If you want to manage nodes in groups and simplify node O&M, you can enable the managed node pool feature of Container Service for Kubernetes (ACK) for your cluster to automate node O&M tasks, such as OS Common Vulnerabilities and Exposures (CVE) patching, kubelet updates, and node restarts. Compared with regular node pools, managed node pools provide custom O&M capabilities.
Introduction to managed node pools
Use scenarios
Users focus on application development instead of the O&M of worker nodes.
Users require elasticity instead of immutability for workloads. The pods of their applications are insensitive to node changes and are tolerant to migrations.
Architecture
Usage notes
Preparations
Managed node pools can run automated O&M tasks within the maintenance window of the cluster. On the Node Pools page in the ACK console, select a managed node pool and click Configure Managed Node Pool in the Actions column. In the dialog box that appears, you can configure the maintenance window of the cluster.
The OS CVE patching feature of managed node pools is dependent on Security Center. You must purchase the Ultimate edition of Security Center and ensure a sufficient quota of servers that can be protected by Security Center. ACK does not charge additional fees. For more information, see Purchase Security Center and Functions and features.
We recommend that you enable the event center so that you can receive alert notifications about managed node pools. For more information about how to enable the event center, see Event monitoring.
We recommend that you install ack-node-problem-detector so that the system can detect node anomalies. For more information about ack-node-problem-detector, see ack-node-problem-detector.
Usage notes
Node pool update
Managed node pools update nodes by replacing the system disks of the nodes. After the nodes are updated, the data stored on the previous system disks is deleted. The data disks that are mounted to the nodes are not affected. Do not use system disks to persist data.
Draining
Before a managed node pool replaces the system disk of a node, the node pool disables and drains the node. This may restart the pods on the node and interrupt persistent connections. Before a node is updated by replacing the system disk of the node, ACK runs the
kubectl cordoncommand or uses the ACK console to set the node as unschedulable. Then, ACK evicts the pods on the node. We recommend that you deploy multiple replicas of the backend service across multiple nodes, and configure Pod Disruption Budgets (PDB) for critical applications to avoid impacting the overall availability of the service when pods are evicted from the nodes.Auto repair
A managed node pool monitors the status of nodes in the node pool. If the status of a node is not reported for more than 10 minutes or a node is in the NotReady state, ACK restarts the node to restore the workloads on the node. In this case, the pods on the node are restarted.
Differences between managed node pools and regular node pools
ACK provides regular node pools and managed node pools. To change the type of a node pool, go to the Node Pools page in the ACK console, find the node pool that you want to manage, and then click Enable Managed Node Pool or Disable Managed Node Pool in the Actions column.
Regular node pool: You can use a regular node pool to manage a collection of nodes that have the same configurations, such as specifications, labels, and taints. You can manually manage and maintain the nodes in a regular node pool.
Managed node pool: Compared with regular node pools, managed node pools provide automated O&M features, such as auto high-risk vulnerability patching and auto node repair.
NoteManaged node pools help simplify your O&M work. However, you may still need to manually fix some complex node issues. For more information about auto node repair, see Auto repair of managed node pools.
The following table compares managed node pools and regular node pools.
Comparison | Regular node pool | Managed node Pool |
O&M | Managed by users | Partially managed by ACK. |
Node repair | Manually performed | Node anomalies are automatically detected and repaired. You can configure whether to allow node restarts to repair nodes. |
OS CVE patching | Manually triggered | OS CVE patching can be automatically triggered to patch high-severity, medium-severity, and low-severity vulnerabilities. |
Minor kubelet version update | Manually performed | Minor kubelet version updates can be automatically performed. |
containerd update | Manually performed | containerd updates can be automatically performed. By default, major OS CVE vulnerabilities in containerd are automatically patched. |
Response to Elastic Compute Service (ECS) system events | Manually respond to ECS system events | Automatically respond to ECS system events. The following types of system events are supported:
|
References
For more information about how to create, view, modify, scale, delete, and add existing nodes to or remove nodes from a node pool, see Node pool management.
For more information about node pool updates, auto repair of manage node pools, and OS CVE patching of node pools, see Node pool O&M.
For more information about the best practices for associating deployment sets with node pools, the best practices for preemptible instance-based node pools, and how to add free nodes to node pools, see Best practices for node pools.
For more information about the FAQ about nodes and node pools, see FAQ about nodes and node pools.