Container Service for Kubernetes:Overview of virtual nodes

Why do you need virtual nodes?

What is a virtual node?

Nodes are the basic units that provide compute and storage resources to run workloads in ACK clusters. In most cases, an ACK cluster has at least one Elastic Compute Service (ECS) node pool. After a pod is created, the kubelet schedules the pod to an ECS node in the node pool. This scheduling mode is suitable for applications that receive a stable volume of traffic. However, this scheduling mode cannot handle traffic spikes, even though ACK can scale out ECS instances. This is because the creation and startup of ECS instances is time-consuming. With the help of virtual nodes, you can directly schedule pods to elastic container instances. This simplifies node O&M, eliminates idle nodes, and reduces the resource cost.

A virtual node encapsulates compute resources by using the ack-virtual-node component. This way, you can deploy workloads without the need to worry about the infrastructure. ack-virtual-node will automatically schedule pods to elastic container instances. Elastic Container Instance is a serverless container service. Each elastic container instance is equivalent to a pod. To deploy applications on elastic container instances, you only need to provide a Docker image to deploy containers and pay for resources consumed by the containers.

Benefits

Virtual nodes provide the following benefits.

• O&M-free: You do not need to manage and maintain infrastructure resources. In addition, virtual nodes are hosted resources. You do not need to perform regular node O&M operations for virtual nodes, such as system updates and patch installation.

• Ultra-large capacity: You can scale out to 50,000 pods in a cluster without any plans in advance.

  Important

  If your pods are associated with large numbers of Services, we recommend that you keep less than 20,000 pods in the cluster.

• Second-level scaling: You can create thousands of pods within a short period of time to handle traffic spikes.

• Security isolation: You can deploy pods on elastic container instances. Instances on which pods are deployed are isolated from each other by using lightweight virtual sandboxes.

• Cost reduction: Pods are created on demand and billed on a pay-as-you-go basis. The serverless architecture helps prevent resource waste and reduce O&M costs.

Scenarios

Virtual nodes are suitable for the following scenarios based on their characteristics and benefits.

• Online businesses

  For online businesses that need to frequently handle traffic spikes, such as online education and e-commerce, using virtual nodes can prevent system overloading caused by failures to scale out resources during peak hours and avoid resource waste during off-peak hours.

• Data processing

  If you use virtual nodes to handle large numbers of online concurrent tasks, such as Spark and Presto tasks, you no longer need to worry about the cost of underlying resources. You can deploy thousands of pods within a short period of time to handle big data businesses.

• AI jobs

  If you use virtual nodes, you do not need to reserve resources for long-term AI jobs that are thirst for large amounts of compute resources, such as model training and model inference jobs. Resources can be deployed on demand and billed on a per-second basis to reduce costs. In addition, resources can be scaled out within seconds to handle unexpected jobs.

• CI/CD testing

  You can use virtual nodes to create and release container instances anytime in order to handle batch test tasks for CI/CD, such as CI packaging, stress tests, and simulation tests. Resources can be deployed on demand and billed on a per-second basis. This enables you to provision massive resources at a low cost.

• Jobs and CronJobs

  Jobs and CronJobs are automatically terminated after they are completed. The pods created by Jobs and CronJobs are also deleted. If you use virtual nodes, after a Job or CronJob is completed, resource billing automatically stops and the compute resources are released to avoid incurring unexpected costs.

Limits

Take note of the following limits before you use virtual nodes.

• ACK Serverless clusters do not support DaemonSets. You can replace DaemonSets with sidecar containers.

• You cannot specify HostPath or HostNetwork in pod manifests.

• ACK Serverless clusters do not support privileged containers. You can use a security context to add capabilities to a pod.

  Note

  The privileged container feature is in internal preview. To use this feature, submit a ticket.

• ACK Serverless clusters do not support NodePort Services or Session Affinity feature.

• ACK Serverless clusters do not support the China South Finance, or Alibaba Gov Cloud regions.

Billing

The virtual node feature is free of charge. An ACK cluster management fee is charged when you use virtual nodes. In addition, Alibaba Cloud services, such as Elastic Container Instance, Virtual Private Cloud (VPC), and Server Load Balancer (SLB), that are used by virtual nodes are also billed. For more information about the fees for running pods on elastic container instances, see Billing overview.

Quick start

You can refer to Schedule pods to elastic container instances that are deployed as virtual nodes to quickly learn how to schedule pods to virtual nodes.

1. Install the ack-virtual-node component to enable the virtual node feature.

2. Add a label to pods or the namespace to schedule pods to elastic container instances that serve as virtual nodes.

References

• Configure Elastic Container Instance-based pods

  • Create an ECI profile, a ConfigMap named eci-profile, to batch configure Elastic Container Instance-based pods, such as the security groups and zones of the pods. After the configurations are updated, newly created Elastic Container Instance-based pods immediately take effect without the need to restart. The existing Elastic Container Instance-based pods take effect after a roll update. For more information, see Configure an eci-profile.

  • You can add pod annotations to use some Elastic Container Instance features, such as specifying elastic container instance types, enabling image cache to accelerate pod creation, assigning IPv6 addresses to Elastic Container Instance-based pods, and expanding the ephemeral storage. For more information, see ECI Pod Annotation.

• Configure pod scheduling policies in node colocation scenarios

  ACK provides multiple scheduling policies. You can schedule the pods of an application only to virtual nodes. You can also schedule pods to pay-as-you-go or subscription ECS nodes, schedule pods to virtual nodes when ECS nodes are out of stock, and scale in pods in the reverse order. To select a proper scheduling policy, see Introduction and comparison of virtual node-based scheduling solutions.

• Schedule pods to nodes that use the specified OS or architecture

  • Schedule pods to nodes that use the specified architecture: By default, ACK schedules all pods to x86-based nodes. Pods become pending when x86 nodes are insufficient. To schedule pods to ARM-based virtual nodes, see Schedule workloads to ARM-based virtual nodes.

  • Schedule pods to nodes that use the specified OS: To schedule pods to Windows nodes, add Windows virtual nodes to the cluster and then schedule pods to the virtual nodes. For more information, see (In invitational preview) Schedule pods to run on Windows virtual nodes.

FAQ

If you have any questions when using virtual nodes, see FAQ about virtual nodes.

• How do I use virtual nodes to implement high availability for a service deployed across zones?

• Do virtual nodes support GPU resources?

• How do I prioritize ECS instances over elastic container instances for pod scheduling and prioritize elastic container instances over ECS instances for pod scale-in?

• What do I do if certificate verification fails when a virtual node pulls images from a self-managed image repository over HTTPS?

• After I create an Elastic Container Instance-based pod by specifying the number of vCPUs and memory size, is the pod billed based on the resource specification or the actual resource usage?

• Why is the available memory of Elastic Container Instance-based pods less than the specified memory?