ACI Bridge for Kubernetes is an open-source connector that enables Kubernetes clusters to deploy Azure Container Instances.
This enables on-demand and nearly instantaneous container compute, orchestrated by Kubernetes, without having VM infrastructure to manage and while still leveraging the portable Kubernetes API. This will allow you to utilize both VMs and container instances simultaneously in the same K8s cluster, giving you the best of both worlds.
Please note this software is experimental and should not be used for anything resembling a production workload.
The ACI Bridge roughly mimics the Kubelet interface by:
- Registering into the Kubernetes data plane as a
Node
with unlimited capacity - Dispatching scheduled
Pods
to Azure Container Instances instead of a VM-based container engine
Once the bridge is registered as a node called aci-bridge
, you can use nodeName: aci-bridge
in
your Pod spec run the Pod via ACI. Pods without this node selector will continue to be scheduled normally.
- A working
az
command-line client - A Kubernetes cluster with a working
kubectl
- Edit
examples/aci-bridge.yaml
and supply environment variables - Run the ACI Bridge with
kubectl create -f examples/aci-bridge.yaml
- Wait for
kubectl get nodes
to display theaci-bridge
node - Run an NGINX pod via ACI using
kubectl create -f examples/nginx-pod.yaml
- Access the NGINX pod via its public address
A service principal is required to allow the ACI Bridge to create resources in your Azure subscription.
You can create one using the az
CLI using the instructions below.
Find your subscriptionId
with the az
CLI:
$ az account list -o table
Name CloudName SubscriptionId State IsDefault
----------------------------------------------- ----------- ------------------------------------ ------- -----------
Pay-As-You-Go AzureCloud 12345678-9012-3456-7890-123456789012 Enabled True
Use az
to create a Service Principal that can perform operations on your subscription:
$ az ad sp create-for-rbac --role=Contributor --scopes /subscriptions/<subscription-id>
{
"appId": "<redacted>",
"displayName": "azure-cli-2017-07-19-19-13-19",
"name": "http://azure-cli-2017-07-19-19-13-19",
"password": "<redacted>",
"tenant": "<redacted>"
}
Edit the examples/aci-bridge.yaml
and input environment variables using the values above:
- AZURE_CLIENT_ID:
- AZURE_CLIENT_KEY:
- AZURE_TENANT_ID:
- AZURE_SUBSCRIPTION_ID:
The ACI Bridge will create each container instance in a specified resource group. You can create a new resource group with:
$ az group create -n aci-test -l westus
{
"id": "/subscriptions/<subscriptionId>/resourceGroups/aci-test",
"location": "westus",
"managedBy": null,
"name": "aci-test",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null
}
Edit the examples/aci-bridge.yaml
and put the name of the resource group into the ACI_RESOURCE_GROUP
environment variable.
$ kubectl create -f examples/aci-bridge.yaml
pod "aci-bridge" created
$ kubectl get nodes -w
NAME STATUS AGE VERSION
aci-bridge Ready 3s 1.6.6
k8s-agentpool1-31868821-0 Ready 5d v1.7.0
k8s-agentpool1-31868821-1 Ready 5d v1.7.0
k8s-agentpool1-31868821-2 Ready 5d v1.7.0
k8s-master-31868821-0 Ready,SchedulingDisabled 5d v1.7.0
$ kubectl create -f examples/nginx-pod.yaml
pod "nginx" created
$ kubectl get po -w -o wide
NAME READY STATUS RESTARTS AGE IP NODE
aci-bridge 1/1 Running 0 44s 10.244.2.21 k8s-agentpool1-31868821-2
nginx 1/1 Running 0 31s 13.88.27.150 aci-bridge
Note the pod is scheduled on the aci-bridge
node. It should now be accessible at the public IP listed.
<edit source>
$ make clean
$ make build
$ tsc bridge.ts
$ node bridge.js
make docker-build
docker tag <local-image> <remote-image>
docker push <remote-image>
Then edit examples/aci-bridge.yaml
to point to the remote-image
.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.