All Products
Search
Document Center

Elastic Container Instance:FAQ

Last Updated:Jul 11, 2022

This topic provides answers to some commonly asked questions about Elastic Container Instance, such as questions about billing, instances, containers, images, network, and storage.

How is an elastic container instance that runs jobs billed?

After job or CronJob containers run to completion, the elastic container instances enter the Succeeded or Failed state. You are not charged for these instances regardless of whether they are deleted.

The billing duration of the elastic container instances starts when container images are downloaded by using the docker pull command and ends when these instances stop running and enter the Succeeded or Failed state. For more information, see Overview.

How do I view vCPU quotas and quota usage by virtual nodes?

The maximum number of elastic container instances that you can create and the maximum number of pods allowed on a virtual node are determined based on your quota and usage of vCPUs within a specific region. Elastic Container Instance share vCPU quotas with ECS.If a quota cannot meet your business requirements, you can submit a ticket to apply for a quota increase.

You can perform the following operations to view quotas in the Elastic Container Instance console:

  1. Log on to the Elastic Container Instance console.

  2. In the top navigation bar, select a region.

  3. In the left-side navigation pane, click Privileges and Quotas.

The quotas and quota usage are displayed on the Privileges and Quotas page, as shown in the following figure.

Image 2

How do I troubleshoot a ValueExceeded error?

If the quota is insufficient when you create an elastic container instance, a ValueExceeded error occurs.You can submit a ticket to apply for a quota increase.

How do I accelerate the creation of elastic container instances?

Problem description:

On a standard node, a pod can be created within 3 seconds. However, it takes more than 10 seconds to start an elastic container instance that was created from an image cache.

Cause analysis:

This situation is normal. When you request to create a pod on a standard node, the system does not apply for resources but directly creates containers on the node. When you request to create an elastic container instance, the system first applies for the required resources. If you specify multiple zones, the system tries the specified zones one by one to find a zone where available resources are sufficient to create the instance.

The system must spend more time in creating the instance if the system has to retry in different zones due to insufficient resources. To avoid this problem, we recommend that you start with a zone that has sufficient available resources when you specify multiple zones.

How do I create an elastic container instance with a 1:1 vCPU-to-memory ratio?

You cannot create an elastic container instance with a 1:1 vCPU-to-memory ratio by using the Elastic Container Instance console. However, you can create this type of instances by calling API operations or using Kubernetes. For information about the vCPU and memory specifications that you can specify when you create elastic container instances with a 1:1 vCPU-to-memory ratio, see Specify the number of vCPUs and memory size to create an elastic container instance.

How do I create a GPU-accelerated elastic container instance?

You can specify GPU-accelerated ECS instance types to create GPU-accelerated elastic container instances. For more information, see Create a GPU-accelerated elastic container instance.

Note

You cannot create a GPU-accelerated elastic container instance by using the Elastic Container Instance console. However, you can create this type of instances by calling API operations or using Kubernetes.

How do I view the ID of an elastic container instance that is created in Kubernetes?

In Kubernetes, one pod is one elastic container instance. You can use one of the following methods to view the ID of an elastic container instance:

  • Method 1: Run a kubectl command

    1. Log on to your Kubernetes cluster.

    2. Run the kubectl describe pod command to query pod details.

      Note

      You can also run the kubectl describe pod [pod name] command to query the details of a specified pod. Replace [pod name] with the name of the pod that you want to query.

    3. View the ID of the elastic container instance in the Annotations section of the pod details.

      The value of the k8s.aliyun.com/eci-instance-id field is the ID of the elastic container instance. The ID is in the eci-xxxx format. Example:

      View the instance ID
  • Method 2: Use the Elastic Container Instance console

    1. Log on to the Elastic Container Instance console.

    2. In the top navigation bar, select a region.

    3. In the left-side navigation pane, click Container Group.

    4. On the Container Group page, enter a pod name in the search box to query the corresponding elastic container instance, and then view the instance ID.

      The container group ID is the instance ID. The ID is in the eci-xxxx format. Example:

      View the ID of an elastic container instance in the console

Why do the instance specifications displayed in the Elastic Container Instance console differ from those displayed in monitoring data?

Problem description:

You have created an elastic container instance that has 0.5 vCPU and 1 GiB of memory. However, the instance specifications displayed in monitoring data are 2 vCPUs and 2 GiB of memory.

Cause analysis:

This situation is normal. Two vCPUs and 2 GiB of memory are the specifications of the virtual machine, not the specifications of the elastic container instance. If you specify 0.5 vCPU and 1 GiB of memory as the specifications for an elastic container instance when you purchase the instance, the instance can use only the resources of the specified specifications.

How do I avoid an OperationDenied.NoStock error?

If resources are sold out in the current region and zone when you create an elastic container instance, an OperationDenied.NoStock error occurs. We recommend that you specify multiple instance types across multiple zones when you create elastic container instances. For more information, see Create an elastic container instance by specifying multiple zones and Create an elastic container instance by specifying multiple instance types.

What do I do if the "Back-off restarting failed container" event repeatedly occurs?

If a container created from a specified image does not have a daemon process, the container exits immediately after it starts. As a result, the container continuously restarts and the "Back-off restarting failed container" event keeps occurring.

You must configure commands used to start the containers that are created from base images such as CentOS and BusyBox images. For more information, see Create an elastic container instance by using a CentOS image.

A pod is scheduled to the virtual-kubelet node but fails to run on the node. What do I do?

Problem description:

In a Kubernetes cluster deployed with the virtual-kubelet node or a Serverless Kubernetes (ASK) cluster, the following issue may occur: A pod is scheduled to the virtual-kubelet node but no events are generated. In this case, you must query the logs of the virtual-kubelet node and troubleshoot the issue based on the logs.

Note

If an event is generated, you can troubleshoot the issue based on the event.

Solution:

  1. On the Clusters page of the Container Service for Kubernetes (ACK) console, find the cluster and choose More >Open Cloud Shell in the Actions column.

  2. Run the following command to obtain the name of the virtual-kubelet pod:

    kubectl -n kube-system get pods

    faq-vk-log-4
  3. Run the following command to obtain the logs of the pod. Replace ack-virtual-node-controller-xxxxxxxxxx with the pod name obtained in Step 2.

    kubectl -n kube-system logs ack-virtual-node-controller-xxxxxxxxxx

    faq-vk-log-5
  4. Troubleshoot the issue based on the latest error messages in the logs. Alternatively, submit a ticket and provide the request ID and error messages to Alibaba Cloud technical support.

    faq-vk-log-6

What do I do if a pod remains in the Pending state after it is created?

Problem description:

A pod remains in the Pending state for several hours after it was created. The pod event list or instance event list shows that the issue occurs because the connection to the API server times out when you mount a volume.

Solution:

This issue is caused by a poor connection between the instance and the API server. You can perform the following operations to troubleshoot the issue:

  • Check whether the pod and the API server of the cluster are deployed in the same virtual private cloud (VPC).

  • If you have configured access control for the server load balancer (SLB) instance of the cluster, make sure that the CIDR block of the pod is added to the access control list (ACL).

In a Kubernetes cluster, kube-proxy and CoreDNS are scheduled to the virtual node but fail to start. What do I do?

When Kubernetes schedules kube-proxy and CoreDNS, Kubernetes ignores their taints and may schedule kube-proxy and CoreDNS to virtual nodes. To solve this issue, you can add the following content to the YAML files of kube-proxy and CoreDNS:

affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet

Why does the authentication configured in the ingress controller of an ASK cluster not take effect?

Problem description:

The nginx.ingress.kubernetes.io/auth-url annotation is set in nginx-ingress but does not take effect.

Cause analysis:

In ASK, ingress controllers provide load balancing capabilities based on SLB instances and do not support URL authentication.

ACK supports URL authentication.

Does Elastic Container Instance support private images?

Yes, Elastic Container Instance supports private images.

You can create your own images in Alibaba Cloud Container Registry. You can also build your own image repositories.

Can I update image caches?

No, you cannot modify or update image caches. To modify or update an image cache, we recommend that you create a desired image cache and delete the original one.

Can I change the security group of an elastic container instance?

No, you cannot change the security groups of elastic container instances. To use an elastic container instance in a different security group, create an identical elastic container instance in that security group.

How do I access an elastic container instance over the Internet?

To allow your elastic container instance to access external resources or be accessed by external resources over the Internet, you must associate an EIP with the elastic container instance or attach a Network Address Translation (NAT) gateway to the VPC where the elastic container instance resides. For more information, see Enable Internet access.

Do elastic container instances support port mapping?

No, elastic container instances do not support port mapping.

  • You can use the IP address of an elastic container instance and a container port number to access the instance from a client within the same VPC. The container port is enabled by default.

  • To allow your elastic container instance to access external resources or be accessed by external resources over the Internet, you must associate an EIP with the elastic container instance or attach a NAT gateway to the VPC where the elastic container instance resides. For more information, see Enable Internet access.

After a cluster is upgraded, the service IP address cannot be pinged. What do I do?

Before October 2020, each service IP address was assigned to a virtual network interface controller and could be pinged. As of October 2020, service IP addresses were made present only in IP Virtual Server (IPVS) rules to optimize high concurrency. Service IP addresses can no longer be pinged. IPVS forwards requests based on IP addresses and port numbers and cannot forward ping packets.

Can an elastic container instance share an Apsara File Storage NAS file system with an ECS instance?

Yes, elastic container instances can share Apsara File Storage NAS file systems with ECS instances. You can configure mount targets for the file systems and mount them to different services.

Do elastic container instances support data persistence?

Yes, elastic container instances support data persistence. You can create stateful applications on elastic container instances. You can add volumes when you create elastic container instances, and then write data to the volumes for persistence. For more information, see Volume.

How can I mount volumes?

If an elastic container instance requires high I/O performance of the storage and needs to store large numbers of temporary files such as log files generated at runtime, we recommend that you mount an external volume to the instance. You can select disks, NAS file systems, and Object Storage Service (OSS) buckets as external volumes that are mounted to the elastic container instance based on your business requirements.

Does Elastic Container Instance support the ephemeral-storage parameter to modify temporary storage?

No, Elastic Container Instance does not support the ephemeral-storage parameter. By default, 40 GiB of temporary storage is provided. You can perform the following operations to increase the temporary storage capacity:

  1. Create an image cache and specify the image cache size.

  2. Create an elastic container instance by using the image cache.

    The created instance has a temporary storage capacity equal to the image cache size.

Why are elastic container instance logs not collected?

If you have set the aliyun_logs_{Logstore name} environment variable of Log Service in a pod but no elastic container instance logs are found in Log Service, it may be due to the following causes:

  • Short runtime of the elastic container instance

If the job container is running to completion within 20 seconds after the elastic container is started, the container may exit and the log-related volume may be unmounted before logs are collected. As a result, Log Service fails to collect logs.

  • Collection path error

If you specify the environment variable for a pod to collect logs for the first time, Elastic Container Instance automatically creates a Logstore and a path in Log Service. Only this path can be used when you create another pod. If another path is used, Log Service does not collect logs. You can change the path together with the Logstore itself. Elastic Container Instance then automatically creates a new Logstore in Log Service.