Elastic Container Instance provides a basic pod runtime environment to Kubernetes clusters. Other capabilities such as dependencies between services, load balancing, auto scaling, and regular scheduling must still be provided by Kubernetes. This topic describes how to connect serverless Kubernetes (ASK) and Container Service for Kubernetes (ACK) clusters to Elastic Container Instance and run pods as elastic container instances.
Connection methods
Elastic Container Instance provides a hierarchical solution to manage Kubernetes resources. Elastic Container Instance schedules and manages pods at the infrastructure layer, whereas Kubernetes manages workloads such as Deployments, Services, StatefulSets, and CronJobs on the platform layer.
Elastic Container Instance connects to Kubernetes by using virtual nodes based on Virtual Kubelet provided by the Kubernetes community. This way, Kubernetes clusters are empowered with high elasticity and are no longer limited by the computing capacity of cluster nodes. After you connect Kubernetes clusters to Elastic Container Instance, Elastic Container Instance takes over the management of pods, including the infrastructure and resources availability. Kubernetes no longer needs to manage the lifecycle and resources of the underlying virtual machines (VMs).
Elastic Container Instance is seamlessly integrated into ASK and ACK. You can use ASK or ACK to experience the capabilities of Elastic Container Instance in running containers.
Use elastic container instances in ASK clusters (pods exclusively run as elastic container instances)
In this connection method, all Kubernetes pods run as elastic container instances. Elastic Container Instance manages the underlying infrastructure. Kubernetes needs only to manage workloads to ensure the reliability of the business, without the need to focus on the O&M and capacity of the underlying VMs.
If you are selecting a type of Kubernetes clusters, we recommend that you select ASK clusters. ASK is optimized to run pods exclusively as elastic container instances. An ASK cluster is a fully managed and cost-effective Kubernetes cluster that is suitable for online and offline business, simulation environments, and development and test environments.
Cost-effectiveness
ASK allows you to deploy containerized applications without the need to purchase and manage nodes and plan node capacity. You are charged only for the amount of CPU and memory resources that you allocate to your applications.
Zero O&M
You can use API operations or command lines of Kubernetes to manage container applications. ASK is integrated with other Alibaba Cloud services to help you simplify the development on Kubernetes and focus on your applications instead of the management of underlying resources.
In ASK clusters, you can create Elastic Container Instance pods without manually deploying virtual nodes. Pods in ASK clusters run in a secure and isolated container runtime based on Elastic Container Instance. Each pod is an elastic container instance. For more information, see ASK overview.
Use elastic container instances in ACK clusters (pods run as elastic container instances and run on ECS instances)
ACK is one of the first services to participate in the Certified Kubernetes Conformance Program in the world. ACK provides high performance services to the management of containerized applications. ACK is integrated with the virtualization, storage, networking, and security capabilities provided by Alibaba Cloud, simplifies the creation and expansion of clusters, and allows you to focus on the development and management of containerized applications.
If you have created an ACK cluster, you can deploy virtual nodes in the cluster to use elastic container instances. After you deploy virtual nodes, you can create elastic container instances on demand in the virtual nodes to extend your ACK clusters, without the need to plan the computing capacities of the virtual nodes. The elastic container instances can communicate with the pods on real nodes of the clusters. You can schedule the excess traffic of long-running workloads to run on Elastic Container Instance. This allows you to reduce idle resources and ensure fast and flexible scalability. When business traffic decreases, you can release Elastic Container Instance pods to reduce costs.
In ACK clusters, you must manually deploy virtual nodes before you create Elastic Container Instance pods. Pods on virtual nodes run in a secure and isolated container runtime based on Elastic Container Instance. Each pod is an elastic container instance. For more information, see ACK cluster overview.
If you deploy self-managed Kubernetes clusters in your data centers or Alibaba Cloud Elastic Compute Service (ECS), you must deploy VNode-based virtual nodes to use elastic container instances. For more information, see Overview.
Management tools
After you connect elastic container instances to Kubernetes by using the Virtual Kubelet technology and deploying virtual nodes, you can use one of the following tools to manage Kubernetes clusters and view the running status of elastic container instances:
Elastic Container Instance console
You can view the running status of elastic container instances in the Elastic Container Instance console. Procedure:
Log on to the Elastic Container Instance console.
In the top navigation bar, select a region.
On the Container Group page, you can view the existing elastic container instances in the region.
ACK console
You can manage ASK clusters and ACK clusters and view the running status of elastic container instances in the ACK console. To view the running status of elastic container instances, perform the following steps:
Log on to the ACK console.
In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to view and click the cluster name to go to the details page.
In the left-side navigation pane, choose Workloads > Pods.
On the Pods page, select a namespace from the Namespace drop-down list. Then, you can view elastic container instances in the namespace.
Cloud Shell
You can access Kubernetes clusters by using Cloud Shell provided by Alibaba Cloud and use kubectl on Cloud Shell to manage the clusters. For more information, see Use kubectl on Cloud Shell to manage ACK clusters.
kubectl client
You can use the kubectl client on your computer to access remote Kubernetes clusters and run kubectl commands to manage the clusters. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Limits
Elastic Container Instance does not support some Kubernetes features such as hostPaths and DaemonSets due to security limits of Alibaba Cloud public cloud and limits imposed by virtual nodes. The following table describes the unsupported features.
Unsupported feature | Description | Recommended alternative |
HostPath | Allows you to mount files from on-premises hosts to containers. | Use emptyDir volumes, disks, or Apsara File Storage NAS (NAS) file systems. |
HostNetwork | Allows you to map a host port to a container. | Create a Service of the LoadBalancer type. |
DaemonSet | Allows you to deploy a static pod on the host of a container. | Deploy multiple images in a pod by using sidecar containers. |
Privileged permissions | Allows you to grant privileged permissions to a container. | Use a security context to grant permissions to a pod. |
Service of the NodePort type | Allows you to map a host port to a container. | Create a Service of the LoadBalancer type. |
When you use elastic container instances in ASK or ACK clusters, take note of the following items:
To simplify image pulling, you can upload your container images to the image repository in advance. We recommend that you use Alibaba Cloud Container Registry (ACR) and the image address (registry-vpc.xxx) in a virtual private cloud (VPC) to upload your container images.
Both connection methods described in this topic support common controllers such as Deployments, ReplicaSets, CronJobs, and StatefulSets.
Both connection methods described in this topic use PrivateZone to implement service discovery. We recommend that you enable PrivateZone when you create a cluster.
Both connection methods described in this topic support load balancing, which indicates that the type of Service is LoadBalancer.
Use elastic container instances
ASK
Create an ASK cluster. For more information, see Create an ASK cluster.
Prepare a container image.
Create an Elastic Container Instance pod. For more information, see Overview.
ACK
Create an ACK cluster. For more information, see Create an ACK managed cluster.
Deploy the ack-virtual-node component to generate a virtual node. For more information, see Step 1: Deploy ack-virtual-node in ACK clusters.
NoteTo use Elastic Container Instance features, you must update ack-virtual-node.
For information about the versions of ack-virtual-node, see ack-virtual-node.
For information about how to update ack-virtual-node, see Manage system components.
Prepare a container image.
Create an Elastic Container Instance pod. For more information, see Overview.
Scheduling methods
For ASK clusters, pods exclusively run as elastic container instances. You do not need to schedule pods. For ACK clusters, pods run as elastic container instances and run on ECS instances. You can schedule pods to run on Elastic Container Instance based on your requirements. The following list describes the scheduling methods:
Manually schedule pods to run on Elastic Container Instance
You can manually schedule pods to run on Elastic Container Instance by configuring namespace labels, pod labels, or the elastic scheduling feature that is provided by Elastic Container Instance. For more information, see Schedule pods to Virtual Kubelet.
Automatically schedule pods to run on Elastic Container Instance
ECI Profile provides the ECI Scheduler feature to implement a new scheduling mechanism based on mutating webhooks. You can specify the namespace or pod labels to be matched in ECI Profile. Pods that have the specified labels are automatically scheduled to run on Elastic Container Instance. For more information, see Configure an eci-profile.
Automatically re-schedule pods that fail to be scheduled to run on Elastic Container Instance
If the virtual-kubelet-autoscaler add-on is deployed in ACK clusters, the system automatically re-schedules pods that fail to be scheduled due to insufficient worker nodes to run on Elastic Container Instance. For more information, see Install the virtual-kubelet-autoscaler add-on in an ACK cluster.
Automatically schedule scaled-out pods to run on Elastic Container Instance
After the ack-kubernetes-elastic-workload add-on is deployed in an ACK cluster, the system can control the fine-grained distribution of workloads such as Deployments and StatefulSets at the pod level. The system schedules the scaled-out pods to run on Elastic Container Instance. For more information, see Deploy and use ack-kubernetes-elastic-workload in an ACK cluster.
Implement the features of Elastic Container Instance
When you schedule pods of a Kubernetes cluster to run on Elastic Container Instance, you can add annotations to the pods to make full use of the features of Elastic Container Instance. Make sure that the annotations that you want to add comply with the Kubernetes syntax. You must add annotations to the metadata of pods. For information about the annotations that you can add and configuration examples of the annotations, see Pod annotations.
You can manually add annotations when you create pods. You can also configure the eci-profile component. Then, eci-profile automatically adds annotations to pods that have the specified labels.