elastic container instances that are deployed in the VNodes.
ECI Effect
You must add annotations or labels to pods to allow some Elastic Container Instance features to take effect, such as when you specify Elastic Compute Service (ECS) instance types or enable image caches. ECI Effect automatically adds annotations and labels. In the eci-profile component, you can declare the namespace labels or pod labels to be matched and specify the annotations and labels to be added. The specified annotations and labels are automatically added to the pods that have the declared labels.
For more information about the annotations that can be added, see Annotations supported by Elastic Container Instance.
Deploy the eci-profile component
Before you use the ECI Profile feature, you must deploy the eci-profile component in the cluster.
Save the following content as the eci-profile.yaml file.
apiVersion: v1 kind: ConfigMap metadata: name: eci-profile namespace: kube-system data: selectors: | [ { "name":"default-pod-selector", "objectSelector":{ "matchLabels":{ "alibabacloud.com/eci": "true" } } }, { "name":"default-namespace-selector", "namespaceSelector":{ "matchLabels":{ "alibabacloud.com/eci": "true" } } } ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: alicloud-eci-profile rules: - apiGroups: - "" resources: - namespaces verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - patch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "admissionregistration.k8s.io" resources: - mutatingwebhookconfigurations verbs: - get - patch - create --- apiVersion: v1 kind: ServiceAccount metadata: name: alicloud-eci-profile namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: alicloud-eci-profile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: alicloud-eci-profile subjects: - kind: ServiceAccount name: alicloud-eci-profile namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: role: eci-profile name: eci-profile namespace: kube-system spec: ports: - port: 443 targetPort: 443 selector: app: eci-profile --- apiVersion: apps/v1 kind: Deployment metadata: name: alicloud-eci-profile namespace: kube-system labels: app: eci-profile webhook: eci-profile spec: replicas: 1 selector: matchLabels: app: eci-profile template: metadata: labels: app: eci-profile spec: serviceAccount: alicloud-eci-profile terminationGracePeriodSeconds: 60 containers: - name: eci-profile image: registry.cn-hangzhou.aliyuncs.com/eci/eci-profile:v1.0.0 imagePullPolicy: Always command: - /eci-profile args: - --profileProvider - cm resources: requests: memory: 30M cpu: 100m
By default, the following selectors are added to the preceding template:
default-pod-selector: The pods that have the
alibabacloud.com/eci: true
label are automatically scheduled to the VNode.default-namespace-selector: The pods in the namespaces that have the
alibabacloud.com/eci: true
label are automatically scheduled to the VNode.
In addition, if you want to schedule the eci-profile component to the VNode, you must add nodeSelector and tolerations to eci-profile.
nodeSelector: k8s.aliyun.com/vnode: "true" tolerations: - key: k8s.aliyun.com/vnode operator: "Equal" value: "true" effect: "NoSchedule"
Deploy the eci-profile component.
kubectl create -f eci-profile.yaml
View the deployment result.
kubectl -n kube-system get pods
If the following command output is returned, the eci-profile component is deployed.
NAME READY STATUS RESTARTS AGE alicloud-eci-profile-568d64cf84-f7sz8 1/1 Running 0 26h
Configuration description and sample configurations
ECI Profile reads the selectors in eci-profile to match pods. The pods that have the labels in the selectors are automatically scheduled to VNodes or are added with annotations and labels to allow the features of Elastic Container Instance to take effect.
After eci-profile is deployed, you can run the following command to modify the configurations of eci-profile:
kubectl edit configmap eci-profile -n kube-system
The following code shows how to configure a selector:
selectors: |
[
{
"name":"demo",
"namespaceSelector":{
"matchLabels":{
"eci":"true"
}
},
"objectSelector":{
"matchLabels":{
"eci":"true"
}
},
"effect":{
"annotations":{
"k8s.aliyun.com/eci-image-cache": "true"
},
"labels":{
"created-by-eci":"true"
}
}
}
]
In the preceding template, a selector named demo is declared to enable the following feature:
If both the namespace to which a pod belongs and the pod itself have the eci: true
label, the pod is automatically scheduled to the VNode. In addition, the "k8s.aliyun.com/eci-image-cache": "true"
annotation and the created-by-eci: true
label are added to the pod.
You must declare the name of each selector. You can also declare the following fields based on your business requirements:
namespaceSelector: the namespace labels to match.
objectSelector: the pod labels to match.
effect: the annotations and labels to be dynamically added.
In a selector, you must configure namespaceSelector, objectSelector, or both. If you configure both, only the pods that have all the labels specified in both namespaceSelector and objectSelector can be automatically scheduled to the VNode.
If the cluster version is 1.16 or later, the objectSelector feature is supported. If the cluster version is earlier than 1.16, try to use feature-gate to enable the objectSelector feature.
Sample configuration 1: Schedule specific pods to an elastic container instance
Scenario: Schedule the pods that have the created-by-eci: true
label and whose namespaces have the type: eci
label to a VNode. The following code provides a sample YAML file.
apiVersion: v1
kind: ConfigMap
metadata:
name: eci-profile
namespace: kube-system
data:
selectors: |
[
{
"name":"eci-selector-1",
"namespaceSelector":{
"matchLabels":{
"type":"eci"
}
},
"objectSelector":{
"matchLabels":{
"created-by-eci":"true"
}
}
}
]
Sample configuration 2: Schedule all pods in a specific namespace to a GPU-accelerated elastic container instance
Scenario: Schedule all pods in the namespaces that have the gpu: true
label to a VNode. In addition, the elastic container instances are created based on the ECS instances of the ecs.gn6v-c8g1.2xlarge
GPU-accelerated instance type. The following code provides a sample YAML file.
apiVersion: v1
kind: ConfigMap
metadata:
name: eci-profile
namespace: kube-system
data:
selectors: |
[
{
"name":"gpu-namespace-selector-1",
"namespaceSelector":{
"matchLabels":{
"gpu":"true"
}
},
"effect": {
"annotations": {
"k8s.aliyun.com/eci-use-specs":"ecs.gn6v-c8g1.2xlarge"
}
}
}
]
Sample configuration 3: Schedule specific pods to an AMD-based elastic container instance
Scenario: Schedule the pods that have the amd: true
label to a VNode. In addition, the elastic container instances are created based on the ECS instances of the ecs.c6a.xlarge
AMD-based ECS instance type. The following code provides a sample YAML file.
apiVersion: v1
kind: ConfigMap
metadata:
name: eci-profile
namespace: kube-system
data:
selectors: |
[
{
"name":"amd-object-selector-1",
"objectSelector":{
"matchLabels":{
"amd":"true"
}
},
"effect": {
"annotations": {
"k8s.aliyun.com/eci-use-specs": "ecs.c6a.xlarge"
}
}
}
]