Elastic Container Instance provides basic container runtimes for Kubernetes clusters. Each elastic container instance is a pod. This topic describes the basic configurations, lifecycle, and limits of an elastic container instance.
Basic configurations
Virtual Kubelet is an open source implementation of the Kubernetes Kubelet. Virtual nodes are created by using Virtual Kubelet, allowing elastic container instances to function as pods in Kubernetes clusters. These virtual nodes support configurations such as specifications, images, storage, and networking.
Specifications
The specifications include vCPUs and memory configurations that determine the computing performance of pods. When you create a pod, you can specify the number of vCPUs and memory size, or specify an Elastic Compute Service (ECS) instance type to meet special requirements, such as the requirements for GPUs and local disks. Different billing methods apply to these specification types. For more information, see Billing of elastic container instances.
Resources in Elastic Container Instance can be created in different ways. Select a method based on your business requirements. For more information, see Create an elastic container instance.
Images
A pod can contain up to 20 containers. Before you deploy a container application, you must prepare a container image. A container image contains the programs, library files, and configurations that are required to run containerized applications. Before you pull images, make sure that the network is accessible. We recommend that you use ImageCache to accelerate the startup and pod creation.
Pull images
When an elastic container instance starts, its containerd pulls container images from a remote image repository. To pull public images, make sure that the elastic container instance has Internet access. You can configure a public Network Address Translation (NAT) gateway for the virtual private cloud (VPC) where the elastic container instance is deployed. Additionally, you can associate an elastic IP address (EIP) with the elastic container instance to pull public images.
We recommend that you store container images in Container Registry to pull images more rapidly through a VPC. In addition, You can pull private images from Container Registry without a Secret. This ensures high efficiency for image pulling. For more information, see Pull images from a Container Registry instance without using a Secret and Use managed-aliyun-acr-credential-helper to pull images without using a secret.
Image cache
Elastic Container Instance provides an image cache feature that allows you to create a cache snapshot from an image. This cache snapshot can be used to create an elastic container instance, eliminating or reducing the need to download image layers and therefore accelerating the creation process. By default, ACK Serverless clusters are deployed with ImageCache CustomResourceDefinition (CRD) to enable this feature. For more information, see Use ImageCache to accelerate the creation of elastic container instances.
Storage
Temporary storage
By default, a pod is allocated 30 GiB of free memory for temporary storage, which is occupied by the container image to start the elastic container instance. You can increase the memory size for temporary storage based on your business requirements. For more information, see Scale up the temporary storage space.
Persistent storage
You can share or retain the stored files by mounting volumes to elastic container instances. In ACK Serverless clusters, use the CSI plug-in to mount Alibaba Cloud storage volumes, such as disks,File Storage NAS (NAS) file systems, and Object Storage Service (OSS) buckets. For more information, see CSI overview.
For more information about storage configurations in elastic container instances, see Storage.
Networks
Private IP address
A pod uses an elastic network interface (ENI) of a vSwitch in the VPC to which the pod belongs. When you create a pod, a private IP address is randomly assigned from the appropriate vSwitch. The vSwitch is selected based on the
k8s.aliyun.com/eci-vswitchfield in pod annotations, followed by PodNetworking and eci-profile configurations in that order. For more information about how to specify a private IP address or use a fixed one, see Specify a private IP address for a pod and Configure a fixed IP address for a pod.Internet access
By default, a pod is assigned an internal IP address. If a pod needs to access the Internet, for example, to pull public images, you must associate an elastic IP address (EIP) with the pod, or associate a network address translation (NAT) gateway with the VPC to which the pod belongs. For more information, see Enable Internet access for pods.
IPv6 address
Elastic Container Instance supports IPv6 addresses, offering a larger pool of available IP addresses compared to IPv4. For more information, see Assign an IPv6 address to an Elastic Container Instance-based pod.
For more information about network configurations in elastic container instances, see Network.
Containers
You can configure container startup commands, liveness and readiness probes, and security contexts for a pod to use predefined arguments, similar to how it is done in Kubernetes. For more information about container configurations in elastic container instances, see Container configurations.
Manage lifecycle
In the lifecycle of pods, the pods have different status in different stages. For more information about the status of pods in Elastic Container Instance and the corresponding status of Kubernetes pods, see Lifecycle of a pod.
Limits
Elastic Container Instance does not support some Kubernetes features such as hostPaths and DaemonSets due to security limits of Alibaba Cloud public cloud and limits imposed by virtual nodes. The following table describes the unsupported features.
Unsupported feature | Description | Recommended alternative |
HostPath | Allows you to mount files from on-premises hosts to containers. | Use emptyDir volumes, disks, or File Storage NAS (NAS) file systems. |
HostNetwork | Allows you to map a host port to a container. | Create a Service of the LoadBalancer type. |
DaemonSet | Allows you to deploy a static pod on the host of a container. | Deploy multiple images in a pod by using sidecar containers. |
Service of the NodePort type | Allows you to map a host port to a container. | Create a Service of the LoadBalancer type. |
For more information, see Limits.
Pod orchestration
Improper changes to YAML files related to your business may cause unexpected problems. To avoid this issue, Elastic Container Instance provides eci-profile configuration files. eci-profile allows you to configure elastic container instances within a cluster and orchestrate pods based on selectors. For more information, see Configure eci-profile.
Extended features
Data cache
This feature allows you to create a cache of a large amount of business data, such as model training data. When you create an elastic container instance, you can mount and use the cached data. This reduces the startup time of the instance and prevents repeated data downloads, reduceing the costs of using the instance. For more information, see Data cache overview.
ECI pod annotation
When you schedule pods of a Kubernetes cluster to run on an elastic container instance, you can add annotations to the pods to make full use of the features of Elastic Container Instance. Make sure that the annotations comply with Kubernetes syntax. For more information about annotations supported by Elastic Container Instance, see ECI pod annotation.
Annotations can be added manually during pod creation or automatically through eci-profile configurations that match pod labels.