Create job-optimized elastic container instances - Instances| Alibaba Cloud Documentation Center

You can run short-term jobs on elastic container instances to improve resource utilization and reduce computing costs. Job-optimized elastic container instances provide multiple benefits. For example, a job-optimized elastic container instance can be started in seconds. This topic describes how to create and use a job-optimized elastic container instance.

Introduction to job-optimized elastic container instances

Job-optimized elastic container instances are suitable for job-type scenarios. The instances have the following features:

Job-optimized elastic container instances can be started faster than regular elastic container instances. The cold start time of job-optimized elastic container instances is only half of the cold start time of regular elastic container instances.
For batch tasks that are continuously executed, the image caching feature is automatically enabled.

Job-optimized elastic container instances allow you to only access external services from the instances. You cannot access the instances from external services. For example, you can access the Internet as well as Apsara File Storage NAS (NAS) and Object Storage Service (OSS) in your virtual private cloud (VPC).

The following table describes the network types that are supported by job-optimized elastic container instances:

Network type	Description
N/A	You cannot access the Internet or VPCs from the instance, but images can be pulled from image repositories in VPCs in the region where the instance resides. For example, if your instance is deployed in the China (Beijing) region, you can pull the `registry-vpc.cn-beijing.aliyuncs.com/eci_open/busybox:1.30` image.
Internet	You can access the Internet from the instance and pull images over the Internet. You do not need to configure a NAT gateway.
VPC	You can access the services in VPCs from the instance. To access your VPCs from the instance, you must configure the vSwitches and security groups of the VPCs.
Internet and VPC	You can access the Internet and services in VPCs from the instance. To access the Internet from the instance, you do not need to configure a NAT gateway. To access your VPCs from the instance, you must configure the vSwitches and security groups of the VPCs.

Note

If your instance does not need to access VPCs, you can set the network type to N/A or Internet. In this case, you do not need to configure vSwitches or security groups.
If Alibaba Cloud DNS PrivateZone is used for domain name resolution, set the network type to VPC. In this case, to access the Internet, you can configure a NAT gateway for the vSwitch.
If the network type is VPC or Internet and VPC, only two IP addresses in the vSwitch are used. New elastic container instances do not use extra IP addresses in the vSwitch.

Limits

Region: Job-optimized elastic container instances can be created only in the China (Hangzhou), China (Shanghai), China (Beijing), and China (Shenzhen) regions.
Billing method: Only the pay-as-you-go billing method is supported. Preemptible instances are not supported.
Network: You can only access external services from job-optimized elastic container instances. You cannot access job-optimized elastic container instances from external services. As a result, job-optimized elastic container instances cannot provide services to external resources.
Network bandwidth: The upper limit is 1 Gbit/s.
Instance specifications: A job-optimized elastic container instance can contain a maximum of 16 vCPUs. The following table describes the supported instance specifications.
vCPU
Memory (GiB)
0.25
0.5 and 1
0.5
1 and 2
1
2, 4, and 8
2
1, 2, 4, 8, and 16
4
2, 4, 8, 16, and 32
8
4, 8, 16, 32, and 64
12
12, 24, 48, and 96
16
16, 32, 64, and 128
Note
You can create a job-optimized instance by specifying the number of vCPUs and the memory size. You cannot create a job-optimized instance by specifying an ECS instance type.
Other limits:
- You cannot associate an elastic IP address (EIP) with a pod.
- You cannot add a job-optimized elastic container instance as a backend server to a Server Load Balancer (SLB) instance.
- You cannot assign RAM roles to job-optimized elastic container instances.
- You cannot add metadata to job-optimized elastic container instances.
- You cannot set the size of the temporary storage space.
- You cannot use disk volumes for persistent storage on job-optimized elastic container instances. If the network type of a job-optimized elastic container instance is set to N/A or Internet, you cannot use an Apsara File Storage NAS (NAS) volume or an OSS bucket for persistent storage on the instance.
- Job-optimized elastic container instances do not support coredump or tcpdump.

vCPU	Memory (GiB)
0.25	0.5 and 1
0.5	1 and 2
1	2, 4, and 8
2	1, 2, 4, 8, and 16
4	2, 4, 8, 16, and 32
8	4, 8, 16, 32, and 64
12	12, 24, 48, and 96
16	16, 32, 64, and 128

Create a job-optimized elastic container instance in scenarios in which Kubernetes is involved

Notice

If you want to create job-optimized elastic container instances, the version of Virtual Kubelet in the Kubernetes cluster must be later than 2.1.0. If the version of Virtual Kubelet in the Kubernetes cluster is 2.1.0 or earlier, update Virtual Kubelet. For more information, see Update Virtual Kubelet.

You can add the k8s.aliyun.com/eci-network-config parameter to the metadata of the pod to declare the network type and the instance category of the pod. Valid values of k8s.aliyun.com/eci-network-config are:

none: N/A.
nat_internet: Internet.
nat_vpc: VPC.
nat_internet_vpc: Internet and VPC.

Sample configurations:

apiVersion: v1
kind: Pod
metadata:
  name: test-nat-vpc
  namespace: default
  labels:
    eci: "true"
  annotations:
    k8s.aliyun.com/eci-network-config: "nat_vpc"
spec:
 nodeName: virtual-kubelet-cn-shanghai-f
 containers:
 - image: registry-vpc.cn-shanghai.aliyuncs.com/eci_open/perl:5.32
   imagePullPolicy: IfNotPresent
   name: pi
   command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
 restartPolicy: OnFailure

You can also use the ECI Effect feature of Elastic Container Instance Profile to automatically add annotations to pods that can be matched by labels.

Sample configurations:

apiVersion: v1
kind: ConfigMap
metadata:
  name: eci-profile
  namespace: kube-system
data:
  vpcId: "vpc-xxx"
  securityGroupId: "sg-xxx"
  vswitchIds: "vsw-111,vsw-222"
  enableClusterIp: "false"
  enableHybridMode: "false"
  enablePrivateZone: "false"
  selectors: |
    [
        {
            "name":"custom-selector-1",
            "objectSelector":{
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_internet"
            }
        },
        {
            "name":"custom-selector-2",
            "namespaceSelector":{  
                "matchLabels":{
                    "eci":"true"
                }
            },
            "effect":{ 
             "annotations":{
                "k8s.aliyun.com/eci-network-config": "nat_vpc"
            }
          }
        }
    ]

The preceding example declares two selectors that can implement the following features:

If the pod has the eci=true label, the pod uses job-optimized elastic container instances whose network type is Internet.
If the namespace in which the pod is located has the eci=true label, the pod uses job-optimized elastic container instances whose network type is VPC.

For more information, see Configure Elastic Container Instance Profile.

Call an API operation to create a job-optimized elastic container instance

If you call the CreateContainerGroup API operation to create an elastic container instance, you can use tag-related parameters to configure a job-optimized instance. The following table describes these parameters. For more information, see CreateContainerGroup.

Parameter	Type	Example	Description
Tag.N.Key	String	eci_networkConfig	The key of tag N. If you set Tag.N.Key to `eci_networkConfig`, the instance is a job-optimized elastic container instance.
Tag.N.Value	String	nat_vpc	The value of tag N. If you set Tag.N.Key to `eci_networkConfig`, the Tag.N.Value parameter specifies the network type of the job-optimized elastic container instance. Valid values: none: N/A. nat_internet: Internet. nat_vpc: VPC. nat_internet_vpc: Internet and VPC.
VSwitchId	String	vsw-bp1xpiowfm5vo8o3c****	The ID of the vSwitch. If you set Tag.N.Value to `nat_vpc` or `nat_internet_vpc`, you must configure this parameter.
SecurityGroupId	String	sg-uf66jeqopgqa9hdn****	The ID of the security group. If you set Tag.N.Value to `nat_vpc` or `nat_internet_vpc`, you must configure this parameter.

Sample configurations:

Configurations when Tag.N.Value is set to none.

Tag.1.Key = eci_networkConfig,
Tag.1.Value = none

Configurations when Tag.N.Value is set to nat_internet.

Tag.1.Key = eci_networkConfig,
Tag.1.Value = nat_internet

Configurations when Tag.N.Value is set to nat_vpc.

Tag.1.Key = eci_networkConfig,
Tag.1.Value = nat_vpc
VSwitchId = vsw-bp1xpiowfm5vo8o3c****
SecurityGroupId = sg-uf66jeqopgqa9hdn****

Configurations when Tag.N.Value is set to nat_internet_vpc

Tag.1.Key = eci_networkConfig,
Tag.1.Value = nat_internet_vpc
VSwitchId = vsw-bp1xpiowfm5vo8o3c****
SecurityGroupId = sg-uf66jeqopgqa9hdn****

Use the Elastic Container Instances console to create a job-optimized elastic container instance

If you set the Billing Method parameter to Pay-as-you-go when you create a job-optimized elastic container instance on the elastic container instance buy page, you can set the Type of Instance parameter to Job Instance and then configure the network type.

Note

You cannot create multiple job-optimized elastic container instances at a time.

Description about the network types:

If you select N/A or Internet for Network Type, you do not need to configure the VPC, vSwitch, or security group.
If you select VPC or Internet and VPC for Network Type, to access the VPC from the elastic container instance, you must configure the VPC, vSwitch, and security group.