Azure Container Instances (ACI) provides a hosted environment for running containers in Azure. When using ACI, there is no need to manage the underlying compute infrastructure since Azure handles this management overhead. When running containers in ACI, users are charged based on the container lifecycle in seconds.
The ACI provider for the Virtual Kubelet configures ACI service as a virtual node in a Kubernetes cluster. Hence, pods scheduled on the virtual node can be run on ACI instances. This configuration allows users to take advantage of both the capabilities of Kubernetes and the management value and cost benefit of ACI.
Virtual Kubelet's ACI provider relies heavily on the feature set that ACI service provides. Please check the Azure documentations for region availability, pricing and new features. The list here presents a sample reference for the features that ACI provider supports. Note: Users should NOT expect feature parities between Virutal Kubelet and real Kubernetes Kubelet.
Please follow this offical document to install virtual node for an AKS cluster using Azure Portal.
Please follow this offical document to install virtual node for an AKS cluster using Azure CLI.
In the following cases, users may need to install Virtual Kubelet manually.
Note: Mannually installed virtual nodes are NOT managed by AKS anymore, they will not be upgraded automatically.
We do not support non-AKS Kubernetes. If you have specific requests for those clusters, please file an issue to describe the needs.
To validate that the Virtual Kubelet has been installed, check and find the virtual node in the Kubernetes cluster.
kubectl get nodes
NAME STATUS ROLES AGE VERSION
virtual-kubelet-aci-linux Ready agent 2m v1.13.1
aks-nodepool1-XXXXXXXX-0 Ready agent 22h v1.12.6
aks-nodepool1-XXXXXXXX-1 Ready agent 22h v1.12.6
aks-nodepool1-XXXXXXXX-2 Ready agent 22h v1.12.6
Create a test Pod virtual-kubelet-test.yaml
.
apiVersion: v1
kind: Pod
metadata:
name: helloworld
spec:
containers:
- image: microsoft/aci-helloworld
imagePullPolicy: Always
name: helloworld
resources:
requests:
memory: 1G
cpu: 1
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/role: agent
beta.kubernetes.io/os: linux
type: virtual-kubelet
tolerations:
- key: virtual-kubelet.io/provider
operator: Exists
- key: azure.com/aci
effect: NoSchedule
Note that virtual nodes are tainted by default to avoid unexpected pods running on them, i.e., kube-proxy
. To schedule a pod to them, you need to add the toleration to the pod spec and a node selector:
...
nodeSelector:
kubernetes.io/role: agent
beta.kubernetes.io/os: linux
type: virtual-kubelet
tolerations:
- key: virtual-kubelet.io/provider
operator: Exists
- key: azure.com/aci
effect: NoSchedule
If your image is in a private registry, you need to add a kubernetes secret to your cluster and reference it in the pod spec.
...
spec:
containers:
- name: aci-helloworld
image: <registry name>.azurecr.io/aci-helloworld:v1
ports:
- containerPort: 80
imagePullSecrets:
- name: <K8 secret name>
Run the application.
kubectl apply -f virtual-kubelet-test.yaml
Note that the helloworld
pod is running on the virtual-kubelet
node.
NAME READY STATUS RESTARTS AGE IP NODE
aci-helloworld-2559879000-XXXXXX 1/1 Running 0 39s 52.179.XXX.XXX virtual-kubelet-aci-linux
If the AKS cluster was configured with a virtual network, then the output will look like the following. The container instance will get a private IP rather than a public one.
NAME READY STATUS RESTARTS AGE IP NODE
aci-helloworld-9b55975f-XXXXX 1/1 Running 0 4m 10.241.XXX.XXX virtual-kubelet-aci-linux
To validate that the container is running in an Azure Container Instance, use the [az container list][az-container-list] Azure CLI command.
az container list -o table