Create job-optimized elastic container instances

Introduction to job-optimized elastic container instances

Job-optimized elastic container instances are suitable for job-type scenarios. The instances have the following features:

• Job-optimized elastic container instances can be started faster than regular elastic container instances. The cold start time of job-optimized elastic container instances is only half of the cold start time of regular elastic container instances.

• For batch tasks that are continuously executed, the image caching feature is automatically enabled.

• Job-optimized elastic container instances allow you to only access external services from the instances. You cannot access the instances from external services. For example, you can access the Internet as well as Apsara File Storage NAS (NAS) and Object Storage Service (OSS) in your virtual private cloud (VPC).

  The following table describes the network types that are supported by job-optimized elastic container instances:

  Network type	Description
  N/A	You cannot access the Internet or VPCs from the instance, but images can be pulled from image repositories in VPCs in the region where the instance resides. For example, if your instance is deployed in the China (Beijing) region, you can pull the registry-vpc.cn-beijing.aliyuncs.com/eci_open/busybox:1.30 image.
  Internet	You can access the Internet from the instance and pull images over the Internet. You do not need to configure the NAT gateway.
  VPC	You can access the services in VPCs from the instance. To access your VPCs from the instance, you must configure the vSwitches and security groups of the VPCs.
  Internet and VPC	You can access the Internet and services in VPCs from the instance. To access the Internet from the instance, you do not need to configure a NAT gateway. To access your VPCs from the instance, you must configure the vSwitches and security groups of the VPCs.

  Note

  • If your instance does not need to access VPCs, you can set the network type to N/A or Internet. In this case, you do not need to configure vSwitches or security groups.

  • If Alibaba Cloud DNS PrivateZone is used for domain name resolution, set the network type to VPC. In this case, to access the Internet, you can configure a NAT gateway for the vSwitch.

  • If the network type is VPC or Internet and VPC, only two IP addresses in the vSwitch are used. New elastic container instances do not use extra IP addresses in the vSwitch.

Limits

• Region: Job-optimized elastic container instances are available only in the China (Hangzhou), China (Shanghai), China (Beijing), and China (Shenzhen) regions.

• Billing method: Only the pay-as-you-go billing method is supported. Preemptible instances are not supported.

• Network: You can only access external services from elastic container instances. You cannot access elastic container instances from external services. As a result, elastic container instances cannot provide services to external resources.

• Network bandwidth: The upper limit is 1 Gbit/s.

• Instance specifications: A maximum of 16 vCPUs are supported. The following table describes the supported instance specifications.

  vCPU	Memory (GiB)
  0.25	0.5 and 1
  0.5	1 and 2
  1	2, 4, and 8
  2	1, 2, 4, 8, and 16
  4	2, 4, 8, 16, and 32
  8	4, 8, 16, 32, and 64
  12	12, 24, 48, and 96
  16	16, 32, 64, and 128

• Other limits:

  • You cannot associate an elastic IP address (EIP) with a pod.

  • You cannot assign RAM roles to job-optimized elastic container instances.

  • You cannot add metadata to job-optimized elastic container instances.

  • You cannot customize the size of the temporary storage space.

  • You cannot use persistent storage for job-optimized elastic container instances. If the network type of a job-optimized elastic container instance is N/A or Internet, the instance cannot use NAS persistent storage or OSS persistent storage.

Create a job-optimized elastic container instance in scenarios in which Kubernetes is involved

You can add annotations to the pod metadata to declare the network type. The annotations specify the pod that you want to create is a job-optimized elastic container instance. The configuration item is k8s.aliyun.com/eci-network-config. Valid values:

• none: N/A.

• nat_internet: Internet.

• nat_vpc: VPC.

• nat_internet_vpc: Internet and VPC.

Sample configurations:

apiVersion: v1
kind: Pod
metadata:
  name: test-nat-vpc
  namespace: default
  labels:
    eci: "true"
  annotations:
    k8s.aliyun.com/eci-network-config: "nat_vpc"
spec:
 nodeName: virtual-kubelet-cn-shanghai-f
 containers:
 - image: registry-vpc.cn-shanghai.aliyuncs.com/eci_open/perl:5.32
   imagePullPolicy: IfNotPresent
   name: pi
   command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
 restartPolicy: OnFailure

You can also use the ECI Effect feature of Elastic Container Instance Profile to automatically add annotations to pods that can be matched by labels.

Sample configurations:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "false"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"custom-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_internet"
            }
        },
        {
            "name":"custom-selector-2",
            "namespaceSelector":{  
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_vpc"
            }
          }
        }
    ]

The preceding example declares two selectors that can implement the following features:

• If the pod has the eci=true label, the pod uses job-optimized elastic container instances and the network type is Internet.

• If the namespace in which the pod is located contains the eci=true label, the pod uses job-optimized elastic container instances and the network type is VPC.

For more information, see Configure Elastic Container Instance Profile.

Call an API operation to create a job-optimized elastic container instance

If you call the CreateContainerGroup API operation to create an elastic container instance, you can use tag-related parameters to configure a job-optimized instance. The following table describes these parameters. For more information, see CreateContainerGroup.

Sample configurations:

• Configurations when Tag.N.Value is set to none.

  Tag.1.Key = eci_networkConfig,
  Tag.1.Value = none 

• Configurations when Tag.N.Value is set to nat_internet.

  Tag.1.Key = eci_networkConfig,
  Tag.1.Value = nat_internet 

• Configurations when Tag.N.Value is set to nat_vpc.

  Tag.1.Key = eci_networkConfig,
  Tag.1.Value = nat_vpc
  VSwitchId = vsw-bp1xpiowfm5vo8o3c****
  SecurityGroupId = sg-uf66jeqopgqa9hdn****

• Configurations when Tag.N.Value is set to nat_internet_vpc

  Tag.1.Key = eci_networkConfig,
  Tag.1.Value = nat_internet_vpc
  VSwitchId = vsw-bp1xpiowfm5vo8o3c****
  SecurityGroupId = sg-uf66jeqopgqa9hdn****

Use the Elastic Container Instances console to create a job-optimized elastic container instance

If you set the Billing Method parameter to Pay-as-you-go when you create a job-optimized elastic container instance on the elastic container instance buy page, you can set the Type of Instance parameter to Job Instance and then configure the network type.

Description about the network types:

• If you select N/A or Internet for Network Type, you do not need to configure the VPC, vSwitch, or security group.

• If you select VPC or Internet and VPC for Network Type, to access the VPC from the elastic container instance, you must configure the VPC, vSwitch, and security group.