All Products
Search
Document Center

Configure Elastic Container Instance Profile

Last Updated: May 19, 2022

When you deploy an elastic container instance in Alibaba Cloud Container Service for Kubernetes (ACK) or serverless Kubernetes (ASK) based on Virtual Kubelet, you can configure Elastic Container Instance Profile to schedule pods. This topic describes Elastic Container Instance Profile and how it is configured.

Introduction to Elastic Container Instance Profile

When you deploy an elastic container instance in Kubernetes based on Virtual Kubelet, pods may fail to be scheduled to the elastic container instance. After pods are scheduled to the elastic container instance, you must add pod annotations for Elastic Container Instance features such as image cache to take effect. Typically, cluster administrators can fix pods that fail to be scheduled and add pod annotations to make Elastic Container Instance features take effect. R&D personnel can adjust pod configuration files to prevent scheduling failures or add pod annotations.

Elastic Container Instance Profile allows cluster administrators to schedule pods and modify pod configuration files. Elastic Container Instance Profile provides the following features:

  • ECI Scheduler

    You can use elastic container instances in together with regular nodes to configure labels for pods and namespaces and schedule pods to instances. However, to perform these operations, you must modify existing resources.

    Elastic Container Instance Scheduler implements a new scheduling mechanism based on mutating webhooks. You can declare the namespace or pod labels to be matched in Elastic Container Instance Profile. Pods that have the declared labels are automatically scheduled to elastic container instances.

  • ECI Effect

    You must add annotations or labels to pods for some Elastic Container Instance features to take effect. Examples of these features include specifying Elastic Compute Service (ECS) instance types, enabling image caches, and configuring the Network Time Protocol (NTP) service. For more information, see Annotations supported by Elastic Container Instance.

    Elastic Container Instance Effect can automatically add annotations and labels. In Elastic Container Instance Profile, you can declare the namespace or pod labels to be matched and specify the annotations and labels to be added. If a pod has the declared labels, the specified annotations and labels are automatically added to the pod.

  • Configure hot update

    In Elastic Container Instance Profile, you can configure the Cluster IP, hybrid cloud mode, PrivateZone, resource group, security group, virtual private cloud (VPC), and vSwitch. You can also modify the parameter settings in Elastic Container Instance Profile based on your business requirements. The new parameter settings take effect without the need to restart Virtual Kubelet.

Preparations

Before you use Elastic Container Instance Profile, make sure that your Virtual Kubelet is of the latest version and that mutating webhooks are enabled if you want to use Elastic Container Instance Scheduler.

Make preparations based on the types of Kubernetes clusters.

  • ASK clusters

    Make sure that Virtual Kubelet is updated to the latest version.

    Note

    By default, ASK clusters schedule pods to Elastic Container Instance. You do not need to use Elastic Container Instance Scheduler to schedule pods to Elastic Container Instance.

  • ACK clusters

    • For managed ACK clusters, make sure that Virtual Kubelet is automatically updated to the latest version and that mutating webhooks are automatically enabled.

    • For non-managed ACK clusters, modify the configuration file of Virtual Kubelet to update Virtual Kubelet to the latest version, and then enable mutating webhooks.

Configurations

Elastic Container Instance Profile reads the eci-profile configuration file from the kube-system namespace and matches pods based on the selectors specified in the configuration file. If a pod has the labels contained in the selectors, the pod is automatically scheduled to the elastic container instance, or annotations and labels are automatically added to the pod for Elastic Container Instance features to take effect.

You can use one of the following methods to edit the eci-profile configuration file:

  • Run the kubectl edit command.

    kubectl edit configmap eci-profile -n kube-system
  • Use the ACK console.

    1. Log on to the ACK console. On the Clusters page, find the cluster that you want to configure and click the cluster name.

    2. In the left-side navigation pane, choose Configurations > ConfigMaps.

    3. Select kube-system from the Namespace drop-down list.

    4. Find and edit the eci-profile configuration file.

Example eci-profile configuration file:


apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"default-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-2",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-3",
            "namespaceSelector":{
                "matchLabels":{
                    "alibabacloud.com/eci":"true"
                }
            }
        },
        {
            "name":"default-selector-4",
            "namespaceSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            }
        },
        {
            "name":"default-selector-5",
            "namespaceSelector":{  
                "matchLabels":{
                    "virtual-node-affinity-injection":"enabled"
                }
            },
            "effect":{ 
                "annotations":{
                    "k8s.aliyun.com/eci-image-cache": "true"
                },
                "labels":{
                    "created-by-eci":"true"
                }
            }
        }
    ]    

In the preceding example, data contains parameters such as vpcId, vswitchIds, and selectors.

The selectors parameter contains the configurations of Elastic Container Instance Scheduler and Elastic Container Instance Effect. You must declare the name of each selector and can declare the following fields based on your business requirements:

  • namespaceSelector: the namespace labels to match.

  • objectSelector: the pod labels to match.

  • effect: the annotations and labels to be dynamically added.

After you configure selectors, you can run the following command to check whether the selectors take effect. If the returned YAML file contains the configured selectors, the selectors take effect. If the returned YAML file does not contain the configured selectors, check whether the selectors are formatted correctly.

kubectl get mutatingwebhookconfigurations -o yaml vk-webhook

vpcId specifies the ID of the VPC. vswitchIds specifies the IDs of vSwitches. You can modify the parameters to suit your business requirements. The following table describes the parameters that can be modified.

Parameter

Example

Description

enableClusterIp

"true"

Specifies whether to support Cluster IP.

enableHybridMode

"false"

Specifies whether to enable the hybrid cloud mode.

enablePrivateZone

"false"

Specifies whether to use PrivateZone for domain name resolution.

resourceGroupId

rg-aek2z3elfs4qghy

Specifies the ID of the resource group.

securityGroupId

sg-2ze0b9o8pjjzts4h****

Specifies the ID of the security group.

vSwitchIds

vsw-2zeet2ksvw7f14ryz****

Specifies the IDs of the vSwitches. Separate multiple vSwitch IDs with commas (,).

vpcId

vpc-2zeghwzptn5zii0w7****

Specifies the ID of the VPC.

Example on how to configure Elastic Container Instance Scheduler

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays. The pods that have matching labels are automatically scheduled to elastic container instances.

The following sample code shows how to configure Elastic Container Instance Scheduler:

Notice

Remove annotations when you configure your Elastic Container Instance Scheduler.

  selectors: |
   [
      {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels must have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched. You must specify namespaceSelector, objectSelector, or both.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels must have logical AND relations.
                "type":"offline-task"
              }
          }
      }
   ]
Notice

In a selector, you must configure namespaceSelector, objectSelector, or both. If you configure both namespaceSelector and objectSelector, only pods that have all labels specified in both namespaceSelector and objectSelector can be automatically scheduled to the elastic container instance.

In the preceding example, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to the elastic container instance.

Example on how to configure Elastic Container Instance Effect

In the selectors of the eci-profile configuration file, you can declare the namespace or pod labels as arrays and specify the annotations and labels to be dynamically added. If a pod has the declared labels, the specified annotations and labels are automatically added to the pod.

The following sample code shows how to configure Elastic Container Instance Effect:

Notice

Remove annotations when you configure your Elastic Container Instance Effect.

  selectors: |
   [
    {
        "name":"demo",  #Required. The name of the selector.
        "namespaceSelector":{  #Optional. The namespace labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels must have logical AND relations.
                "department":"bigdata"
            }
        },
        "objectSelector":{  #Optional. The pod labels to be matched.
            "matchLabels":{  #The labels to be matched. If you specify multiple labels, the specified labels must have logical AND relations.
                "type":"offline-task"
            }
        },
        "effect":{  #The annotations and labels to be dynamically added.
            "annotations":{
                "k8s.aliyun.com/eci-image-cache": "true"
            },
            "labels":{
                "created-by-eci":"true"
            }
        }
    }
   ]
Notice

  • In a selector, you can configure namespaceSelector and objectSelector based on your business requirements. If neither namespaceSelector or objectSelector are configured, the effect settings take effect on all the pods that are scheduled to the elastic container instance.

  • If you configure multiple selectors, the selectors are matched in sequence. After pods are matched, the annotations and labels specified in the effect settings are automatically added to the pods. These annotations and labels do not overwrite existing annotations and labels of the pods. If duplicate annotations or labels exist, the annotations or labels that have higher priorities are used. The existing annotations and labels of the pods have a higher priority than the annotations and labels specified in the effect settings of matched selectors. The priorities of annotations or labels in the effect settings of the selectors descend in the order in which the selectors are matched.

In the preceding example, a selector named demo is declared to implement the following feature:

If the namespace of a pod has the department=bigdata label and the pod has the type=offline-task label, the pod is automatically scheduled to the elastic container instance. At the same time, the image cache feature is enabled, and the created-by-eci=true label is added to the pod.

Example on how to configure hot update

In the data of the eci-profile configuration file, you can modify vSwitchIds to update the vSwitches that can be used to create elastic container instances. The vSwtichIds parameter can be specified to implement the multi-zone feature. The following sample code shows how to configure hot update:

data:
  enableClusterIp: "true"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  resourceGroupId: ""
  securityGroupId: sg-2ze0b9o8pjjzts4h****
  selectors: ""
  vSwitchIds: vsw-2zeet2ksvw7f14ryz****,vsw-2ze94pjtfuj9vaymf****  #Configure multiple vSwitches to implement the multi-zone feature.
  vpcId: vpc-2zeghwzptn5zii0w7****