All Products
Search
Document Center

Container Service for Kubernetes:Overview of managed node pools

Last Updated:May 30, 2024

If you want to manage nodes in groups and simplify node O&M, you can enable the managed node pool feature of Container Service for Kubernetes (ACK) for your cluster to automate node O&M tasks, such as OS Common Vulnerabilities and Exposures (CVE) patching, kubelet updates, and node restarts. Compared with regular node pools, managed node pools provide custom O&M capabilities.

Introduction to managed node pools

Use scenarios

  • Users focus on application development instead of the O&M of worker nodes.

  • Users require elasticity instead of immutability for workloads. The pods of their applications are insensitive to node changes and are tolerant to migrations.

Architecture

托管节点池

Usage notes

Preparations

  • Managed node pools can run automated O&M tasks within the maintenance window of the cluster. On the Node Pools page in the ACK console, select a managed node pool and click Configure Managed Node Pool in the Actions column. In the dialog box that appears, you can configure the maintenance window of the cluster.

  • The OS CVE patching feature of managed node pools is dependent on Security Center. You must purchase Security Center Enterprise Edition or higher and ensure a sufficient quota of servers that can be protected by Security Center. ACK does not charge additional fees. For more information, see Purchase Security Center and Functions and features.

  • We recommend that you enable the event center so that you can receive alert notifications about managed node pools. For more information about how to enable the event center, see Event monitoring.

  • We recommend that you install ack-node-problem-detector so that the system can detect node anomalies. For more information about ack-node-problem-detector, see ack-node-problem-detector.

Usage notes

  • Node pool update

    Managed node pools update nodes by replacing the system disks of the nodes. After the nodes are updated, the data stored on the previous system disks is deleted. The data disks that are mounted to the nodes are not affected. Do not use system disks to persist data.

  • Draining

    Before a managed node pool replaces the system disk of a node, the node pool disables and drains the node. This may restart the pods on the node and interrupt persistent connections. Before a node is updated by replacing the system disk of the node, ACK runs the kubectl cordon command or uses the ACK console to set the node as unschedulable. Then, ACK evicts the pods on the node. If the pods are not evicted within 30 minutes, ACK forcefully replaces the system disk.

  • Auto repair

    A managed node pool monitors the status of nodes in the node pool. If the status of a node is not reported for more than 10 minutes or a node is in the NotReady state, ACK restarts the node to restore the workloads on the node. In this case, the pods on the node are restarted.

Comparison between managed node pools and regular node pools

ACK provides regular node pools and managed node pools. To change the type of a node pool, go to the Node Pools page in the ACK console, find the node pool that you want to manage, and then click Enable Managed Node Pool or Disable Managed Node Pool in the Actions column.

  • Regular node pool: You can use a regular node pool to manage a collection of nodes that have the same configurations, such as specifications, labels, and taints. You can manually manage and maintain the nodes in a regular node pool.

  • Managed node pool: Compared with regular node pools, managed node pools provide automated O&M features, such as auto high-risk vulnerability patching and auto node repair.

    Note

    Managed node pools help simplify your O&M work. However, you may still need to manually fix some complex node issues. For more information about auto node repair, see Auto repair of managed node pools.

The following table compares managed node pools and regular node pools.

Comparison

Regular node pool

Managed node Pool

O&M

Managed by users.

Partially managed by ACK.

Node repair

Manually performed

Node anomalies are automatically detected and repaired. You can configure whether to allow node restarts to repair nodes.

OS CVE patching

Manually triggered

OS CVE patching can be automatically triggered to patch high-severity, medium-severity, and low-severity vulnerabilities.

Minor kubelet version update

Manually performed.

Minor kubelet version updates can be automatically performed.

containerd update

Manually performed.

containerd updates can be automatically performed. By default, major OS CVE vulnerabilities in containerd are automatically patched.

ContainerOS image ID update

Not supported.

ContainerOS images used by managed node pools are automatically updated to the latest version to ensure that up-to-date OS images are used by newly added nodes.

References

  • For more information about how to create, view, modify, scale, delete, and add existing nodes to or remove nodes from a node pool, see Node pool management.

  • For more information about node pool updates, auto repair of manage node pools, and OS CVE patching of node pools, see Node pool O&M.

  • For more information about the best practices for associating deployment sets with node pools, the best practices for preemptible instance-based node pools, and how to add free nodes to node pools, see Best practices for node pools.

  • For more information about the FAQ about nodes and node pools, see FAQ about nodes and node pools.